[Openstack] LinuxBridge dropping packets between the bridge and the tap.

Martinx - ジェームズ thiagocmartinsc at gmail.com
Wed Jul 8 00:37:14 UTC 2015


On 7 July 2015 at 21:00, Martinx - ジェームズ <thiagocmartinsc at gmail.com> wrote:

> On 7 July 2015 at 20:51, Martinx - ジェームズ <thiagocmartinsc at gmail.com>
> wrote:
>
>> Guys,
>>
>> I have an "all-in-one" OpenStack Juno setup, with LinuxBridges, where I'm
>> planning to use it with two tagged networks.
>>
>> Like this:
>>
>> For "Instance #1", "brctl show" returns:
>>
>> ----
>> root at openstack-1:~# brctl show
>> bridge name     bridge id               STP enabled     interfaces
>>
>> brqfac384d5-cd          8000.ecf4bbd0417a       no              eth2.100
>>
>> tap47417a6d-3b
>> ----
>>
>> For "Instance #2", "brctl show" returns:
>>
>> ----
>> bridge name     bridge id               STP enabled     interfaces
>>
>> brq50721b16-1c          8000.ecf4bbd0417a       no              eth2.101
>>
>>  tap15f2960f-54
>> ----
>>
>> "Instance #1" works as expected, I can see the the packets arriving
>> inside the Instance attached to the TAP "tap15f2960f-54".
>>
>> Also, I can run "tcpdump -c 100 -eni tap15f2960f-54" or "tcpdump -c 100
>> -eni brq50721b16-1c" to see the packets.
>>
>> BUT, my second "Instance #2" doesn't receive the packets!!
>>
>>
>> # "Wire"
>>
>> If I run "tcpdump -c 100 -eni eth2", I can see both "vlan 100" and "vlan
>> 101" packets arriving.
>>
>> # vlan 100 - okay
>> If I run "tcpdump -c 100 -eni brqfac384d5-cd", as I said before, I can
>> see the packets.
>>
>> If I run "tcpdump -c 100 -eni tap47417a6d-3b", as I said before, I can
>> see the packets.
>>
>> # vlan 101 - not okay
>> If I run "tcpdump -c 100 -eni brq50721b16-1c", I can see the packets.
>>
>> If I run "tcpdump -c 100 -eni tap15f2960f-54", BOOM! I am unable to see
>> the packets!!
>>
>> --
>>
>>
>> Why the packets are being dropped between "brq50721b16-1c" and
>> "tap15f2960f-54" ???
>>
>> "ifconfig tap15f2960f-54" shows packets being dropped.
>>
>> "ifconfig tap47417a6d-3b" shows 0 packets being dropped.
>>
>>
>> I already double checked everything!! Also, I tried to raise txqueue,
>> checked ebtabled, iptables... I have no clue about whats going on here...
>>
>> I really appreciate any help!
>>
>> Thanks!
>> Thiago
>>
>
> BTW, the symptoms are weird... After a reboot (and starting the Intance #2
> with bigger txqueue from the beginning), I'm not seeing the packets being
> dropped @ the tap interface but, they to not arrive anyway...
>
> I would love to know what can cause the packets arriving the "brqXXX-yy"
> interface but not its "tapXXX-YY"... Very weird...
>
> Thanks in advance!
>

Also, I'm not using any kind of Security Groups or Firewall, my
"ml2_conf.ini" looks likes this:

---
.......
[ml2_type_flat]
flat_networks = external

[ml2_type_vlan]
network_vlan_ranges = physvlan2

[securitygroup]
enable_security_group = False
enable_ipset = False
firewall_driver = neutron.agent.firewall.NoopFirewallDriver

[agent]
tunnel_types = vxlan

[vxlan]
enable_vxlan = True
local_ip = 10.0.1.31
l2_population = True

[l2pop]
agent_boot_time = 180

[linux_bridge]
physical_interface_mappings = external:eth1,vxlan:dummy0,physvlan2:eth2
---

Nova also doesn't make use of any firewall driver. So, the iptables rules
here are just the bare minimal.

My eth0 is the first network interface, it is the default gateway of the
host itself (Horizon, APIs, etc, runs on top of eth0).

The vxlan on top of a dummy0 interface works fine for this "all-in-one"
deployment.

The Instances attached to the "physvlan2:100:101" have two interfaces,
vritual eth0 is vxlan, virtual eth1 is attached to physvlan2 (100 or 101),
they can ping the Internet without problems.

Thanks,
Thiago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150707/670ac401/attachment.html>


More information about the Openstack mailing list