<html><head></head><body><div>Try this </div><div><br /></div><div>root@build network-scripts]# more ifcfg-eno1</div><div>TYPE=Ethernet</div><div>ONBOOT=yes</div><div>DEVICE=eno1</div><div>TYPE=OVSPort</div><div>DEVICETYPE=ovs</div><div>OVS_BRIDGE=mgmt-br</div><div>PROMISC=yes</div><div><br /></div><div><br /><br /><div class="acompli_signature">Remo</div></div><br /><br /><br />
<div class="gmail_quote">On Tue, Jul 7, 2015 at 10:57 PM -0700, "Martinx - ジェームズ" <span dir="ltr"><<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>></span> wrote:<br />
<br />
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="3D"ltr"">
<div dir="ltr">Hello Remo,<div><br /></div><div> Yes, I checked it. No ebtables or iptables rules here (no security groups, no firewalls)... I have "ACCEPT" for everything.</div><div><br /></div><div> Also, I disabled "rp_filter" and all files under "/proc/sys/net/bridge" subdir have "0".</div><div><br /></div><div> I did not find the root of this problem... I'm about to gave up on LinuxBridges (shot in the dark)...</div><div><br /></div><div> - The packets arrives at the "brq44b54ac7-c4" bridge but not at the "tap0b5eb746-ed" tap.</div><div><br /></div><div> Instance #2 have (doesn't work):</div><div><br /></div><div>----</div><div> <interface type='bridge'></div><div> <mac address='fa:16:3e:d8:81:b6'/></div><div> <source bridge='brq44b54ac7-c4'/></div><div> <target dev='tap0b5eb746-ed'/></div><div> ....</div><div> </interface></div><div>----</div><div><br /></div><div><div> - The packets arrives at the "brqfac384d5-cd" bridge AND at the "tap47417a6d-3b" tap.</div></div><div><br /></div><div>Instance #1 have (works as expected):</div><div><br /></div><div>----</div><div><div> <interface type='bridge'></div><div> <mac address='fa:16:3e:5f:9b:8d'/></div><div> <source bridge='brqfac384d5-cd'/></div><div> <target dev='tap47417a6d-3b'/></div><div> ....</div><div> </interface></div></div><div>----</div><div><br /></div><div> The only difference between "Instance #1" and "Instance #2", is the VLAN tag, nothing less, nothing more. I don't know why it works for #1, but not for #2.</div><div><br /></div><div> Also, I'm using a Heat template to start those environments, and of course, the only difference is the VLAN tag inside of each Heat template. So, I'm sure that both "stacks" have the very same setup.</div><div><br /></div><div> BTW, the "brctl showmacs" have the Instance's MAC listed there as expected.</div><div><br /></div><div> Thank you for your reply!</div><div><br /></div><div>Best,</div><div>Thiago</div></div><div class="gmail_extra"><br /><div class="gmail_quote">On 8 July 2015 at 00:56, Remo Mattei <span dir="ltr"><<a href="mailto:remo@italy1.com" target="_blank">remo@italy1.com</a>></span> wrote:<br /><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">did you check your br
iptables? <br />
<span>
</span>(they are called etables) here is a link it may help you.<br />
<br />
<a href="http://ebtables.netfilter.org/br_fw_ia/br_fw_ia.html" target="_blank">http://ebtables.netfilter.org/br_fw_ia/br_fw_ia.html</a><br />
<br />
Remo <br />
<blockquote style="border:0px none" type="cite">
<div style="margin:30px 25px 10px 25px"><div style="display:table;width:100%;border-top:1px solid #edeef0;padding-top:5px"> <div style="display:table-cell;white-space:nowrap;vertical-align:middle;width:100%">
<a href="mailto:thiagocmartinsc@gmail.com" style="color:#737f92!important;padding-right:6px;font-weight:bold;text-decoration:none!important" target="_blank">Martinx - ジェームズ</a></div> <div style="display:table-cell;white-space:nowrap;vertical-align:middle">
<font color="#9FA2A5"><span style="padding-left:6px">July 7, 2015 at
19:30</span></font></div> </div></div>
<div style="color:#888888;margin-left:24px;margin-right:24px"><div><div class="h5"><div dir="ltr">I don't know if
it will help but, tcpdump shows:<div><br /></div><div>NOTE: I re-created
the "stack", so, the IDs have changed but, the problem remains...<br /><div><br /></div><div>For
"brq44b54ac7-c4":</div><div><br /></div><div>---</div><div>time tcpdump
-c 100 -eni brq44b54ac7-c4<br /></div><div><br /></div><div>...... NORMAL
TRAFFIC (I guess)....</div><div>......</div><div><div>02:12:38.415680
1c:df:0f:ef:bd:1b > 1c:df:0f:ef:b9:1b, ethertype IPv4 (0x0800),
length 363: 192.168.4.66.62521 > 192.168.13.16.18457: Flags [P.], seq
439562052:439562361, ack 3427842886, win 22919, length 309</div><div>02:12:38.417826
1c:df:0f:ef:b9:1b > 1c:df:0f:ef:bd:1b, ethertype IPv4 (0x0800),
length 235: 192.168.13.16.18457 > 192.168.4.101.63781: Flags [P.],
seq 54:235, ack 1727, win 513, length 181</div></div><div>......</div><div><br /></div><div><div>real
0m0.874s</div><div>user 0m0.004s</div><div>sys 0m0.000s</div></div><div>---</div><div><br /></div><div>For
its "tap0b5eb746-ed":</div></div><div><br /></div><div>---</div><div>....</div><div><div>02:14:06.915717
1c:df:0f:ef:b9:1b > 01:00:5e:00:00:05, ethertype IPv4 (0x0800),
length 134: 192.168.25.2 > <a href="http://224.0.0.5" target="_blank">224.0.0.5</a>: OSPFv2, Hello, length 84</div><div>02:14:08.505713
f4:ac:c1:ba:7b:83 > 01:00:0c:cc:cc:cd, 802.3, length 64: LLC, dsap
SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco
(0x00000c), pid PVST (0x010b): STP 802.1w, Rapid STP, Flags [Learn,
Forward], bridge-id 6a4d.f4:ac:c1:ba:7b:80.8003, length 42</div></div><div>...</div><div><div><br /></div><div>real
2m20.069s</div><div>user 0m0.004s</div><div>sys 0m0.016s</div></div><div>---</div><div><br /></div><div>"brctl
show" returns:</div><div><br /></div><div>---</div><div>...</div><div><div>brq44b54ac7-c4
8000.ecf4bbd0417b no eth2.101</div><div>
tap0b5eb746-ed</div></div><div>...</div><div>---</div><div><br /></div><div><br /></div><div>The
first tcpdump takes about 1 second, the second, more than 2 minutes!
And the lines are very different...</div><div><br /></div><div>I'm
stucked... Since the "Instance #1" works, and its "duplicated
configuration - Instance #2", doesn't... I'm only changing the vlan id!
:-/</div><div><br /></div><div>Switch configurations are okay, since I
can see the packets arriving @ eth2 normally.</div><div><br /></div><div>Maybe
it is time to go back to OVS instead of Linux Bridges... :-(</div><div><br /></div><div>Thanks,</div><div>Thiago</div></div><div class="gmail_extra"><br /><br /></div></div></div>
<div>_______________________________________________<br />Mailing list:
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br />Post to
: <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br />Unsubscribe :
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br /><br /><br />!DSPAM:1,559c8f3943821478921271!<br /></div></div>
<div style="margin:30px 25px 10px 25px"><div style="display:table;width:100%;border-top:1px solid #edeef0;padding-top:5px"> <div style="display:table-cell;white-space:nowrap;vertical-align:middle;width:100%">
<a href="mailto:thiagocmartinsc@gmail.com" style="color:#737f92!important;padding-right:6px;font-weight:bold;text-decoration:none!important" target="_blank">Martinx - ジェームズ</a></div> <div style="display:table-cell;white-space:nowrap;vertical-align:middle">
<font color="#9FA2A5"><span style="padding-left:6px">July 7, 2015 at
17:37</span></font></div> </div></div>
<div style="color:#888888;margin-left:24px;margin-right:24px"><div dir="ltr"><span class=""><div>On 7 July
2015 at 21:00, Martinx - ジェームズ <span dir="ltr"><<a href="mailto:thiagocmartinsc@gmail.com" target="_blank">thiagocmartinsc@gmail.com</a>></span>
wrote:<br /></div><div class="gmail_extra"><br /></div></span><div><div class="h5"><div class="gmail_extra"><div class="gmail_extra">Also, I'm not using any
kind of Security Groups or Firewall, my "ml2_conf.ini" looks likes this:</div><div class="gmail_extra"><br /></div><div class="gmail_extra">---</div><div class="gmail_extra">.......</div><div class="gmail_extra">[ml2_type_flat]</div><div class="gmail_extra">flat_networks = external</div><div class="gmail_extra"><br /></div><div class="gmail_extra">[ml2_type_vlan]</div><div class="gmail_extra">network_vlan_ranges = physvlan2</div><div class="gmail_extra"><br /></div><div class="gmail_extra">[securitygroup]</div><div class="gmail_extra">enable_security_group = False</div><div class="gmail_extra">enable_ipset = False</div><div class="gmail_extra">firewall_driver
= neutron.agent.firewall.NoopFirewallDriver</div><div class="gmail_extra"><br /></div><div class="gmail_extra">[agent]</div><div class="gmail_extra">tunnel_types = vxlan</div><div class="gmail_extra"><br /></div><div class="gmail_extra">[vxlan]</div><div class="gmail_extra">enable_vxlan =
True</div><div class="gmail_extra">local_ip = 10.0.1.31</div><div class="gmail_extra">l2_population = True</div><div class="gmail_extra"><br /></div><div class="gmail_extra">[l2pop]</div><div class="gmail_extra">agent_boot_time
= 180</div><div class="gmail_extra"><br /></div><div class="gmail_extra">[linux_bridge]</div><div class="gmail_extra">physical_interface_mappings =
external:eth1,vxlan:dummy0,physvlan2:eth2</div><div class="gmail_extra">---</div><div class="gmail_extra"><br /></div><div class="gmail_extra">Nova also
doesn't make use of any firewall driver. So, the iptables rules here are
just the bare minimal.</div><div class="gmail_extra"><br /></div><div class="gmail_extra">My eth0 is the first network interface, it is the
default gateway of the host itself (Horizon, APIs, etc, runs on top of
eth0).</div><div class="gmail_extra"><br /></div><div class="gmail_extra">The
vxlan on top of a dummy0 interface works fine for this "all-in-one"
deployment.</div><div class="gmail_extra"><br /></div><div class="gmail_extra">The Instances attached to the "physvlan2:100:101"
have two interfaces, vritual eth0 is vxlan, virtual eth1 is attached to
physvlan2 (100 or 101), they can ping the Internet without problems.</div><div class="gmail_extra"><br /></div><div class="gmail_extra">Thanks,</div><div class="gmail_extra">Thiago</div></div></div></div></div>
!DSPAM:1,559c73b7319121044113558!
<div>_______________________________________________<br />Mailing list:
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br />Post to
: <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br />Unsubscribe :
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br /><br /><br />!DSPAM:1,559c73b7319121044113558!<br /></div></div>
<div style="margin:30px 25px 10px 25px"><div style="display:table;width:100%;border-top:1px solid #edeef0;padding-top:5px"> <div style="display:table-cell;white-space:nowrap;vertical-align:middle;width:100%">
<a href="mailto:thiagocmartinsc@gmail.com" style="color:#737f92!important;padding-right:6px;font-weight:bold;text-decoration:none!important" target="_blank">Martinx - ジェームズ</a></div> <div style="display:table-cell;white-space:nowrap;vertical-align:middle">
<font color="#9FA2A5"><span style="padding-left:6px">July 7, 2015 at
17:00</span></font></div> </div></div>
<div style="color:#888888;margin-left:24px;margin-right:24px"><span class=""><div dir="ltr"><div class="gmail_extra"><br /></div><div class="gmail_extra">BTW, the symptoms
are weird... After a reboot (and starting the Intance #2 with bigger
txqueue from the beginning), I'm not seeing the packets being dropped @
the tap interface but, they to not arrive anyway...<div><br /></div><div>I
would love to know what can cause the packets arriving the "brqXXX-yy"
interface but not its "tapXXX-YY"... Very weird...</div><div><br /></div><div>Thanks
in advance!</div></div></div></span>
!DSPAM:1,559c69fe301462031411247!
<div>_______________________________________________<br />Mailing list:
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br />Post to
: <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br />Unsubscribe :
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br /><br /><br />!DSPAM:1,559c69fe301462031411247!<br /></div></div>
<div style="margin:30px 25px 10px 25px"><div style="display:table;width:100%;border-top:1px solid #edeef0;padding-top:5px"> <div style="display:table-cell;white-space:nowrap;vertical-align:middle;width:100%">
<a href="mailto:thiagocmartinsc@gmail.com" style="color:#737f92!important;padding-right:6px;font-weight:bold;text-decoration:none!important" target="_blank">Martinx - ジェームズ</a></div> <div style="display:table-cell;white-space:nowrap;vertical-align:middle">
<font color="#9FA2A5"><span style="padding-left:6px">July 7, 2015 at
16:51</span></font></div> </div></div>
<div style="color:#888888;margin-left:24px;margin-right:24px"><div><div class="h5"><div dir="ltr">Guys,<div><br /></div><div>I
have an "all-in-one" OpenStack Juno setup, with LinuxBridges, where I'm
planning to use it with two tagged networks.</div><div><br /></div><div>Like
this:</div><div><br /></div><div>For "Instance #1", "brctl show" returns:</div><div><br /></div><div>----</div><div><div>root@openstack-1:~#
brctl show</div><div>bridge name bridge id STP
enabled interfaces</div></div><div><br /></div><div><div>brqfac384d5-cd
8000.ecf4bbd0417a no eth2.100</div><div>
tap47417a6d-3b</div><div>----<br /></div></div><div><br /></div><div>For
"Instance #2", "brctl show" returns:</div><div><br /></div><div>----</div><div><div>bridge
name bridge id STP enabled interfaces</div></div><div><br /></div><div><div>brq50721b16-1c
8000.ecf4bbd0417a no eth2.101<br /></div><div>
tap15f2960f-54</div></div><div>----</div><div><br /></div><div>"Instance
#1" works as expected, I can see the the packets arriving inside the
Instance attached to the TAP "tap15f2960f-54".</div><div><br /></div><div>Also,
I can run "tcpdump -c 100 -eni tap15f2960f-54" or "tcpdump -c 100 -eni
brq50721b16-1c" to see the packets.</div><div><br /></div><div>BUT, my
second "Instance #2" doesn't receive the packets!!</div><div><br /></div><div><br /></div><div>#
"Wire"</div><div><br /></div><div>If I run "tcpdump -c 100 -eni eth2", I
can see both "vlan 100" and "vlan 101" packets arriving.</div><div><br /></div><div>#
vlan 100 - okay</div><div>If I run "tcpdump -c 100 -eni
brqfac384d5-cd", as I said before, I can see the packets.</div><div><br /></div><div>If
I run "tcpdump -c 100 -eni tap47417a6d-3b", as I said before, I can see
the packets.</div><div><br /></div><div># vlan 101 - not okay</div><div>If
I run "tcpdump -c 100 -eni brq50721b16-1c", I can see the packets.</div><div><br /></div><div>If
I run "tcpdump -c 100 -eni tap15f2960f-54", BOOM! I am unable to see
the packets!!</div><div><br /></div><div>--</div><div><br /></div><div><br /></div><div>Why
the packets are being dropped between "brq50721b16-1c" and
"tap15f2960f-54" ???</div><div><br /></div><div>"ifconfig tap15f2960f-54"
shows packets being dropped.</div><div><br /></div><div>"ifconfig
tap47417a6d-3b" shows 0 packets being dropped.</div><div><br /></div><div><br /></div><div>I
already double checked everything!! Also, I tried to raise txqueue,
checked ebtabled, iptables... I have no clue about whats going on
here...</div><div><br /></div><div>I really appreciate any help!</div><div><br /></div><div>Thanks!</div><div>Thiago</div></div></div></div>
!DSPAM:1,559c69f7301311341913631!
<div>_______________________________________________<br />Mailing list:
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br />Post to
: <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br />Unsubscribe :
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br /><br /><br />!DSPAM:1,559c69f7301311341913631!<br /></div></div>
</blockquote>
<br />
</div>
</blockquote></div><br /></div>
!DSPAM:1,559cbbac122991591116980!
</div>
</blockquote>
</div>
</body></html>