how br-tun and br-int communicate

asked 2019-01-11

  • VM connected to br-int .
  • Host physical port is connected to br-tun.

  • VTEP IPs configured on br-tun

In my compute hosts, br-tun and br-int are not connected using any patch ports. still my VMs are able to communicate with each other.

I'm suprised how packets received on br-int are send to br-tun..?

Consider br-prv in the below output is br-tun/br-eth. And dpdk interfaces are physical ports of host.

root@compute-0-1:~# ovs-vsctl show
    Bridge br-prv
        Port bond-prv
            Interface "dpdk0"
                type: dpdk
                options: {dpdk-devargs="0000:01:00.0", n_rxq="2"}
            Interface "dpdk1"
                type: dpdk
                options: {dpdk-devargs="0000:01:00.1", n_rxq="2"}
        Port br-prv
            tag: 1016
            Interface br-prv
                type: internal
    Bridge br-int
        Controller "tcp:"
            is_connected: true
        fail_mode: secure
        Port "tund2a62a3f00d"
            Interface "tund2a62a3f00d"
                type: gre
                options: {local_ip="", packet_type="legacy_l3", remote_ip=""}
        Port "vhu0f006663-11"
            Interface "vhu0f006663-11"
                type: dpdkvhostuser
        Port br-int
            Interface br-int
                type: internal


root@compute-0-1:~# ip route dev br-prv  proto kernel  scope link  src
answered 2020-06-26

I assume you mean that VMs on this specific compute host can communicate. That makes sense, because all VMs are going to connect into the br-int bridge. Let's say they query for a DHCP address. Maybe that vhostuser DPDK port has access to a DHCP server, which would give every VM an address in same segment range. There IS no br-tun up there. And your tunnel is sitting on br-int. I have always seen a br-tun bridge used for the tunneling in OpenStack. The br-int bridge is supposed to be strictly for connecting VM taps, and to connect to other bridges (which may have interfaces).

