[Openstack] LinuxBridge dropping packets between the bridge and the tap.

Remo Mattei remo at italy1.com
Wed Jul 8 03:56:00 UTC 2015 

did you check your br iptables?
(they are called etables) here is a link it may help you.

http://ebtables.netfilter.org/br_fw_ia/br_fw_ia.html

Remo
> Martinx - ジェームズ <mailto:thiagocmartinsc at gmail.com>
> July 7, 2015 at 19:30
> I don't know if it will help but, tcpdump shows:
>
> NOTE: I re-created the "stack", so, the IDs have changed but, the
> problem remains...
>
> For "brq44b54ac7-c4":
>
> ---
> time tcpdump -c 100 -eni brq44b54ac7-c4
>
> ...... NORMAL TRAFFIC (I guess)....
> ......
> 02:12:38.415680 1c:df:0f:ef:bd:1b > 1c:df:0f:ef:b9:1b, ethertype IPv4
> (0x0800), length 363: 192.168.4.66.62521 > 192.168.13.16.18457: Flags
> [P.], seq 439562052:439562361, ack 3427842886, win 22919, length 309
> 02:12:38.417826 1c:df:0f:ef:b9:1b > 1c:df:0f:ef:bd:1b, ethertype IPv4
> (0x0800), length 235: 192.168.13.16.18457 > 192.168.4.101.63781: Flags
> [P.], seq 54:235, ack 1727, win 513, length 181
> ......
>
> real    0m0.874s
> user    0m0.004s
> sys     0m0.000s
> ---
>
> For its "tap0b5eb746-ed":
>
> ---
> ....
> 02:14:06.915717 1c:df:0f:ef:b9:1b > 01:00:5e:00:00:05, ethertype IPv4
> (0x0800), length 134: 192.168.25.2 > 224.0.0.5 <http://224.0.0.5>:
> OSPFv2, Hello, length 84
> 02:14:08.505713 f4:ac:c1:ba:7b:83 > 01:00:0c:cc:cc:cd, 802.3, length
> 64: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl
> 0x03: oui Cisco (0x00000c), pid PVST (0x010b): STP 802.1w, Rapid STP,
> Flags [Learn, Forward], bridge-id 6a4d.f4:ac:c1:ba:7b:80.8003, length 42
> ...
>
> real    2m20.069s
> user    0m0.004s
> sys     0m0.016s
> ---
>
> "brctl show" returns:
>
> ---
> ...
> brq44b54ac7-c4          8000.ecf4bbd0417b       no              eth2.101
>                                                         tap0b5eb746-ed
> ...
> ---
>
>
> The first tcpdump takes about 1 second, the second, more than 2
> minutes! And the lines are very different...
>
> I'm stucked... Since the "Instance #1" works, and its "duplicated
> configuration - Instance #2", doesn't... I'm only changing the vlan
> id!   :-/
>
> Switch configurations are okay, since I can see the packets arriving @
> eth2 normally.
>
> Maybe it is time to go back to OVS instead of Linux Bridges...   :-(
>
> Thanks,
> Thiago
>
>
> !DSPAM:1,559c8f3943821478921271!
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> !DSPAM:1,559c8f3943821478921271!
> Martinx - ジェームズ <mailto:thiagocmartinsc at gmail.com>
> July 7, 2015 at 17:37
> On 7 July 2015 at 21:00, Martinx - ジェームズ
> <thiagocmartinsc at gmail.com <mailto:thiagocmartinsc at gmail.com>> wrote:
>
> Also, I'm not using any kind of Security Groups or Firewall, my
> "ml2_conf.ini" looks likes this:
>
> ---
> .......
> [ml2_type_flat]
> flat_networks = external
>
> [ml2_type_vlan]
> network_vlan_ranges = physvlan2
>
> [securitygroup]
> enable_security_group = False
> enable_ipset = False
> firewall_driver = neutron.agent.firewall.NoopFirewallDriver
>
> [agent]
> tunnel_types = vxlan
>
> [vxlan]
> enable_vxlan = True
> local_ip = 10.0.1.31
> l2_population = True
>
> [l2pop]
> agent_boot_time = 180
>
> [linux_bridge]
> physical_interface_mappings = external:eth1,vxlan:dummy0,physvlan2:eth2
> ---
>
> Nova also doesn't make use of any firewall driver. So, the iptables
> rules here are just the bare minimal.
>
> My eth0 is the first network interface, it is the default gateway of
> the host itself (Horizon, APIs, etc, runs on top of eth0).
>
> The vxlan on top of a dummy0 interface works fine for this
> "all-in-one" deployment.
>
> The Instances attached to the "physvlan2:100:101" have two interfaces,
> vritual eth0 is vxlan, virtual eth1 is attached to physvlan2 (100 or
> 101), they can ping the Internet without problems.
>
> Thanks,
> Thiago
> !DSPAM:1,559c73b7319121044113558!
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> !DSPAM:1,559c73b7319121044113558!
> Martinx - ジェームズ <mailto:thiagocmartinsc at gmail.com>
> July 7, 2015 at 17:00
>
> BTW, the symptoms are weird... After a reboot (and starting the
> Intance #2 with bigger txqueue from the beginning), I'm not seeing the
> packets being dropped @ the tap interface but, they to not arrive
> anyway...
>
> I would love to know what can cause the packets arriving the
> "brqXXX-yy" interface but not its "tapXXX-YY"... Very weird...
>
> Thanks in advance!
> !DSPAM:1,559c69fe301462031411247!
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> !DSPAM:1,559c69fe301462031411247!
> Martinx - ジェームズ <mailto:thiagocmartinsc at gmail.com>
> July 7, 2015 at 16:51
> Guys,
>
> I have an "all-in-one" OpenStack Juno setup, with LinuxBridges, where
> I'm planning to use it with two tagged networks.
>
> Like this:
>
> For "Instance #1", "brctl show" returns:
>
> ----
> root at openstack-1:~# brctl show
> bridge name     bridge id               STP enabled     interfaces
>
> brqfac384d5-cd          8000.ecf4bbd0417a       no              eth2.100
>                                                                      
>   tap47417a6d-3b
> ----
>
> For "Instance #2", "brctl show" returns:
>
> ----
> bridge name     bridge id               STP enabled     interfaces
>
> brq50721b16-1c          8000.ecf4bbd0417a       no              eth2.101
>                                                                      
>    tap15f2960f-54
> ----
>
> "Instance #1" works as expected, I can see the the packets arriving
> inside the Instance attached to the TAP "tap15f2960f-54".
>
> Also, I can run "tcpdump -c 100 -eni tap15f2960f-54" or "tcpdump -c
> 100 -eni brq50721b16-1c" to see the packets.
>
> BUT, my second "Instance #2" doesn't receive the packets!!
>
>
> # "Wire"
>
> If I run "tcpdump -c 100 -eni eth2", I can see both "vlan 100" and
> "vlan 101" packets arriving.
>
> # vlan 100 - okay
> If I run "tcpdump -c 100 -eni brqfac384d5-cd", as I said before, I can
> see the packets.
>
> If I run "tcpdump -c 100 -eni tap47417a6d-3b", as I said before, I can
> see the packets.
>
> # vlan 101 - not okay
> If I run "tcpdump -c 100 -eni brq50721b16-1c", I can see the packets.
>
> If I run "tcpdump -c 100 -eni tap15f2960f-54", BOOM! I am unable to
> see the packets!!
>
> --
>
>
> Why the packets are being dropped between "brq50721b16-1c" and
> "tap15f2960f-54" ???
>
> "ifconfig tap15f2960f-54" shows packets being dropped.
>
> "ifconfig tap47417a6d-3b" shows 0 packets being dropped.
>
>
> I already double checked everything!! Also, I tried to raise txqueue,
> checked ebtabled, iptables... I have no clue about whats going on here...
>
> I really appreciate any help!
>
> Thanks!
> Thiago
> !DSPAM:1,559c69f7301311341913631!
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> !DSPAM:1,559c69f7301311341913631!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150707/186b376d/attachment.html>

More information about the Openstack mailing list