Hi Justin,
It's a shot in the dark, but one scenario that I experienced was related to the selected TC qdisc. The behavior (ARP not getting through despite what ovn-trace suggests) showed with `fq` TC qdisc used, and switching to `fq_codel` fixed the problem. You may want to try another TC discipline.
Something like: tc qdisc replace dev eth0 root fq_codel
Where eth0 is your NIC for the provider network.
Ihar
On Fri, Aug 4, 2023 at 2:38 PM Justin Lamp justin.lamp@netways.de wrote:
Hey,
we are using OVN 22.03 and face an issue where a VM that is directly connected to the provider network won't be accessible, because it cannot arp for the Gateway IP. OVN routers do reply to the arp request though. We know that this exact scenario works as we have it running in our staging environment.
Oddly enough if the right MAC-IP Binding is manually defined within the VM and the Gateway, the traffic will begin to flow correctly according to the right SGs.
I did an ovn-trace and were able to see that the traffic is supposed to be flooded to the right ports. The ovs-trace on the other hand did not show the same picture. It just did 4k recirculations and then dropped the packet. I already restarted the ovn-controller on the right hv, but that did not do anything.
The LSP:
$ ovn-nbctl list Logical_Switch_Port cfce175b-9d88-4c2e-a5cc-d76cd5c71deb _uuid : c5dfb248-941e-4d4e-af1a-9ccafc22db70 addresses : ["fa:16:3e:a2:d7:1a 2a02:ed80:0:3::341 91.198.2.33"] dhcpv4_options : 1922ee38-282f-4f5c-ade8-6cd157ee52e9 dhcpv6_options : [] dynamic_addresses : [] enabled : true external_ids : {"neutron:cidrs"="2a02:ed80:0:3::341/64 91.198.2.33/24", "neutron:device_id"="8062ec61-0c68-41dd-b77c-e8b72ad16a88", "neutron:device_owner"="compute:AZ1", "neutron:network_name"=neutron-210e26d7-942f-4e17-89b2-571eee87d7e4, "neutron:port_name"="", "neutron:project_id"="99fb21796a8f4cbda42ba5b9d1e307dd", "neutron:revision_number"="16", "neutron:security_group_ids"="3e41777f-7aa4-4368-9992-5ca7cc2a5372 873b3b62-0918-4b1e-be73-fdbed50d2ac2"} ha_chassis_group : [] name : "cfce175b-9d88-4c2e-a5cc-d76cd5c71deb" options : {mcast_flood_reports="true", requested-chassis=net-openstack-hv31} parent_name : [] port_security : ["fa:16:3e:a2:d7:1a 2a02:ed80:0:3::341 91.198.2.33"] tag : [] tag_request : [] type : "" up : true
The PB:
$ ovn-sbctl find Port_Binding logical_port=cfce175b-9d88-4c2e-a5cc-d76cd5c71deb _uuid : e9e5ce44-698f-4a29-acd1-2f24cc1d1950 chassis : c944c21a-3344-4fda-ab4e-a4cc07403125 datapath : 993b44d5-1629-4e9b-b44e-24096d8b3959 encap : [] external_ids : {"neutron:cidrs"="2a02:ed80:0:3::341/64 91.198.2.33/24", "neutron:device_id"="8062ec61-0c68-41dd-b77c-e8b72ad16a88", "neutron:device_owner"="compute:AZ1", "neutron:network_name"=neutron-210e26d7-942f-4e17-89b2-571eee87d7e4, "neutron:port_name"="", "neutron:project_id"="99fb21796a8f4cbda42ba5b9d1e307dd", "neutron:revision_number"="16", "neutron:security_group_ids"="3e41777f-7aa4-4368-9992-5ca7cc2a5372 873b3b62-0918-4b1e-be73-fdbed50d2ac2"} gateway_chassis : [] ha_chassis_group : [] logical_port : "cfce175b-9d88-4c2e-a5cc-d76cd5c71deb" mac : ["fa:16:3e:a2:d7:1a 2a02:ed80:0:3::341 91.198.2.33"] nat_addresses : [] options : {mcast_flood_reports="true", requested-chassis=net-openstack-hv31} parent_port : [] requested_chassis : c944c21a-3344-4fda-ab4e-a4cc07403125 tag : [] tunnel_key : 344 type : "" up : true virtual_parent : []
The LS:
$ ovn-nbctl list Logical_Switch public-network _uuid : 56d8be55-462a-4b93-8710-3c79ca386213 acls : [] copp : [] dns_records : [] external_ids : {"neutron:mtu"="1500", "neutron:network_name"=public-network, "neutron:revision_number"="21"} forwarding_groups : [] load_balancer : [] load_balancer_group : [] name : neutron-210e26d7-942f-4e17-89b2-571eee87d7e4 other_config : {mcast_flood_unregistered="false", mcast_snoop="false"} ports : [00225774-8fbc-473f-ae5e-d486c54212c8, ..., c5dfb248-941e-4d4e-af1a-9ccafc22db70, ... qos_rules : []
The patchport:
$ ovn-nbctl list Logical_Switch_Port provnet-aa35051c-6fc0-463a-8807-0cb28903be14 _uuid : f7259aeb-0e63-4d20-8a8e-54ebf454a524 addresses : [unknown] dhcpv4_options : [] dhcpv6_options : [] dynamic_addresses : [] enabled : [] external_ids : {} ha_chassis_group : [] name : provnet-aa35051c-6fc0-463a-8807-0cb28903be14 options : {mcast_flood="false", mcast_flood_reports="true", network_name=physnet1} parent_name : [] port_security : [] tag : [] tag_request : [] type : localnet up : false
I hope I provided the needed context! Thanks in advance!
Best regards, Justin Lamp
-- Justin Lamp Systems Engineer
NETWAYS Managed Services GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg Tel: +49 911 92885-0 | Fax: +49 911 92885-77 CEO: Julian Hein, Bernd Erk, Sebastian Saemann | AG Nuernberg HRB25207 https://www.netways.de | justin.lamp@netways.de
** stackconf 2023 - September - https://stackconf.eu ** ** OSMC 2023 - November - https://osmc.de ** ** NETWAYS Web Services - https://nws.netways.de ** ** NETWAYS Trainings - https://netways.de/trainings **