[Openstack] Weird nova-network bridging problem with precise/essex
Xu (Simon) Chen
xchenum at gmail.com
Sat Jul 21 11:47:33 UTC 2012
Narayan,
If you do net.bridge.bridge-nf-call-iptables = 0 on the network
controller, does floating IP still work? For each tenant/network, a subnet
is created, and the nova-network has a .1 gateway configured on the bridge
with the vlan interface plugged in.
The packets from VMs are actually sent to the bridge for NATting. But if
you doesn't allow the bridges to call iptables, it might break public
access all together. Don't know, maybe I'm not understanding the sysctl
flag correctly... Maybe it only applies to the packet transiting the
bridge, not impacting the ones destined to the nova-network?
-Simon
On Fri, Jul 20, 2012 at 9:57 PM, Narayan Desai <narayan.desai at gmail.com>wrote:
> Just for the record, we found the issue. There was some filtering
> being applied in the bridge code which randomly (?) dropped some DNS
> requests. Setting:
> net.bridge.bridge-nf-call-arptables = 0
> net.bridge.bridge-nf-call-iptables = 0
> net.bridge.bridge-nf-call-ip6tables = 0
>
> completely resolved the problem.
>
> I've written up full details here:
>
> http://buriedlede.blogspot.com/2012/07/debugging-networking-problems-with.html
> -nld
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120721/a90ebe2a/attachment.html>
More information about the Openstack
mailing list