Hey,
we are using OVN 22.03 and face an issue where a VM that is directly connected to the provider network won't be accessible, because it cannot arp for the Gateway IP. OVN routers do reply to the arp request though. We know that this exact scenario works as we have it running in our staging environment.
Oddly enough if the right MAC-IP Binding is manually defined within the VM and the Gateway, the traffic will begin to flow correctly according to the right SGs.
I did an ovn-trace and were able to see that the traffic is supposed to be flooded to the right ports. The ovs-trace on the other hand did not show the same picture. It just did 4k recirculations and then dropped the packet. I already restarted the ovn-controller on the right hv, but that did not do anything.
The LSP:
$ ovn-nbctl list Logical_Switch_Port cfce175b-9d88-4c2e-a5cc-d76cd5c71deb _uuid : c5dfb248-941e-4d4e-af1a-9ccafc22db70 addresses : ["fa:16:3e:a2:d7:1a 2a02:ed80:0:3::341 91.198.2.33"] dhcpv4_options : 1922ee38-282f-4f5c-ade8-6cd157ee52e9 dhcpv6_options : [] dynamic_addresses : [] enabled : true external_ids : {"neutron:cidrs"="2a02:ed80:0:3::341/64 91.198.2.33/24", "neutron:device_id"="8062ec61-0c68-41dd-b77c-e8b72ad16a88", "neutron:device_owner"="compute:AZ1", "neutron:network_name"=neutron-210e26d7-942f-4e17-89b2-571eee87d7e4, "neutron:port_name"="", "neutron:project_id"="99fb21796a8f4cbda42ba5b9d1e307dd", "neutron:revision_number"="16", "neutron:security_group_ids"="3e41777f-7aa4-4368-9992-5ca7cc2a5372 873b3b62-0918-4b1e-be73-fdbed50d2ac2"} ha_chassis_group : [] name : "cfce175b-9d88-4c2e-a5cc-d76cd5c71deb" options : {mcast_flood_reports="true", requested-chassis=net-openstack-hv31} parent_name : [] port_security : ["fa:16:3e:a2:d7:1a 2a02:ed80:0:3::341 91.198.2.33"] tag : [] tag_request : [] type : "" up : trueThe PB:
$ ovn-sbctl find Port_Binding logical_port=cfce175b-9d88-4c2e-a5cc-d76cd5c71deb _uuid : e9e5ce44-698f-4a29-acd1-2f24cc1d1950 chassis : c944c21a-3344-4fda-ab4e-a4cc07403125 datapath : 993b44d5-1629-4e9b-b44e-24096d8b3959 encap : [] external_ids : {"neutron:cidrs"="2a02:ed80:0:3::341/64 91.198.2.33/24", "neutron:device_id"="8062ec61-0c68-41dd-b77c-e8b72ad16a88", "neutron:device_owner"="compute:AZ1", "neutron:network_name"=neutron-210e26d7-942f-4e17-89b2-571eee87d7e4, "neutron:port_name"="", "neutron:project_id"="99fb21796a8f4cbda42ba5b9d1e307dd", "neutron:revision_number"="16", "neutron:security_group_ids"="3e41777f-7aa4-4368-9992-5ca7cc2a5372 873b3b62-0918-4b1e-be73-fdbed50d2ac2"} gateway_chassis : [] ha_chassis_group : [] logical_port : "cfce175b-9d88-4c2e-a5cc-d76cd5c71deb" mac : ["fa:16:3e:a2:d7:1a 2a02:ed80:0:3::341 91.198.2.33"] nat_addresses : [] options : {mcast_flood_reports="true", requested-chassis=net-openstack-hv31} parent_port : [] requested_chassis : c944c21a-3344-4fda-ab4e-a4cc07403125 tag : [] tunnel_key : 344 type : "" up : true virtual_parent : []The LS:
$ ovn-nbctl list Logical_Switch public-network _uuid : 56d8be55-462a-4b93-8710-3c79ca386213 acls : [] copp : [] dns_records : [] external_ids : {"neutron:mtu"="1500", "neutron:network_name"=public-network, "neutron:revision_number"="21"} forwarding_groups : [] load_balancer : [] load_balancer_group : [] name : neutron-210e26d7-942f-4e17-89b2-571eee87d7e4 other_config : {mcast_flood_unregistered="false", mcast_snoop="false"} ports : [00225774-8fbc-473f-ae5e-d486c54212c8, ..., c5dfb248-941e-4d4e-af1a-9ccafc22db70, ... qos_rules : []The patchport:
$ ovn-nbctl list Logical_Switch_Port provnet-aa35051c-6fc0-463a-8807-0cb28903be14 _uuid : f7259aeb-0e63-4d20-8a8e-54ebf454a524 addresses : [unknown] dhcpv4_options : [] dhcpv6_options : [] dynamic_addresses : [] enabled : [] external_ids : {} ha_chassis_group : [] name : provnet-aa35051c-6fc0-463a-8807-0cb28903be14 options : {mcast_flood="false", mcast_flood_reports="true", network_name=physnet1} parent_name : [] port_security : [] tag : [] tag_request : [] type : localnet up : falseI hope I provided the needed context!
Thanks in advance!Best regards,
Justin Lamp
--
Justin Lamp
Systems Engineer
NETWAYS Managed Services GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg
Tel: +49 911 92885-0 | Fax: +49 911 92885-77
CEO: Julian Hein, Bernd Erk, Sebastian Saemann | AG Nuernberg HRB25207
https://www.netways.de | justin.lamp@netways.de
** stackconf 2023 - September - https://stackconf.eu **
** OSMC 2023 - November - https://osmc.de **
** NETWAYS Web Services - https://nws.netways.de **
** NETWAYS Trainings - https://netways.de/trainings **