<div dir="ltr"><div><div><div><div><div>I'm afraid I am stuck now. I don't think you need a similar rule for the other direction, for two reasons:<br><br></div>1. You have already seen (with tcpdump) that there are DHCP replies being sent from Dnsmasq. Therefore Dnsmasq must be receiving the DHCP requests.<br></div>2. The need for CHECKSUM filling is, I believe, a specific issue when Dnsmasq sends on an interface that is (or is bridged to) a hypervisor-guest VM TAP interface. I believe the same issue does not affect the VM's sending of the DHCP request.<br><br></div>Also, the fact that you can ping, after setting the IP manually inside the VM instance, indicates that there is no problem in the data path between your ping host and the VM.<br><br></div>Perhaps the DHCP reply is being dropped for some other reason, somewhere along that data path? But in an OVS-based setup I'm afraid I don't know how to investigate that further.<br><br></div> Neil<br><br><div><div><div><div><div><div><div><br><div class="gmail_quote"><div dir="ltr">On Mon, Jun 20, 2016 at 9:45 AM Ahmed Medhat <<a href="mailto:a.medhat.h@gmail.com">a.medhat.h@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">i add it but it is not working also.<div>May be This iptables <span></span>rule for traffic reaching the dhcp port but there should be one in the other direction and be dport 67 ?</div><div><br></div><div>Best regards,</div><div>Ahmed<br><br>On Monday, June 20, 2016, Neil Jerram <<a href="mailto:neil@tigera.io" target="_blank">neil@tigera.io</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>In that case I guess you are somehow missing the iptables rule that fills in the CHECKSUM properly on DHCP replies. Is the problem fixed if you add the following iptables rule in the DHCP namespace on the network node?<br><br>iptables -A POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM --checksum-fill<br><br></div> Neil<br><br><div><br><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Mon, Jun 20, 2016 at 9:30 AM Ahmed Medhat <<a>a.medhat.h@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Neil,<div><br></div><div>Thanks for your reply.</div><div><br></div><div>I have done tcpdump on dhcp port of the private network in Openstack and I saw the received dhcp request and replies. It seems tgat the replies are not received to the VM.</div><div>I want to add tgat if I adjusted the ip manually inside the VM instance , it works fine and I can ping the dhcp ip 11.0.0.2 in my case.</div><div><br></div><div>I hope this info shows you where could be the problem I have.<span></span></div><div><br></div><div>Best regards,</div><div>Ahmed</div><div><br><br>On Monday, June 20, 2016, Neil Jerram <<a>neil@tigera.io</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>Hi Ahmed,<br><br></div>Unfortunately there are many possible reasons - and different ones depending on your setup.<br><br></div>I will guess, though, that you're using a default OVS setup, without DVR. In that case DHCP should be provided by Dnsmasq running on your network node, and I would start by checking for that process and looking at its logs (which could be in /var/log/syslog, /var/log/messages, journalctl, ...) to see if there is any sign of DHCP requests being received, and then whether Dnsmasq sends any DHCP responses.<br><br></div>Regards,<br></div> Neil<br><br></div><br><div class="gmail_quote"><div dir="ltr">On Sat, Jun 18, 2016 at 1:34 PM Ahmed Medhat <<a>a.medhat.h@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi All,<div><br></div><div>I have installed kilo devstack and have a problem with dhcp, it is not assigning IPs to the VMs. </div><div>What are the reasons for that ?</div><div><br></div><div>Best regards,</div><div>Ahmed</div></div>
_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a>openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
</blockquote></div>
</blockquote></div></blockquote></div>
</blockquote></div>
</blockquote></div></div></div></div></div></div></div></div></div>