How does OpenStack Floating IP assocation work underneath?

Question

I created ~10 nodes DevStack installation to learn more about how OpenStack manages the networking. I created some VMS, and verified them on some host like following:

virsh # list
 Id    Name                           State
----------------------------------------------------
 2     instance-0000001b              running
 3     instance-0000001f              running
 4     instance-00000024              running
 5     instance-0000002c              running

I have associated a floaring IP to instance id 2, I verified it by looking its openstack id and matching with output of virsh dumpxml 2. It has teh following floating IP: 172.16.6.12 and local ip: 10.4.128.11

I see it uses vnet0:

   <interface type='bridge'>
      <mac address='fa:16:3e:a1:f8:65'/>
      <source bridge='br100'/>
      <target dev='vnet0'/>
      <model type='virtio'/>
      <filterref filter='nova-instance-instance-0000001b-fa163ea1f865'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>

Doing ifconfig vnet0, it shows no IP address:

vnet0     Link encap:Ethernet  HWaddr fe:16:3e:a1:f8:65  
          inet6 addr: fe80::fc16:3eff:fea1:f865/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:70 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44216 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:7232 (7.2 KB)  TX bytes:29123311 (29.1 MB)

As I execute ip addr , I see the IP address is defined in the bridge, br100 .

4: br100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether d8:50:e6:c3:22:ee brd ff:ff:ff:ff:ff:ff
    inet 10.4.128.13/20 brd 10.4.143.255 scope global br100
       valid_lft forever preferred_lft forever
    inet 172.16.0.101/21 brd 172.16.7.255 scope global br100
       valid_lft forever preferred_lft forever
    inet 172.16.6.12/32 scope global br100
       valid_lft forever preferred_lft forever
    inet 172.16.6.19/32 scope global br100
       valid_lft forever preferred_lft forever
    inet6 fe80::80b6:99ff:fef7:dc16/64 scope link 
       valid_lft forever preferred_lft forever
5: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br100 state UNKNOWN group default qlen 500
    link/ether fe:16:3e:a1:f8:65 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc16:3eff:fea1:f865/64 scope link 
       valid_lft forever preferred_lft forever

• 172.16.0.101/21 : The host IP
• 172.16.6.12/32: The VM Floating IP

However, where is the assocation that vnet0 --> 172.16.6.12 (floating IP) ? Why the traffic coming to 172.16.6.19 do not go to 172.16.6.12,

I looked for iptables rules, but there is nothing indicating vnet0 or the floating ip. How is this done? I see they are bridged with brctl, but there is no IP-MAC association I can see. It is not even in arp tables. I looked into iptables or listening ports if any forwarding is done is userspace, but it is not.

bridge name bridge id       STP enabled interfaces
br100       8000.d850e6c322ee   no      eth0
                                        vnet0
                                        vnet1
                                        vnet2
                                        vnet3

Answer 1

Okay I found it. I forgot to look at iptables NAT rules, it uses to forward given floating ips to that veth devices.