[ovn] VM in external network unable to arp
Ihar Hrachyshka
ihrachys at redhat.com
Fri Aug 4 19:35:00 UTC 2023
Hi Justin,
It's a shot in the dark, but one scenario that I experienced was related to
the selected TC qdisc. The behavior (ARP not getting through despite what
ovn-trace suggests) showed with `fq` TC qdisc used, and switching to
`fq_codel` fixed the problem. You may want to try another TC discipline.
Something like: tc qdisc replace dev eth0 root fq_codel
Where eth0 is your NIC for the provider network.
Ihar
On Fri, Aug 4, 2023 at 2:38 PM Justin Lamp <justin.lamp at netways.de> wrote:
> Hey,
>
> we are using OVN 22.03 and face an issue where a VM that is directly
> connected to the provider network won't be accessible, because it cannot
> arp for the Gateway IP. OVN routers do reply to the arp request though. We
> know that this exact scenario works as we have it running in our staging
> environment.
>
> Oddly enough if the right MAC-IP Binding is manually defined within the
> VM and the Gateway, the traffic will begin to flow correctly according to
> the right SGs.
>
> I did an ovn-trace and were able to see that the traffic is supposed to be
> flooded to the right ports. The ovs-trace on the other hand did not show
> the same picture. It just did 4k recirculations and then dropped the
> packet. I already restarted the ovn-controller on the right hv, but that
> did not do anything.
>
> The LSP:
>
> $ ovn-nbctl list Logical_Switch_Port cfce175b-9d88-4c2e-a5cc-d76cd5c71deb
> _uuid : c5dfb248-941e-4d4e-af1a-9ccafc22db70
> addresses : ["fa:16:3e:a2:d7:1a 2a02:ed80:0:3::341 91.198.2.33"]
> dhcpv4_options : 1922ee38-282f-4f5c-ade8-6cd157ee52e9
> dhcpv6_options : []
> dynamic_addresses : []
> enabled : true
> external_ids : {"neutron:cidrs"="2a02:ed80:0:3::341/64 91.198.2.33/24", "neutron:device_id"="8062ec61-0c68-41dd-b77c-e8b72ad16a88", "neutron:device_owner"="compute:AZ1", "neutron:network_name"=neutron-210e26d7-942f-4e17-89b2-571eee87d7e4, "neutron:port_name"="", "neutron:project_id"="99fb21796a8f4cbda42ba5b9d1e307dd", "neutron:revision_number"="16", "neutron:security_group_ids"="3e41777f-7aa4-4368-9992-5ca7cc2a5372 873b3b62-0918-4b1e-be73-fdbed50d2ac2"}
> ha_chassis_group : []
> name : "cfce175b-9d88-4c2e-a5cc-d76cd5c71deb"
> options : {mcast_flood_reports="true", requested-chassis=net-openstack-hv31}
> parent_name : []
> port_security : ["fa:16:3e:a2:d7:1a 2a02:ed80:0:3::341 91.198.2.33"]
> tag : []
> tag_request : []
> type : ""
> up : true
>
> The PB:
>
> $ ovn-sbctl find Port_Binding logical_port=cfce175b-9d88-4c2e-a5cc-d76cd5c71deb
> _uuid : e9e5ce44-698f-4a29-acd1-2f24cc1d1950
> chassis : c944c21a-3344-4fda-ab4e-a4cc07403125
> datapath : 993b44d5-1629-4e9b-b44e-24096d8b3959
> encap : []
> external_ids : {"neutron:cidrs"="2a02:ed80:0:3::341/64 91.198.2.33/24", "neutron:device_id"="8062ec61-0c68-41dd-b77c-e8b72ad16a88", "neutron:device_owner"="compute:AZ1", "neutron:network_name"=neutron-210e26d7-942f-4e17-89b2-571eee87d7e4, "neutron:port_name"="", "neutron:project_id"="99fb21796a8f4cbda42ba5b9d1e307dd", "neutron:revision_number"="16", "neutron:security_group_ids"="3e41777f-7aa4-4368-9992-5ca7cc2a5372 873b3b62-0918-4b1e-be73-fdbed50d2ac2"}
> gateway_chassis : []
> ha_chassis_group : []
> logical_port : "cfce175b-9d88-4c2e-a5cc-d76cd5c71deb"
> mac : ["fa:16:3e:a2:d7:1a 2a02:ed80:0:3::341 91.198.2.33"]
> nat_addresses : []
> options : {mcast_flood_reports="true", requested-chassis=net-openstack-hv31}
> parent_port : []
> requested_chassis : c944c21a-3344-4fda-ab4e-a4cc07403125
> tag : []
> tunnel_key : 344
> type : ""
> up : true
> virtual_parent : []
>
>
> The LS:
>
> $ ovn-nbctl list Logical_Switch public-network
> _uuid : 56d8be55-462a-4b93-8710-3c79ca386213
> acls : []
> copp : []
> dns_records : []
> external_ids : {"neutron:mtu"="1500", "neutron:network_name"=public-network, "neutron:revision_number"="21"}
> forwarding_groups : []
> load_balancer : []
> load_balancer_group : []
> name : neutron-210e26d7-942f-4e17-89b2-571eee87d7e4
> other_config : {mcast_flood_unregistered="false", mcast_snoop="false"}
> ports : [00225774-8fbc-473f-ae5e-d486c54212c8, ..., c5dfb248-941e-4d4e-af1a-9ccafc22db70, ...
> qos_rules : []
>
>
> The patchport:
>
> $ ovn-nbctl list Logical_Switch_Port provnet-aa35051c-6fc0-463a-8807-0cb28903be14
> _uuid : f7259aeb-0e63-4d20-8a8e-54ebf454a524
> addresses : [unknown]
> dhcpv4_options : []
> dhcpv6_options : []
> dynamic_addresses : []
> enabled : []
> external_ids : {}
> ha_chassis_group : []
> name : provnet-aa35051c-6fc0-463a-8807-0cb28903be14
> options : {mcast_flood="false", mcast_flood_reports="true", network_name=physnet1}
> parent_name : []
> port_security : []
> tag : []
> tag_request : []
> type : localnet
> up : false
>
>
> I hope I provided the needed context!
> Thanks in advance!
>
> Best regards,
> Justin Lamp
>
> --
> Justin Lamp
> Systems Engineer
>
> NETWAYS Managed Services GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg
> Tel: +49 911 92885-0 | Fax: +49 911 92885-77
> CEO: Julian Hein, Bernd Erk, Sebastian Saemann | AG Nuernberg HRB25207
> https://www.netways.de | justin.lamp at netways.de
>
> ** stackconf 2023 - September - https://stackconf.eu **
> ** OSMC 2023 - November - https://osmc.de **
> ** NETWAYS Web Services - https://nws.netways.de **
> ** NETWAYS Trainings - https://netways.de/trainings **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.openstack.org/pipermail/openstack-discuss/attachments/20230804/75f23fe8/attachment.htm>
More information about the openstack-discuss
mailing list