[Openstack-operators] GRE tunnel timeout?

Patrick Cable pc at pcable.net
Tue Oct 21 19:49:19 UTC 2014


I'm hitting an interesting (more like frustrating) issue on Icehouse. I
have neutron set up to use GRE tunnels to allow network access for machine
instances (VMs)

When I spawn a VM:
- The VM gets an address just fine (10.20.0.59) and can ping the outside
world.
- I assign a floating IP
- The outside world can ping the VM's floating IP
- After a while (between 550-600 seconds, likely more towards 600), the
outside world can not ping the VM.
- If I sign into the VM VNC console, and ping the openstack router
(10.20.0.1 in this case), outside connectivity works again

For a while I assumed this was an arp issue, until I saw the arp record (ip
netns qrouter-... exec arp -an) disappear, and was still able to ping the
floating IP and get a response.

I started investigating the "ovs-ofctl dump-flows br-tun" output and
noticed that open vswitch would set up a flow for the target that had a
hard_timeout value of 300. So I waited for that to disappear and tried
pinging the floating ip. Yep, the flow came back, ping succeeded.

When it doesnt work, 'ip netns qrouter-... ping 10.20.0.59' doesn't work
either.

This VM is the only one scheduled on this compute node right now.

This feels like some sort of timeout that gets broken by the VM initiating
traffic, but I'm not sure.

I have tried to use the technique for listening to patch-tun by
instantiating snooper0 (as mentioned in
http://docs.openstack.org/openstack-ops/content/network_troubleshooting.html)
but I don't see *any* traffic going over that, ever. I know we're using GRE
tunnels, so i feel like there should be some data?

Any help would be greatly appreciated!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20141021/9695a6b3/attachment.html>


More information about the OpenStack-operators mailing list