(Newton) SNAT drop default traffic

asked 2017-09-27 19:05:54 -0600

Planck-C gravatar image

Setup: one controller/network node (two other nodes are disabled for debugging purpose) running snat; 3x compute nodes with dvr.

Symptom: 1) VMs can reach provider network gw via FIP - OK; 2) VMSs without FIP can not reach provider network. Tracing packets reveal that arp can reach controller snat; then into br-int then br-ex. But flow rule show br-ex to drop the packet:

br-ex flow rules: ovs-ofctl dump-flows br-ex table=0 NXST_FLOW reply (xid=0x4): cookie=0xa17bdbc1ee2b5660, duration=6717.517s, table=0, n_packets=354, n_bytes=21600, idle_age=568, priority=2,in_port=1 actions=resubmit(,1) cookie=0xa17bdbc1ee2b5660, duration=6717.852s, table=0, n_packets=0, n_bytes=0, idle_age=9736, priority=0 actions=NORMAL cookie=0xa17bdbc1ee2b5660, duration=6717.516s, table=0, n_packets=4435, n_bytes=318022, idle_age=5, priority=1 actions=resubmit(,3)

ovs-ofctl dump-flows br-ex table=1 NXST_FLOW reply (xid=0x4): cookie=0xa17bdbc1ee2b5660, duration=6749.800s, table=1, n_packets=354, n_bytes=21600, idle_age=601, priority=0 actions=resubmit(,2)

ovs-ofctl dump-flows br-ex table=2 NXST_FLOW reply (xid=0x4): cookie=0xa17bdbc1ee2b5660, duration=6790.906s, table=2, n_packets=354, n_bytes=21600, idle_age=642, priority=2,in_port=1 actions=drop

ovs-vsctl show: Bridge br-int Controller "tcp:" fail_mode: secure Port "qg-14127f17-20" tag: 1 Interface "qg-14127f17-20" type: internal Port int-br-ex Interface int-br-ex type: patch options: {peer=phy-br-ex} Port "tap13d9a8d7-62" tag: 4 Interface "tap13d9a8d7-62" type: internal Port "qr-cb9d8b4b-33" tag: 2 Interface "qr-cb9d8b4b-33" type: internal Port "sg-35a9d87d-42" tag: 2 Interface "sg-35a9d87d-42" type: internal Port int-br-ex-pub Interface int-br-ex-pub type: patch options: {peer=phy-br-ex-pub} Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int}

Bridge br-ex Controller "tcp:" fail_mode: secure Port "bond0.363" Interface "bond0.363" Port br-ex Interface br-ex type: internal Port phy-br-ex Interface phy-br-ex type: patch options: {peer=int-br-ex}

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2017-09-27 22:52:59 -0600

Planck-C gravatar image

Ahhh - the infamous restarts come to the rescue: stop neutron-openvswitch-agent.service, restart openvswitch.service, start neutron-openvswitch-agent.service.

now br-ex has the flow to strip-vlan and does the normal forwarding:

NXST_FLOW reply (xid=0x4): cookie=0xad340cd9b136afd0, duration=1302.571s, table=0, n_packets=70, n_bytes=4060, idle_age=622, priority=4,in_port=1,dl_v lan=1 actions=strip_vlan,NORMAL cookie=0xad340cd9b136afd0, duration=1304.226s, table=0, n_packets=9, n_bytes=1050, idle_age=1226, priority=2,in_port=1 acti ons=resubmit(,1) cookie=0xad340cd9b136afd0, duration=1304.574s, table=0, n_packets=0, n_bytes=0, idle_age=1304, priority=0 actions=NORMAL cookie=0xad340cd9b136afd0, duration=1304.225s, table=0, n_packets=314, n_bytes=26028, idle_age=7, priority=1 actions=resubm it(,3)

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2017-09-27 18:26:11 -0600

Seen: 210 times

Last updated: Sep 27 '17