Created a LXD cluster with OVN but my container on certain cluster node isn't connectivity to internet

sangya_tao · February 29, 2024, 1:08am

I’ve created a LXD cluster with three nodes using OVN.
Container on cluster node-2 can ping other containers on the same private network, but cannot ping 114.114.114.114. when I change node-1’s role to ovn-chassis, the container on cluster node-1 cannot ping 114.114.114.114.

I’ve create a available physical network Ex.

 [root@node-1 ~]# lxd network show Ex
config:
  ipv4.gateway: 192.168.6.1/24
  ipv4.ovn.ranges: 192.168.6.151-192.168.6.170
  ipv4.routes: 192.168.6.0/24,0.0.0.0/0
  user.created_at: 2024-02-22T16:18:05
  user.created_by: admin
  user.ipv4_address: 192.168.6.0/24
  user.ipv4_ranges: 192.168.6.95-192.168.6.150
  user.netcard_config: '{"node-1": "Ex", "node-3": "Ex", "node-2": "Ex"}'
  user.role: business
  user.updated_at: 2024-02-22T16:18:05
  volatile.last_state.created: "false"
description: ""
name: Ex
type: physical
used_by:
- /1.0/networks/zy-p
managed: true
status: Created
locations:
- node-1
- node-2
- node-3

[root@node-1 ~]# lxd network show zy-p
config:
  bridge.mtu: "1442"
  ipv4.address: 11.11.11.1/24
  ipv4.dhcp: "true"
  ipv4.nat: "true"
  ipv6.address: fd42:3cf6:63c5:3da3::1/64
  ipv6.nat: "true"
  network: Ex
  user.created_at: 2024-02-22T15:29:58
  user.created_by: admin
  user.name: P_net
  user.updated_at: 2024-02-22T15:29:58
  volatile.network.ipv4.address: 192.168.6.151
description: ""
name: zy-p
type: ovn
used_by:
- /1.0/instances/zy-Pnet-ocs-0
- /1.0/instances/zy-Pnet-ocs-3
- /1.0/instances/zy-Pnet-ocs-6
managed: true
status: Created
locations:
- node-1
- node-2
- node-3

[root@node-1 ~]# lxd ls
+---------------+---------+----------------------+------------------------------------------------+-----------+-----------+----------+
|     NAME      |  STATE  |         IPV4         |                      IPV6                      |   TYPE    | SNAPSHOTS | LOCATION |
+---------------+---------+----------------------+------------------------------------------------+-----------+-----------+----------+
| zy-Pnet-ocs-0 | RUNNING | 11.11.11.10 (eth0)   | fd42:3cf6:63c5:3da3:e082:2a4:1c1e:ca4e (eth0)  | CONTAINER | 0         | node-1   |
+---------------+---------+----------------------+------------------------------------------------+-----------+-----------+----------+
| zy-Pnet-ocs-3 | RUNNING | 11.11.11.13 (eth0)   |                                                | CONTAINER | 0         | node-2   |
+---------------+---------+----------------------+------------------------------------------------+-----------+-----------+----------+
| zy-Pnet-ocs-6 | RUNNING | 11.11.11.16 (eth0)   |                                                | CONTAINER | 0         | node-3   |
+---------------+---------+----------------------+------------------------------------------------+-----------+-----------+----------+

the cluster node can ping 192.168.6.151.

[root@node-1 ~]# ping 192.168.6.151
PING 192.168.6.151 (192.168.6.151) 56(84) bytes of data.
64 bytes from 192.168.6.151: icmp_seq=1 ttl=254 time=1.28 ms
64 bytes from 192.168.6.151: icmp_seq=2 ttl=254 time=0.627 ms
^C
--- 192.168.6.151 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.627/0.955/1.283/0.328 ms

[root@node-2 ~]# ping 192.168.6.151
PING 192.168.6.151 (192.168.6.151) 56(84) bytes of data.
64 bytes from 192.168.6.151: icmp_seq=1 ttl=254 time=0.959 ms
64 bytes from 192.168.6.151: icmp_seq=2 ttl=254 time=0.557 ms
^C
--- 192.168.6.151 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.557/0.758/0.959/0.201 ms

[root@node-3 ~]# ping 192.168.6.151
PING 192.168.6.151 (192.168.6.151) 56(84) bytes of data.
64 bytes from 192.168.6.151: icmp_seq=1 ttl=254 time=1.09 ms
64 bytes from 192.168.6.151: icmp_seq=2 ttl=254 time=0.614 ms
^C
--- 192.168.6.151 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.614/0.850/1.087/0.236 ms

[root@manager-controller ~]# ovn-sbctl show
Chassis "ab5e3b16-494a-406d-a410-42f60a08dc2b"
    hostname: node-2
    Encap geneve
        ip: "10.0.172.2"
        options: {csum="true"}
    Port_Binding lxd-net5-instance-8ac6b2f4-7e9b-4c99-9875-c052519fcba7-eth-79fb98ebb6
    Port_Binding cr-lxd-net5-lr-lrp-ext
    Port_Binding lxd-net5-instance-0c643b98-d0b1-452b-85d4-852e88f405f2-eth-f2129f604e
    Port_Binding lxd-net5-instance-16ba7f75-1dfa-456a-998d-0efafef7d40f-eth-124f266a19
Chassis "5439eab0-453b-4bd0-b720-2f265f072ba3"
    hostname: node-3
    Encap geneve
        ip: "10.0.172.3"
        options: {csum="true"}
    Port_Binding lxd-net5-instance-1604fb3c-74e4-4adf-b71a-24319c0c130c-eth-1747103a1b
    Port_Binding lxd-net5-instance-9a6dd052-8d74-4e58-9166-0c6525a9f540-eth-3397ab2a26
    Port_Binding lxd-net5-instance-89e6fd53-db91-4e3f-a2b6-38389bf4d12c-eth-2bcc816967
    Port_Binding lxd-net5-instance-31dc7bdd-8298-4300-b5fb-85a3d19c37cd-eth-e11cfecbe0
    Port_Binding lxd-net5-instance-eaa7ece1-a255-41a5-89da-2a87203ef291-eth-e3c1c2b300
Chassis "adcafd81-996b-4b49-a055-1f92feebdbc5"
    hostname: node-1
    Encap geneve
        ip: "10.0.172.1"
        options: {csum="true"}
    Port_Binding lxd-net5-instance-d3c3f522-45de-4f6e-a1c3-dfa8e41f80d2-eth-55a75b4454
    Port_Binding lxd-net5-instance-c50febd8-623c-4037-b69e-f856f83e1856-eth-3ecbca353c
    Port_Binding lxd-net5-instance-83946725-b129-4f3f-9bc6-5903dd459266-eth-acdf55d884
    Port_Binding lxd-net5-instance-b59c91b8-9c13-452d-9e63-2afb04f0096d-eth-3337d05013

[root@node-1 ~]# lxd exec zy-Pnet-ocs-0 bash
[root@Pnet-ocs-0 ~]# ping 114.114.114.114
PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data.
64 bytes from 114.114.114.114: icmp_seq=1 ttl=62 time=23.2 ms
64 bytes from 114.114.114.114: icmp_seq=2 ttl=88 time=19.4 ms
^C
--- 114.114.114.114 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 19.433/21.327/23.222/1.894 ms

[root@node-1 ~]# lxd exec zy-Pnet-ocs-3 bash
[root@Pnet-ocs-3 ~]# ping 114.114.114.114
PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data.
^C
--- 114.114.114.114 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7282ms

[root@node-1 ~]# lxd exec zy-Pnet-ocs-6 bash
[root@Pnet-ocs-6 ~]# ping 114.114.114.114
PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data.
64 bytes from 114.114.114.114: icmp_seq=1 ttl=64 time=26.6 ms
64 bytes from 114.114.114.114: icmp_seq=2 ttl=65 time=20.6 ms
^C
--- 114.114.114.114 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 20.575/23.611/26.648/3.036 ms