<div dir="ltr">Cool!<div><br></div><div> The problem seems to be:</div><div><br></div><div><br></div><div> GRE (VXLAN too?) tunnel of Data Network (between Instance and its namespace router) doesn't work with default mtu=1500. ???</div>
<div><br></div><div><br></div><div> It was fixed and there are two solutions for this problem (as I'm seeing... I didn't patched ovs_lib.py), as follows:<br></div><div><br></div><div><br></div><div> 1- (Easier / + generic?) Lower the mtu to 1450 for Instances or;</div>
<div> </div><div> 2- (Recommended?) Enable Jumbo Frames for Data Network (your IPv4 subnet where OVS GRE/VXLAN tunnel flows).</div><div><br></div><div><br></div><div> Both solutions have fixed the issue for me. I'm sticking with Jumbo Frames, problem fixed (plus performance boost? I'll test it more)...</div>
<div><br></div><div><br></div><div>About 1- To lower the mtu for the Instances, add the following line to dhcp_agent.ini:</div><div><br></div><div>---</div><div>dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf<br>
</div>
<div>---</div><div><br></div><div> And write dnsmasq-neutron.conf with:</div><div><br></div><div>---</div><div>dhcp-option-force=26,1450<br></div><div>---</div><div><br></div><div><br></div><div> About 2- Enable Jumbo Frames on interfaces X / Y (of "Data Network" / "local_ip var subnet")...</div>
<div><br></div><div><br></div><div> I think that the IceHouse install document should add a note about this issue, maybe here: <a href="http://docs.openstack.org/icehouse/install-guide/install/apt/content/neutron-ml2-network-node.html">http://docs.openstack.org/icehouse/install-guide/install/apt/content/neutron-ml2-network-node.html</a></div>
<div><br></div><div><div>Should I fill a documentation bug?</div></div><div><br></div><div>Thanks!</div><div>Thiago</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 20 May 2014 17:56, McCann, Jack <span dir="ltr"><<a href="mailto:jack.mccann@hp.com" target="_blank">jack.mccann@hp.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">Yes. Personally I’d lean toward jumbo frames if you have that flexibility.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">- Jack<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-family:"Courier New""><u></u> <u></u></span></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Martinx -
</span><span style="font-size:10.0pt;font-family:"MS UI Gothic","sans-serif"">ジェームズ</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> [mailto:<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>]
<br>
<b>Sent:</b> Tuesday, May 20, 2014 2:36 PM<br>
<b>To:</b> McCann, Jack</span></p><div><div class="h5"><br>
<b>Subject:</b> Re: [Openstack] IceHouse Neutron L3 - Connectivity issue<u></u><u></u></div></div><p></p>
</div>
</div><div><div class="h5">
<p class="MsoNormal"><u></u> <u></u></p>
<div>
<p class="MsoNormal">BTW Jack, do you think that, lowering the MTU for the Instances (via dhcp_agent) and / or enabling jumbo-frames for DATA NETWORK (GRE / VXLAN tunnels), might also help to solve this issue?!<u></u><u></u></p>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">-<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> Thiago<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On 20 May 2014 14:36, Martinx - <span style="font-family:"MS Gothic"">
ジェームズ</span> <<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>> wrote:<u></u><u></u></p>
<div>
<p class="MsoNormal">Cool! I'll try that tonight... Tks!<u></u><u></u></p>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
<div>
<p class="MsoNormal">On 20 May 2014 14:00, McCann, Jack <<a href="mailto:jack.mccann@hp.com" target="_blank">jack.mccann@hp.com</a>> wrote:<u></u><u></u></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">We ran into an issue (change of default behavior) with GRE/VxLAN tunnel</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">fragmentation when we moved to the 3.13 kernel. One workaround for this</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">issue is to set "options:df_default=false" on the ovs tunnels, see [1].</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">Fragmenting those packets is not ideal, but it would be interesting to</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">see if this is the problem you’re running into.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">- Jack</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> </span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Courier New"">[1]
<a href="https://review.openstack.org/#/c/75281/9/neutron/agent/linux/ovs_lib.py" target="_blank">
https://review.openstack.org/#/c/75281/9/neutron/agent/linux/ovs_lib.py</a></span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-family:"Courier New""> </span><u></u><u></u></p>
<div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Martinx -
</span><span style="font-size:10.0pt;font-family:"MS UI Gothic","sans-serif"">ジェームズ</span><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> [mailto:<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>]
<br>
<b>Sent:</b> Tuesday, May 20, 2014 12:03 PM<br>
<b>To:</b> Jason Bishop<br>
<b>Cc:</b> <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
<b>Subject:</b> Re: [Openstack] IceHouse Neutron L3 - Connectivity issue</span><u></u><u></u></p>
</div>
</div>
<div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">Apparently we're all facing the same issue. The fact is, Neutron is too much complex...<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Back with Havana, we faced this: <a href="https://bugs.launchpad.net/neutron/+bug/1252900" target="_blank">https://bugs.launchpad.net/neutron/+bug/1252900</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">But now, with Ubuntu 14.04 + IceHouse, seems to be a different problem.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">"Neutron + GRE or VXLAN", is very hard to stabilize and doesn't scale very well...<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I'm seeing that it works better with "VLAN / Flat Networks" (i.e. without using the Neutron Network Node as Instance's default gateway). I'll try it instead...<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Maybe James Denton, from Rackspace, might help us again! :-P<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Best!<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Thiago<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <u></u><u></u></p>
<div>
<p class="MsoNormal">On 20 May 2014 11:21, Jason Bishop <<a href="mailto:jason.bishop@gmail.com" target="_blank">jason.bishop@gmail.com</a>> wrote:<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
<div>
<p class="MsoNormal">that happened to me too. maybe same root cause?<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">see <a href="http://ubuntuforums.org/showthread.php?t=2223789" target="_blank">http://ubuntuforums.org/showthread.php?t=2223789</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">cheers<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">jason<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <u></u><u></u></p>
<div>
<div>
<div>
<p class="MsoNormal">On Mon, May 19, 2014 at 10:59 PM, Martinx -
<span style="font-family:"MS Gothic"">ジェームズ</span> <<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>> wrote:<u></u><u></u></p>
</div>
</div>
<blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div>
<div>
<div>
<p class="MsoNormal">I managed to login into a Ubuntu Instance via `SPICE Console` and there is more network outages from within it, take a look ("apt-get update" froze too):<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">--<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="http://i.imgur.com/IeEXIjR.png" target="_blank">http://i.imgur.com/IeEXIjR.png</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">--<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Am I missing something?!<u></u><u></u></p>
</div>
</div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"> <u></u><u></u></p>
<div>
<p class="MsoNormal">On 20 May 2014 02:47, Martinx -
<span style="font-family:"MS Gothic"">ジェームズ</span> <<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>> wrote:<u></u><u></u></p>
<div>
<p class="MsoNormal">Hey Stackers!<u></u><u></u></p>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I'm facing a weird network issue here, with
<b>IceHouse</b> and <i>Neutron L3</i>... Using "Per-Project Router with Private Networks"... <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I am unable to connect via SSH into an Instance, from its own "Project Namespace Router", look:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">--<u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">root@net-controller-1:~# ip netns exec qrouter-c252886a-1fd0-45dd-9e3b-4233786e7960 ssh -i ~/pem
<a href="mailto:ubuntu@192.168.1.17" target="_blank">ubuntu@192.168.1.17</a> -v</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">debug1: Reading configuration data /etc/ssh/ssh_config</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">debug1: /etc/ssh/ssh_config line 19: Applying options for *</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">debug1: Connecting to 192.168.1.17 [192.168.1.17] port 22.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">debug1: Connection established.</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">debug1: permanently_set_uid: 0/0</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">debug1: identity file /root/pem type -1</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">debug1: identity file /root/pem-cert type -1</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">debug1: Enabling compatibility mode for protocol 2.0</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p1 Ubuntu-2ubuntu1</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">debug1: match: OpenSSH_6.6p1 Ubuntu-2ubuntu1 pat OpenSSH_6.5*,OpenSSH_6.6* compat 0x14000000</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">debug1: SSH2_MSG_KEXINIT sent</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">...<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">...<u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal">...ssh stucked!!!<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">...<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">--<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">The SSH connection froze at "<span style="font-family:"Courier New"">debug1: SSH2_MSG_KEXINIT sent</span>" and it never establishes...<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">From its attached `Floating IP`, the symptom is the same, I can't connect via SSH into a Instance, I tried it with 12.04 and 14.04, same result for both...<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">The Instance looks good from SPICE Consoles (but I need to login with "ubuntu user" via network first, using ssh key).<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">-<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I'm running tcpdump on both "qr-$INT" and at the Compute Node DATA NETWORK, to see the GREv0 traffic too, here it is:<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<div>
<p class="MsoNormal">--<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">root@net-controller-1:~# ip netns exec qrouter-c252886a-1fd0-45dd-9e3b-4233786e7960 tcpdump -v -ni qr-eeb0d2f3-42</span><u></u><u></u></p>
</div>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="http://paste.openstack.org/show/80969/" target="_blank">http://paste.openstack.org/show/80969/</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">NOTE: From the line ~16 to 32, SSH was already frozen...<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">--<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Courier New"">root@compute-node-1:~# tcpdump -ni eth1 | grep -v IP6</span><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><a href="http://paste.openstack.org/show/80970/" target="_blank">http://paste.openstack.org/show/80970/</a><u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">--<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">What can I do to deep investigate this?!<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I double checked everything, including OVS bridges, sysctl.conf, `<span style="font-family:"Courier New"">ethtool --offload ethX gro off</span>` and etc... Don't know what's is
wrong...<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">I think that this is the last problem I'm facing with IceHouse, I would like to put it into prod but, I am unable to do it right now... :-/<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Tks in advance!<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Best,<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Thiago<u></u><u></u></p>
</div>
</div>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt">_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><u></u><u></u></p>
</blockquote>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div></div></div>
</div>
</div>
</blockquote></div><br></div>