Ask Your Question
1

dhcp reply not reaching vms

asked 2013-10-12 06:25:55 -0600

kevin gravatar image

updated 2014-01-22 15:12:45 -0600

Evgeny gravatar image

i have working dhcp agent,but vms are not getting any ip,eventhough dhcp is replying with ip address.

performed tcpdump on compute node and network node.

On network node:

Syslog:

dnsmasq-dhcp[36529]: DHCPDISCOVER(tap2c87ec29-e7) fa:16:3e:00:30:4a 
dnsmasq-dhcp[36529]: DHCPOFFER(tap2c87ec29-e7) 51.x.x.144 fa:16:3e:00:30:4a

ip netns exec qdhcp-fa15de05-d258-46ba-bab7-4240c346539a ip a

41: tap2c87ec29-e7: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
link/ether fa:16:3e:7b:b2:8b brd ff:ff:ff:ff:ff:ff
inet 51.x.x.143/27 brd 51.x.x.159 scope global tap2c87ec29-e7
inet 169.254.169.254/16 brd 169.254.255.255 scope global tap2c87ec29-e7
inet6 fe80::f816:3eff:fe7b:b28b/64 scope link 
valid_lft forever preferred_lft forever

tcpdump on tap2c87ec29-e7

ip netns exec qdhcp-fa15de05-d258-46ba-bab7-4240c346539a tcpdump -i tap2c87ec29-e7 port 67 or port 68

 16:18:35.116872 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:00:30:4a (oui Unknown), length 280
 16:18:35.117202 IP 51.x.x.143.bootps > 51.x.x.144.bootpc: BOOTP/DHCP, Reply, length 330

Compute Node:

tcpdump on compute node not showing any dhcp replys

 15:51:50.598801 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:00:30:4a (oui Unknown), length 280
 15:52:50.659482 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:00:30:4a (oui Unknown), length 280
  15:53:22.658542 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:00:30:4a (oui Unknown), length 280
   15:54:22.719993 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:00:30:4a (oui Unknown), length 280
   15:55:22.780596 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:00:30:4a (oui Unknown), length 280
    16:17:35.054924 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:00:30:4a (oui Unknown), length 280

For me it looks like dhcp replys are not leaving network node,and i dont have any blocking rules in iptables.Can any one help me in solving this.Also dhcp tap device is not accessible from outside world, can this be a reason for this,even though there is veth pair phy-br and int-br ,it is not reachable,is this expected?

ovs-vsctl list-ports br-int

  int-br-eth0
  tap2c87ec29-e7

I dont know how it can help

ovs-ofctl dump-flows br-eth0

   NXST_FLOW reply (xid=0x4):
   cookie=0x0, duration=220.865s, table=0, n_packets=2, n_bytes=180, idle_age=53, priority=4,in_port=7,dl_vlan=1     actions=strip_vlan,NORMAL
   cookie=0x0, duration=221.921s, table=0, n_packets=6, n_bytes=468, idle_age=212, priority=2,in_port=7 actions=drop
   cookie ...
(more)
edit retag flag offensive close merge delete

Comments

Is this a virtualized environment? If so you will probably need to enable promiscuous mode in VMware (or whatever) on the virtual NICs that are used by the interfaces in br-eth0. The dhcp request works because it is a broadcast, but the reply is a unicast.

darragh-oreilly gravatar imagedarragh-oreilly ( 2013-10-14 02:17:04 -0600 )edit

As i said dhcp is receiving broadcast and replying with ip i can see that in tcpdump and syslog but its not reaching guest nor host nic.

kevin gravatar imagekevin ( 2013-10-17 10:56:47 -0600 )edit

Was testing on virtual box vm setup, setting the promiscous mode worked for mw

SandeepSingla gravatar imageSandeepSingla ( 2014-06-08 21:03:43 -0600 )edit

3 answers

Sort by ยป oldest newest most voted
2

answered 2014-01-06 00:24:09 -0600

laocius gravatar image

this command works for me " iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill "

edit flag offensive delete link more

Comments

Yes, this "iptables" fix the problem for me. Could you please explain what this CLI did on Compute Node?

gao gravatar imagegao ( 2015-05-22 15:46:12 -0600 )edit
0

answered 2014-10-22 07:00:22 -0600

kevin gravatar image

updated 2014-10-22 07:02:57 -0600

issue was that ovs vlan id was wrong and i manually pushed flow with correct vlan tag and it started working using

ovs-ofctl add-flow
edit flag offensive delete link more
0

answered 2016-04-04 07:44:14 -0600

r00t gravatar image

Had the same problem on Solaris 11.3, with IPF firewall.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-10-12 06:25:55 -0600

Seen: 3,427 times

Last updated: Oct 22 '14