[Openstack] [Neutron] asymetric DHCP brokenness on tenant GRE networks

Jonathan Proulx jon at jonproulx.com
Wed Jan 29 16:20:09 UTC 2014 

I also notice ARPs are asysmetric.  arp requests from the instance
don't end up on the wire, but arp requests from the network controller
do make it to the instance and the responses make it back.  So once
the network controller has made contact and it's MAC is in the
instance ARP cache then things work both ways...


I expect my path to be somehting like this off the compute node, where
eth0 is the physical device with a route to the tunnel endoint of
gre-<n>, is htis correct?

tap -> patch-tun -> patch-int -> gre-<n> -> ethN
\_____________/    \__________________/
     br-int              br-tun

however I can't tcpdump on the patch or gre devices....

# tcpdump -i patch-tun
tcpdump: patch-tun: No such device exists

is there a way to do this?  Right now I can only see what's happening
at the beginning (tap) and end (ethN)

On Wed, Jan 29, 2014 at 10:21 AM, Jonathan Proulx <jon at jonproulx.com> wrote:
> HI All,
>
> DHCP requests from instances with interfaces on OVS/GRE based tenant
> networks are showing up on the tap device on the compute node but
> never make it to the physical network device (tcpdump -i ehtX proto
> gre).
>
> If I manually configure an address all seems well & I can for example
> ping from the qdhcp namespace on the network note to the instance.
> This suggests to me that all the OVS plumbing is properly in place.
>
> My next suspicion is iptables, which look OK to me as well, or at
> least look like they do for the VLAN based provider networks that have
> functioning DHCP (note 10.0.1.100 is the dhcp-agent's address on this
> network):
>
> Chain neutron-openvswi-o78facbbc-b (2 references)
> target     prot opt source               destination
> RETURN     udp  --  anywhere             anywhere             udp
> spt:bootpc dpt:bootps
> neutron-openvswi-s78facbbc-b  all  --  anywhere             anywhere
> DROP       udp  --  anywhere             anywhere             udp
> spt:bootps dpt:bootpc
> DROP       all  --  anywhere             anywhere             state INVALID
> RETURN     all  --  anywhere             anywhere             state
> RELATED,ESTABLISHED
> RETURN     all  --  anywhere             anywhere
> neutron-openvswi-sg-fallback  all  --  anywhere             anywhere
> root at nova-50:~# iptables -L  neutron-openvswi-i78facbbc-b
> Chain neutron-openvswi-i78facbbc-b (1 references)
> target     prot opt source               destination
> DROP       all  --  anywhere             anywhere             state INVALID
> RETURN     all  --  anywhere             anywhere             state
> RELATED,ESTABLISHED
> RETURN     udp  --  anywhere             anywhere             udp
> multiport dports 1:65535
> RETURN     tcp  --  anywhere             anywhere             tcp
> multiport dports tcpmux:65535
> RETURN     tcp  --  anywhere             anywhere             tcp dpt:ssh
> RETURN     icmp --  anywhere             anywhere
> RETURN     udp  --  10.0.1.100           anywhere             udp
> spt:bootps dpt:bootpc
> neutron-openvswi-sg-fallback  all  --  anywhere             anywhere
>
> Anyone see what I'm missing or have a suggestion on where I should look next?

More information about the Openstack mailing list