[Openstack] OpenVSwitch inside Instance no ARP passthrough

Volodymyr Litovka doka.ua at gmx.com
Thu Feb 1 11:30:18 UTC 2018


Dear Mathias,

if I correctly understand your configuration, you're using bridges 
inside VM and it configuration looks a bit strange:

1) you use two different bridges (OVSbr1/192.168.120.x and 
OVSbr2/192.168.110.x) and there is no patch between them so they're separate
2) while ARP requests for address in OVSbr1 arrives from OVSbr2:

 > 18:50:58.080478 ARP, Request who-has *192.168.120.10* tell 
192.168.120.6, length 28
 >
 > but on the OVS bridge nothing arrives ...
 >
 > listening on *OVSbr2*, link-type EN10MB (Ethernet), capture size
 > 262144 bytes

while these bridges are separate, ARP requests and answers will not be 
passed between them.

Regarding your devstack configuration - unfortunately, I don't have 
experience with devstack, so don't know, where it stores configs. In 
Openstack, ml2_conf.ini points to openvswitch in ml2's mechanism_drivers 
parameter, in my case it looks as the following:

[ml2]
mechanism_drivers = l2population,openvswitch

and rest of openvswitch config described in 
/etc/neutron/plugins/ml2/openvswitch_agent.ini

Second - I see an ambiguity in your br-tun configuration, where 
patch_int is the same as patch-int without corresponding remote peer 
config, probably you should check this issue.

And third is - note that Mitaka is quite old release and probably you 
can give a chance for the latest release of devstack? :-)

On 1/31/18 10:49 PM, Mathias Strufe (DFKI) wrote:
> Dear Volodymyr, all,
>
> thanks for your fast answer ...
> but I'm still facing the same problem, still can't ping the instance 
> with configured and up OVS bridge ... may because I'm quite new to 
> OpenStack and OpenVswitch and didn't see the problem ;)
>
> My setup is devstack Mitaka in single machine config ... first of all 
> I didn't find there the openvswitch_agent.ini anymore, I remember in 
> previous version it was in the neutron/plugin folder ...
> Is this config now done in the ml2 config file in the [OVS] section????
>
>
> I'm really wondering ...
> so I can ping between the 2 instances without any problem. But as soon 
> I bring up the OVS bridge inside the vm the ARP requests only visible 
> at the ens interface but not reaching the OVSbr ...
>
> please find attached two files which may help for troubleshooting. One 
> are some network information from inside the Instance that runs the 
> OVS and one ovs-vsctl info of the OpenStack Host.
>
> If you need more info/logs please let me know! Thanks for your help!
>
> BR Mathias.
>
>
> On 2018-01-27 22:44, Volodymyr Litovka wrote:
>> Hi Mathias,
>>
>>  whether you have all corresponding bridges and patches between them
>> as described in openvswitch_agent.ini using
>>
>>  integration_bridge
>>  tunnel_bridge
>>  int_peer_patch_port
>>  tun_peer_patch_port
>>  bridge_mappings
>>
>>  parameters? And make sure, that service "neutron-ovs-cleanup" is in
>> use during system boot. You can check these bridges and patches using
>> "ovs-vsctl show" command.
>>
>> On 1/27/18 9:00 PM, Mathias Strufe (DFKI) wrote:
>>
>>> Dear all,
>>>
>>> I'm quite new to openstack and like to install openVSwtich inside
>>> one Instance of our Mitika openstack Lab Enviornment ...
>>> But it seems that ARP packets got lost between the network
>>> interface of the instance and the OVS bridge ...
>>>
>>> With tcpdump on the interface I see the APR packets ...
>>>
>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>>> decode
>>> listening on ens6, link-type EN10MB (Ethernet), capture size 262144
>>> bytes
>>> 18:50:58.080478 ARP, Request who-has 192.168.120.10 tell
>>> 192.168.120.6, length 28
>>> 18:50:58.125009 ARP, Request who-has 192.168.120.1 tell
>>> 192.168.120.6, length 28
>>> 18:50:59.077315 ARP, Request who-has 192.168.120.10 tell
>>> 192.168.120.6, length 28
>>> 18:50:59.121369 ARP, Request who-has 192.168.120.1 tell
>>> 192.168.120.6, length 28
>>> 18:51:00.077327 ARP, Request who-has 192.168.120.10 tell
>>> 192.168.120.6, length 28
>>> 18:51:00.121343 ARP, Request who-has 192.168.120.1 tell
>>> 192.168.120.6, length 28
>>>
>>> but on the OVS bridge nothing arrives ...
>>>
>>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>>> decode
>>> listening on OVSbr2, link-type EN10MB (Ethernet), capture size
>>> 262144 bytes
>>>
>>> I disabled port_security and removed the security group but nothing
>>> changed
>>>
>>>
>> +-----------------------+---------------------------------------------------------------------------------------+ 
>>
>>>
>>> | Field | Value
>>> |
>>>
>> +-----------------------+---------------------------------------------------------------------------------------+ 
>>
>>>
>>> | admin_state_up | True
>>> |
>>> | allowed_address_pairs |
>>> |
>>> | binding:host_id | node11
>>> |
>>> | binding:profile | {}
>>> |
>>> | binding:vif_details | {"port_filter": true, "ovs_hybrid_plug":
>>> true} |
>>> | binding:vif_type | ovs
>>> |
>>> | binding:vnic_type | normal
>>> |
>>> | created_at | 2018-01-27T16:45:48Z
>>> |
>>> | description |
>>> |
>>> | device_id | 74916967-984c-4617-ae33-b847de73de13
>>> |
>>> | device_owner | compute:nova
>>> |
>>> | extra_dhcp_opts |
>>> |
>>> | fixed_ips | {"subnet_id":
>>> "525db7ff-2bf2-4c64-b41e-1e41570ec358", "ip_address":
>>> "192.168.120.10"} |
>>> | id | 74b754d6-0000-4c2e-bfd1-87f640154ac9
>>> |
>>> | mac_address | fa:16:3e:af:90:0c
>>> |
>>> | name |
>>> |
>>> | network_id | 917254cb-9721-4207-99c5-8ead9f95d186
>>> |
>>> | port_security_enabled | False
>>> |
>>> | project_id | c48457e73b664147a3d2d36d75dcd155
>>> |
>>> | revision_number | 27
>>> |
>>> | security_groups |
>>> |
>>> | status | ACTIVE
>>> |
>>> | tenant_id | c48457e73b664147a3d2d36d75dcd155
>>> |
>>> | updated_at | 2018-01-27T18:54:24Z
>>> |
>>>
>> +-----------------------+---------------------------------------------------------------------------------------+ 
>>
>>>
>>>
>>> maybe the port_filter causes still the problem? But how to disable
>>> it?
>>>
>>> Any other idea?
>>>
>>> Thanks and BR Mathias.
>>>
>>> _______________________________________________
>>> Mailing list:
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [1]
>>> Post to : openstack at lists.openstack.org
>>> Unsubscribe :
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [1]
>>
>> -- 
>> Volodymyr Litovka
>>  "Vision without Execution is Hallucination." -- Thomas Edison
>>
>>
>> Links:
>> ------
>> [1] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>

-- 
Volodymyr Litovka
   "Vision without Execution is Hallucination." -- Thomas Edison

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20180201/697083d1/attachment.html>


More information about the Openstack mailing list