[Openstack] LinuxBridge dropping packets between the bridge and the tap.

Martinx - ジェームズ thiagocmartinsc at gmail.com
Wed Jul 8 02:30:21 UTC 2015


I don't know if it will help but, tcpdump shows:

NOTE: I re-created the "stack", so, the IDs have changed but, the problem
remains...

For "brq44b54ac7-c4":

---
time tcpdump -c 100 -eni brq44b54ac7-c4

...... NORMAL TRAFFIC (I guess)....
......
02:12:38.415680 1c:df:0f:ef:bd:1b > 1c:df:0f:ef:b9:1b, ethertype IPv4
(0x0800), length 363: 192.168.4.66.62521 > 192.168.13.16.18457: Flags [P.],
seq 439562052:439562361, ack 3427842886, win 22919, length 309
02:12:38.417826 1c:df:0f:ef:b9:1b > 1c:df:0f:ef:bd:1b, ethertype IPv4
(0x0800), length 235: 192.168.13.16.18457 > 192.168.4.101.63781: Flags
[P.], seq 54:235, ack 1727, win 513, length 181
......

real    0m0.874s
user    0m0.004s
sys     0m0.000s
---

For its "tap0b5eb746-ed":

---
....
02:14:06.915717 1c:df:0f:ef:b9:1b > 01:00:5e:00:00:05, ethertype IPv4
(0x0800), length 134: 192.168.25.2 > 224.0.0.5: OSPFv2, Hello, length 84
02:14:08.505713 f4:ac:c1:ba:7b:83 > 01:00:0c:cc:cc:cd, 802.3, length 64:
LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui
Cisco (0x00000c), pid PVST (0x010b): STP 802.1w, Rapid STP, Flags [Learn,
Forward], bridge-id 6a4d.f4:ac:c1:ba:7b:80.8003, length 42
...

real    2m20.069s
user    0m0.004s
sys     0m0.016s
---

"brctl show" returns:

---
...
brq44b54ac7-c4          8000.ecf4bbd0417b       no              eth2.101
                                                        tap0b5eb746-ed
...
---


The first tcpdump takes about 1 second, the second, more than 2 minutes!
And the lines are very different...

I'm stucked... Since the "Instance #1" works, and its "duplicated
configuration - Instance #2", doesn't... I'm only changing the vlan id!
:-/

Switch configurations are okay, since I can see the packets arriving @ eth2
normally.

Maybe it is time to go back to OVS instead of Linux Bridges...   :-(

Thanks,
Thiago

On 7 July 2015 at 21:37, Martinx - ジェームズ <thiagocmartinsc at gmail.com> wrote:

> On 7 July 2015 at 21:00, Martinx - ジェームズ <thiagocmartinsc at gmail.com>
> wrote:
>
>> On 7 July 2015 at 20:51, Martinx - ジェームズ <thiagocmartinsc at gmail.com>
>> wrote:
>>
>>> Guys,
>>>
>>> I have an "all-in-one" OpenStack Juno setup, with LinuxBridges, where
>>> I'm planning to use it with two tagged networks.
>>>
>>> Like this:
>>>
>>> For "Instance #1", "brctl show" returns:
>>>
>>> ----
>>> root at openstack-1:~# brctl show
>>> bridge name     bridge id               STP enabled     interfaces
>>>
>>> brqfac384d5-cd          8000.ecf4bbd0417a       no              eth2.100
>>>
>>> tap47417a6d-3b
>>> ----
>>>
>>> For "Instance #2", "brctl show" returns:
>>>
>>> ----
>>> bridge name     bridge id               STP enabled     interfaces
>>>
>>> brq50721b16-1c          8000.ecf4bbd0417a       no              eth2.101
>>>
>>>  tap15f2960f-54
>>> ----
>>>
>>> "Instance #1" works as expected, I can see the the packets arriving
>>> inside the Instance attached to the TAP "tap15f2960f-54".
>>>
>>> Also, I can run "tcpdump -c 100 -eni tap15f2960f-54" or "tcpdump -c 100
>>> -eni brq50721b16-1c" to see the packets.
>>>
>>> BUT, my second "Instance #2" doesn't receive the packets!!
>>>
>>>
>>> # "Wire"
>>>
>>> If I run "tcpdump -c 100 -eni eth2", I can see both "vlan 100" and "vlan
>>> 101" packets arriving.
>>>
>>> # vlan 100 - okay
>>> If I run "tcpdump -c 100 -eni brqfac384d5-cd", as I said before, I can
>>> see the packets.
>>>
>>> If I run "tcpdump -c 100 -eni tap47417a6d-3b", as I said before, I can
>>> see the packets.
>>>
>>> # vlan 101 - not okay
>>> If I run "tcpdump -c 100 -eni brq50721b16-1c", I can see the packets.
>>>
>>> If I run "tcpdump -c 100 -eni tap15f2960f-54", BOOM! I am unable to see
>>> the packets!!
>>>
>>> --
>>>
>>>
>>> Why the packets are being dropped between "brq50721b16-1c" and
>>> "tap15f2960f-54" ???
>>>
>>> "ifconfig tap15f2960f-54" shows packets being dropped.
>>>
>>> "ifconfig tap47417a6d-3b" shows 0 packets being dropped.
>>>
>>>
>>> I already double checked everything!! Also, I tried to raise txqueue,
>>> checked ebtabled, iptables... I have no clue about whats going on here...
>>>
>>> I really appreciate any help!
>>>
>>> Thanks!
>>> Thiago
>>>
>>
>> BTW, the symptoms are weird... After a reboot (and starting the Intance
>> #2 with bigger txqueue from the beginning), I'm not seeing the packets
>> being dropped @ the tap interface but, they to not arrive anyway...
>>
>> I would love to know what can cause the packets arriving the "brqXXX-yy"
>> interface but not its "tapXXX-YY"... Very weird...
>>
>> Thanks in advance!
>>
>
> Also, I'm not using any kind of Security Groups or Firewall, my
> "ml2_conf.ini" looks likes this:
>
> ---
> .......
> [ml2_type_flat]
> flat_networks = external
>
> [ml2_type_vlan]
> network_vlan_ranges = physvlan2
>
> [securitygroup]
> enable_security_group = False
> enable_ipset = False
> firewall_driver = neutron.agent.firewall.NoopFirewallDriver
>
> [agent]
> tunnel_types = vxlan
>
> [vxlan]
> enable_vxlan = True
> local_ip = 10.0.1.31
> l2_population = True
>
> [l2pop]
> agent_boot_time = 180
>
> [linux_bridge]
> physical_interface_mappings = external:eth1,vxlan:dummy0,physvlan2:eth2
> ---
>
> Nova also doesn't make use of any firewall driver. So, the iptables rules
> here are just the bare minimal.
>
> My eth0 is the first network interface, it is the default gateway of the
> host itself (Horizon, APIs, etc, runs on top of eth0).
>
> The vxlan on top of a dummy0 interface works fine for this "all-in-one"
> deployment.
>
> The Instances attached to the "physvlan2:100:101" have two interfaces,
> vritual eth0 is vxlan, virtual eth1 is attached to physvlan2 (100 or 101),
> they can ping the Internet without problems.
>
> Thanks,
> Thiago
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150707/38c9c3e0/attachment.html>


More information about the Openstack mailing list