Why do ebtables rules with share_dhcp_address block arp traffic?

asked 2013-05-28 13:43:23 -0600

vingup2005 gravatar image

updated 2013-06-11 10:25:24 -0600

fifieldt gravatar image

We have openstack folsom installed on ubuntu in multi_host mode.

We decided to apply the shared_dhcp_address patch because we were using a lot of small tenants on a medium-ish cluster (50+ compute nodes).

However after application of the patch we found that the hypervisor is unable to ping a VM on another hypervisor. Before the patch this was working successfully.

The ebtables rules installed as part of the patch are blocking arp traffic made by the dnsmasq gateway IP.

What is the real reason behind putting those ebtables rules? What we have found that when we dropped the rules (manually), the communication seems to go through. So want to understand what is the purpose of those rules.


[ Look at isolate_dhcp_address() in https://review.openstack.org/#/c/16578/6/nova/network/linux_net.py ]

edit retag flag offensive close merge delete


I want to push this question as I have seen the same thing and blocking ARP means blocking DHCP, too. So why are these ebtables rules there?

Mathias Ewald gravatar imageMathias Ewald ( 2014-01-26 04:50:49 -0600 )edit

The way to push the question is to vote it up, share it via social networks. This site is not a forum, there is no 'bumping'

smaffulli gravatar imagesmaffulli ( 2014-01-27 17:41:11 -0600 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2014-04-21 06:28:50 -0600

fifieldt gravatar image

I suspect this might be better answered if filed as a bug. https://bugs.launchpad.net/nova/+filebug

edit flag offensive delete link more


Yes, even in later release we are seeing anti mac & arp spoofing.

SGPJ gravatar imageSGPJ ( 2014-04-21 06:36:33 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2013-05-28 13:43:23 -0600

Seen: 1,098 times

Last updated: Apr 21 '14