[Openstack] DHCP lease not accepted when libvirt_use_virtio_for_bridges=true

Lorin Hochstein lorin at nimbisservices.com
Wed Apr 3 18:39:31 UTC 2013


On Fri, Mar 22, 2013 at 11:55 PM, Lorin Hochstein
<lorin at nimbisservices.com>wrote:

>
> On Thu, Mar 21, 2013 at 12:00 PM, Vishvananda Ishaya <
> vishvananda at gmail.com> wrote:
>
>> Well phooey:
>>
>>  987     if network_ref['multi_host']:
>>  988         _add_dhcp_mangle_rule(dev)
>>
>> The mangle rule is only added my nova-network in multihost mode.
>>
>> Can you verify whether or not adding the rule on the compute or network
>> node fixes it?
>>
>> That way we can either remove the check on multi_host or add it in
>> plug_vif on the
>> compute host.
>>
>>
>
> I'll check on this and get back to you.
>
> As an aside, note that we're *not* running with the vhost-net kernel
> module loaded, and the mangle rule only gets applied if this module is
> loaded:
>
>
> https://github.com/openstack/nova/blob/master/nova/network/linux_net.py#L885
>
> 884   def _add_dhcp_mangle_rule(dev):
> 885       if not os.path.exists('/dev/vhost-net'):
> 886          return
>
> So, either this situation can occur even without vhost-net, or I'm hitting
> a different issue.
>
>
>
>> BTW:
>>
>>  iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM
>>>> --checksum-fill
>>>>
>>>
>>
>> that should be -A not -D
>>
>>
> D'oh! I'll make sure that's correct when I do the testing.
>
>
>

OK, I've tested this again, and I'm having the same problem. I'm able to
get DHCP addresses for Ubuntu instances, but not CentOS ones. If I do a
"tcpdump" on the "vnetX" interface, I can see the DHCP request and replies.

listening on vnet1, link-type EN10MB (Ethernet), capture size 65535 bytes

14:20:15.124839 IP 10.40.0.2.68 > 255.255.255.255.67: BOOTP/DHCP, Request
from fa:16:3e:6b:d3:44, length 300

14:20:48.204962 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
from fa:16:3e:5a:e9:f9, length 300

14:20:48.205023 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request
from fa:16:3e:5a:e9:f9, length 300

14:20:48.205596 IP 10.40.0.1.67 > 10.40.0.6.68: BOOTP/DHCP, Reply, length
320

But if I do the tcpdump on eth0 inside the CentOS instances, I don't see
the DHCP reply packets. They aren't making it from vnet1 to eth0.

This is Folsom with nova-network, running in FlatDHCP, non-multi host, on
Ubuntu12.04.

I tried adding the iptables rule, but alas, it didn't resolve my issue.

iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM
--checksum-fill

Here are the various things I've tried

* Adding the checksum rule to iptables nova-network node
* Adding the checksum rule to the nova-compute node
* Setting libvirt_use_virtio_for_bridge to "yes" and "no" (restarting
nova-compute, re-launching instances)
* With and without vhost_net loaded in nova-compute (restarting
nova-compute, re-launching instances)
* Disabling ipv6 inside of the CentOS guest

If I VNC into the instance and put a static IP on it, like this, it still
doesn't have connectivity to the outside:

ip addr add 10.40.0.2/16 broadcast 10.40.255.255 dev eth0

Since it works with Ubuntu but not CentOS guests, on the same compute node,
I assume there's something about the configuration of the CentOS guest that
isn't working properly with my setup. But, at this point, I'm really
stumped.


Lorin


> Lorin
>
>
>
>
>> Vish
>>
>> On Mar 20, 2013, at 1:43 PM, Lorin Hochstein <lorin at nimbisservices.com>
>> wrote:
>>
>>
>> On Wed, Mar 20, 2013 at 4:15 PM, Nathanael Burton <
>> nathanael.i.burton at gmail.com> wrote:
>>
>>> On Wed, Mar 20, 2013 at 3:51 PM, Lorin Hochstein <
>>> lorin at nimbisservices.com> wrote:
>>>
>>>> I'm doing a Folsom deployment with FlatDHCP (not multihost).
>>>>
>>>> When I try to boot a quantal image, the instance doesn't pick up the
>>>> DHCP lease. I've confirmed that dnsmasq is sending out the DHCPOFFER, and I
>>>> can see by tcpdump on the compute host that the DHCP packets are making it
>>>> to the vnet0 interface.
>>>>
>>>>
>>>> Note that I tried adding this iptables rule as mentioned here <
>>>> https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/issues/14>,
>>>> but that didn't resolve it.
>>>>
>>>>     iptables -D POSTROUTING -t mangle -p udp --dport 68 -j CHECKSUM
>>>> --checksum-fill
>>>>
>>>>
>>>>
>>>> However, the problem goes away if I change this setting on the compute
>>>> hosts in /etc/nova/nova.conf
>>>>
>>>>     libvirt_use_virtio_for_bridges=true
>>>>
>>>> to:
>>>>
>>>>    libvirt_use_virtio_for_bridges=false
>>>>
>>>>
>>>> Anybody know what would cause this?
>>>>
>>>>
>>>> I'm on Ubuntu 12.04 with the cloud-archive packages, with KVM as the
>>>> hypervisor
>>>>
>>>>
>>>> You didn't restart nova-network without killing and restarting dnsmasq,
>>> did you?
>>>
>>> Nate
>>>
>>>
>>>
>> Of course not! (Well, maybe...). But just tried again, killing dnsmasq
>> and restarting nova-network doesn't seem to help. I'm guessing the issue is
>> confined to the compute node, and since I'm not running multihost, I don't
>> think I even need to restart nova-network each time I make a virtio-related
>> change on the compute node...
>>
>> Lorin
>>
>>
>> --
>> Lorin Hochstein
>> Lead Architect - Cloud Services
>> Nimbis Services, Inc.
>> www.nimbisservices.com
>>  _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>>
>
>
> --
> Lorin Hochstein
> Lead Architect - Cloud Services
> Nimbis Services, Inc.
> www.nimbisservices.com
>



-- 
Lorin Hochstein
Lead Architect - Cloud Services
Nimbis Services, Inc.
www.nimbisservices.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130403/fba49ca8/attachment.html>


More information about the Openstack mailing list