Ask Your Question
0

Why would an OVS bridge not forward ARP

asked 2012-09-20 23:07:13 -0500

sunil-srivastava gravatar image

Bridge "br-eth0" Port "br-eth0" Interface "br-eth0" type: internal Port "eth0" Interface "eth0" Port "phy-br-eth0" Interface "phy-br-eth0" Bridge br-int Port "tap55d1e5e8-ab" tag: 1 Interface "tap55d1e5e8-ab" type: internal Port "qr-4b50a17d-3c" tag: 1 Interface "qr-4b50a17d-3c" type: internal Port "int-br-eth0" Interface "int-br-eth0" Port "tape8d6e0a5-52" tag: 1 Interface "tape8d6e0a5-52" Port "tap6176588e-48" tag: 1 Interface "tap6176588e-48" Port br-int Interface br-int type: internal

I can see ARP packets sent from int-br-eth0 to phy-br-eth0 but not to upstream eth0.

So we cannot ping from one VM (or DHCP NetNS) on one machine to another VM on another machine.

I see the ping triggering ARPs. The Tx counter of int-br-eth0 and Rx counter of phy-br-eth0 were also corelated with ping.

edit retag flag offensive close merge delete

25 answers

Sort by ยป oldest newest most voted
0

answered 2012-09-20 23:23:01 -0500

Can you also provide the output of:

ovs-ofctl dump-flows br-int ovs-ofctl dump-flows br-eth0

edit flag offensive delete link more
0

answered 2012-09-20 23:55:49 -0500

sunil-srivastava gravatar image

$ sudo ovs-ofctl dump-flows br-int NXST_FLOW reply (xid=0x4): cookie=0x0, duration=27644.955s, table=0, n_packets=285993, n_bytes=36330627, priority=2,in_port=20 actions=drop cookie=0x0, duration=27645.393s, table=0, n_packets=38985, n_bytes=7265979, priority=1 actions=NORMAL $ sudo ovs-ofctl dump-flows br-eth0 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=27656.544s, table=0, n_packets=7708, n_bytes=326108, priority=2,in_port=5 actions=drop cookie=0x0, duration=27656.901s, table=0, n_packets=299545, n_bytes=37154475, priority=1 actions=NORMAL

edit flag offensive delete link more
0

answered 2012-09-21 00:29:56 -0500

sunil-srivastava gravatar image

This is a sample when ping was going on and failing.

stack@esg-dell-c4-s11:~$ sudo ovs-ofctl dump-flows br-eth0 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=30832.687s, table=0, n_packets=7717, n_bytes=326498, priority=2,in_port=5 actions=drop cookie=0x0, duration=30833.044s, table=0, n_packets=336783, n_bytes=41878623, priority=1 actions=NORMAL stack@esg-dell-c4-s11:~$ sudo ovs-ofctl dump-flows br-eth0 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=30835.541s, table=0, n_packets=7717, n_bytes=326498, priority=2,in_port=5 actions=drop cookie=0x0, duration=30835.898s, table=0, n_packets=336806, n_bytes=41881064, priority=1 actions=NORMAL stack@esg-dell-c4-s11:~$ sudo ovs-ofctl dump-flows br-eth0 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=30845.057s, table=0, n_packets=7720, n_bytes=326628, priority=2,in_port=5 actions=drop cookie=0x0, duration=30845.414s, table=0, n_packets=336907, n_bytes=41893018, priority=1 actions=NORMAL stack@esg-dell-c4-s11:~$ sudo ovs-ofctl dump-flows br-eth0 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=30847.233s, table=0, n_packets=7722, n_bytes=326712, priority=2,in_port=5 actions=drop cookie=0x0, duration=30847.59s, table=0, n_packets=336925, n_bytes=41895113, priority=1 actions=NORMAL stack@esg-dell-c4-s11:~$ sudo ovs-ofctl dump-flows br-eth0 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=30853.972s, table=0, n_packets=7729, n_bytes=327006, priority=2,in_port=5 actions=drop cookie=0x0, duration=30854.329s, table=0, n_packets=337000, n_bytes=41903665, priority=1 actions=NORMAL stack@esg-dell-c4-s11:~$ sudo ovs-ofctl dump-flows br-eth0 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=30861.609s, table=0, n_packets=7736, n_bytes=327300, priority=2,in_port=5 actions=drop cookie=0x0, duration=30861.966s, table=0, n_packets=337083, n_bytes=41911871, priority=1 actions=NORMAL stack@esg-dell-c4-s11:~$ sudo ovs-ofctl dump-flows br-eth0 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=30873.43s, table=0, n_packets=7748, n_bytes=327804, priority=2,in_port=5 actions=drop cookie=0x0, duration=30873.787s, table=0, n_packets=337217, n_bytes=41927882, priority=1 actions=NORMAL stack@esg-dell-c4-s11:~$ sudo ovs-ofctl dump-flows br-eth0 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=30886.031s, table=0, n_packets=7761, n_bytes=328350, priority=2,in_port=5 actions=drop cookie=0x0, duration=30886.388s, table=0, n_packets=337345, n_bytes=41942673, priority=1 actions=NORMAL stack@esg-dell-c4-s11:~$ sudo ovs-ofctl dump-flows br-eth0 NXST_FLOW reply (xid=0x4): cookie=0x0, duration=30902.643s, table=0, n_packets=7780, n_bytes=329156, priority=2,in_port=5 actions=drop cookie=0x0, duration=30903s, table=0, n_packets=337542, n_bytes=41964462, priority=1 actions=NORMAL

edit flag offensive delete link more
0

answered 2012-09-21 00:35:49 -0500

sunil-srivastava gravatar image

--- 10.0.0.6 ping statistics --- 70 packets transmitted, 0 received, +65 errors, 100% packet loss, time 69300ms

The drops packets (7780-7717 = 63) come close to 65 errors but not sure if 100% co relation can be made.

But we did tcp dump on ARPs for src IP on Rx and Tx side.

Rx side showed ARP packets coming and Tx side showed no ARP Packets leaving.

edit flag offensive delete link more
0

answered 2012-09-21 00:36:35 -0500

Hi Sunil,

Is the host (or switch attached to eth0) configured to recieve a packet with a vlan tag on it? If a packet is sent from [tape8d6e0a5-52 or tap6176588e-48] the ARP request will enter int-br-eth0(and a vlan tag of 1 will be added to the packet). Then the request will enter br-eth0 with this vlan tag and then exit eth0.

The other option is that: if you do a ovs-dpctl show, eth0 cordinates to port 5 in which case the packets won't be forwarded on due to the drop rule in your flow table for br-eth0.

edit flag offensive delete link more
0

answered 2012-09-21 00:48:17 -0500

sunil-srivastava gravatar image

Hi Aaron,

Please see this outout. It is phy-br-eth0.

stack@esg-dell-c4-s11:~$ sudo ovs-ofctl show br-eth0 OFPT_FEATURES_REPLY (xid=0x1): ver:0x1, dpid:000000219bc9d983 n_tables:255, n_buffers:256 features: capabilities:0xc7, actions:0xfff 5(phy-br-eth0): addr:06:ee:0f:8c:92:b3 config: 0 state: 0 current: 10GB-FD COPPER 8(eth0): addr:00:21:9b:c9:d9:83 config: 0 state: 0 current: 1GB-FD FIBER AUTO_NEG advertised: 1GB-FD AUTO_NEG supported: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER FIBER AUTO_NEG LOCAL(br-eth0): addr:00:21:9b:c9:d9:83 config: PORT_DOWN state: LINK_DOWN OFPT_GET_CONFIG_REPLY (xid=0x3): frags=normal miss_send_len=0

edit flag offensive delete link more
0

answered 2012-09-21 00:53:06 -0500

sunil-srivastava gravatar image

The switch is connected to eth0 and configured to take VLAN #1 and set in trunk mode.

edit flag offensive delete link more
0

answered 2012-09-21 01:18:44 -0500

Looks like br-eth0 is down, I'm not sure if that would stop if from forwarding packets. Can you try ifconfig br-eth0 up; and see if that changes anything? You're sure if you tcpdump on eth0 you don't see any of these arps?

Also:

cookie=0x0, duration=30902.643s, table=0, n_packets=7780, n_bytes=329156, priority=2,in_port=5 actions=drop

would block the returning ARP reply (though if it's not making it out eth0, that doesn't matter yet).

Are you using a particular plugin and it's not working as expected?

edit flag offensive delete link more
0

answered 2012-09-21 02:33:04 -0500

gongysh gravatar image

can u list the network and show the network you are using: quantum net-list quantum net-show

and make sure the ovs-quantum-agent is active. It seems your flows in ovs bridge are not set well.

edit flag offensive delete link more
0

answered 2012-09-21 05:20:44 -0500

sunil-srivastava gravatar image

Hi Aaron,

I am leaving on some trip, and would not have access.

The br-eth0 is up and tried that still but did not work.

stack@esg-dell-c4-s11:~/gitstack/devstack$ ifconfig br-eth0 Link encap:Ethernet HWaddr 00:21:9b:c9:d9:83 inet6 addr: fe80::221:9bff:fec9:d983/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:660411 errors:0 dropped:1883 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:84199314 (84.1 MB) TX bytes:468 (468.0 B)

Sunil.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-09-20 23:07:13 -0500

Seen: 1,850 times

Last updated: Sep 26 '12