Ask Your Question

Why do ebtables rules with share_dhcp_address block arp traffic?

asked 2013-05-28 13:43:23 -0500

vingup2005 gravatar image

updated 2013-06-11 10:25:24 -0500

fifieldt gravatar image

We have openstack folsom installed on ubuntu in multi_host mode.

We decided to apply the shared_dhcp_address patch because we were using a lot of small tenants on a medium-ish cluster (50+ compute nodes).

However after application of the patch we found that the hypervisor is unable to ping a VM on another hypervisor. Before the patch this was working successfully.

The ebtables rules installed as part of the patch are blocking arp traffic made by the dnsmasq gateway IP.

What is the real reason behind putting those ebtables rules? What we have found that when we dropped the rules (manually), the communication seems to go through. So want to understand what is the purpose of those rules.

[ Look at isolate_dhcp_address() in ]

edit retag flag offensive close merge delete


I want to push this question as I have seen the same thing and blocking ARP means blocking DHCP, too. So why are these ebtables rules there?

Mathias Ewald gravatar imageMathias Ewald ( 2014-01-26 04:50:49 -0500 )edit

The way to push the question is to vote it up, share it via social networks. This site is not a forum, there is no 'bumping'

smaffulli gravatar imagesmaffulli ( 2014-01-27 17:41:11 -0500 )edit

1 answer

Sort by » oldest newest most voted

answered 2014-04-21 06:28:50 -0500

fifieldt gravatar image

I suspect this might be better answered if filed as a bug.

edit flag offensive delete link more


Yes, even in later release we are seeing anti mac & arp spoofing.

SGPJ gravatar imageSGPJ ( 2014-04-21 06:36:33 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2013-05-28 13:43:23 -0500

Seen: 1,061 times

Last updated: Apr 21 '14