Hi Justin,

It's a shot in the dark, but one scenario that I experienced was related to the selected TC qdisc. The behavior (ARP not getting through despite what ovn-trace suggests) showed with `fq` TC qdisc used, and switching to `fq_codel` fixed the problem. You may want to try another TC discipline.

Something like: tc qdisc replace dev eth0 root fq_codel

Where eth0 is your NIC for the provider network.

Ihar

On Fri, Aug 4, 2023 at 2:38 PM Justin Lamp <justin.lamp@netways.de> wrote:

Hey,

we are using OVN 22.03 and face an issue where a VM that is directly connected to the provider network won't be accessible, because it cannot arp for the Gateway IP. OVN routers do reply to the arp request though. We know that this exact scenario works as we have it running in our staging environment.

Oddly enough if the right MAC-IP Binding is manually defined within the VM and the Gateway, the traffic will begin to flow correctly according to the right SGs.

I did an ovn-trace and were able to see that the traffic is supposed to be flooded to the right ports. The ovs-trace on the other hand did not show the same picture. It just did 4k recirculations and then dropped the packet. I already restarted the ovn-controller on the right hv, but that did not do anything.

The LSP:

$ ovn-nbctl list Logical_Switch_Port cfce175b-9d88-4c2e-a5cc-d76cd5c71deb
_uuid               : c5dfb248-941e-4d4e-af1a-9ccafc22db70
addresses           : ["fa:16:3e:a2:d7:1a 2a02:ed80:0:3::341 91.198.2.33"]
dhcpv4_options      : 1922ee38-282f-4f5c-ade8-6cd157ee52e9
dhcpv6_options      : []
dynamic_addresses   : []
enabled             : true
external_ids        : {"neutron:cidrs"="2a02:ed80:0:3::341/64 91.198.2.33/24", "neutron:device_id"="8062ec61-0c68-41dd-b77c-e8b72ad16a88", "neutron:device_owner"="compute:AZ1", "neutron:network_name"=neutron-210e26d7-942f-4e17-89b2-571eee87d7e4, "neutron:port_name"="", "neutron:project_id"="99fb21796a8f4cbda42ba5b9d1e307dd", "neutron:revision_number"="16", "neutron:security_group_ids"="3e41777f-7aa4-4368-9992-5ca7cc2a5372 873b3b62-0918-4b1e-be73-fdbed50d2ac2"}
ha_chassis_group    : []
name                : "cfce175b-9d88-4c2e-a5cc-d76cd5c71deb"
options             : {mcast_flood_reports="true", requested-chassis=net-openstack-hv31}
parent_name         : []
port_security       : ["fa:16:3e:a2:d7:1a 2a02:ed80:0:3::341 91.198.2.33"]
tag                 : []
tag_request         : []
type                : ""
up                  : true

The PB:

$ ovn-sbctl find Port_Binding logical_port=cfce175b-9d88-4c2e-a5cc-d76cd5c71deb
_uuid               : e9e5ce44-698f-4a29-acd1-2f24cc1d1950
chassis             : c944c21a-3344-4fda-ab4e-a4cc07403125
datapath            : 993b44d5-1629-4e9b-b44e-24096d8b3959
encap               : []
external_ids        : {"neutron:cidrs"="2a02:ed80:0:3::341/64 91.198.2.33/24", "neutron:device_id"="8062ec61-0c68-41dd-b77c-e8b72ad16a88", "neutron:device_owner"="compute:AZ1", "neutron:network_name"=neutron-210e26d7-942f-4e17-89b2-571eee87d7e4, "neutron:port_name"="", "neutron:project_id"="99fb21796a8f4cbda42ba5b9d1e307dd", "neutron:revision_number"="16", "neutron:security_group_ids"="3e41777f-7aa4-4368-9992-5ca7cc2a5372 873b3b62-0918-4b1e-be73-fdbed50d2ac2"}
gateway_chassis     : []
ha_chassis_group    : []
logical_port        : "cfce175b-9d88-4c2e-a5cc-d76cd5c71deb"
mac                 : ["fa:16:3e:a2:d7:1a 2a02:ed80:0:3::341 91.198.2.33"]
nat_addresses       : []
options             : {mcast_flood_reports="true", requested-chassis=net-openstack-hv31}
parent_port         : []
requested_chassis   : c944c21a-3344-4fda-ab4e-a4cc07403125
tag                 : []
tunnel_key          : 344
type                : ""
up                  : true
virtual_parent      : []

The LS:

$ ovn-nbctl list Logical_Switch public-network
_uuid               : 56d8be55-462a-4b93-8710-3c79ca386213
acls                : []
copp                : []
dns_records         : []
external_ids        : {"neutron:mtu"="1500", "neutron:network_name"=public-network, "neutron:revision_number"="21"}
forwarding_groups   : []
load_balancer       : []
load_balancer_group : []
name                : neutron-210e26d7-942f-4e17-89b2-571eee87d7e4
other_config        : {mcast_flood_unregistered="false", mcast_snoop="false"}
ports               : [00225774-8fbc-473f-ae5e-d486c54212c8, ..., c5dfb248-941e-4d4e-af1a-9ccafc22db70, ...
qos_rules           : []

The patchport:

$ ovn-nbctl list Logical_Switch_Port provnet-aa35051c-6fc0-463a-8807-0cb28903be14
_uuid               : f7259aeb-0e63-4d20-8a8e-54ebf454a524
addresses           : [unknown]
dhcpv4_options      : []
dhcpv6_options      : []
dynamic_addresses   : []
enabled             : []
external_ids        : {}
ha_chassis_group    : []
name                : provnet-aa35051c-6fc0-463a-8807-0cb28903be14
options             : {mcast_flood="false", mcast_flood_reports="true", network_name=physnet1}
parent_name         : []
port_security       : []
tag                 : []
tag_request         : []
type                : localnet
up                  : false

I hope I provided the needed context!
Thanks in advance!

Best regards,
Justin Lamp


-- 
Justin Lamp
Systems Engineer

NETWAYS Managed Services GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg
Tel: +49 911 92885-0 | Fax: +49 911 92885-77
CEO: Julian Hein, Bernd Erk, Sebastian Saemann | AG Nuernberg HRB25207
https://www.netways.de | justin.lamp@netways.de

** stackconf 2023 - September - https://stackconf.eu **
** OSMC 2023 - November - https://osmc.de **
** NETWAYS Web Services - https://nws.netways.de **
** NETWAYS Trainings - https://netways.de/trainings **