Ask Your Question
1

Quantum ARP Response Not Forwarded

asked 2013-10-30 17:07:31 -0500

jborak gravatar image

Hi,

My configuration is an all-in-one using Grizzly+Quantum with one physical nic. Namespaces are turned on and GRE tunnels are used in my OVS plugin configuration. I can create public/private networks, VM instances, ping between VMs and networks connected via the routers.

My host IP is 192.168.0.50 (received by the dhcp server on the network my AIO is on) and my Grizzly public network, 192.168.0.0/24, starts at 192.168.0.200-240. I can associate floating IPs just fine. I can also ping the router (interface 192.168.0.200) that is connecting my private network to the public network from the VMs. I can also ping this IP, 192.168.0.200, from the host as well.

Other (external) hosts on the network can't ping the router though. I run tcpdump on the eth0 of the Grizzly host and I can see the ARP request, but it sends no response. Tcpdump on the router (using ip netns exec qrouter-xyz) also reveals that the ARP request makes it there to, so that's good.

root@controller01:~# tcpdump -i br-ex -n -vvv | grep "192.168.0.240"
tcpdump: listening on br-ex, link-type EN10MB (Ethernet), capture size 65535 bytes
18:04:14.022551 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.240 tell 192.168.0.247, length 46

An ARP response is being generated and sent out, I can see it in tcpdump running on the qrouter-xyz interface (.240).

root@controller01:~# ip netns exec qrouter-5d5d23ec-63a6-4d34-871e-b33c82e19f7a tcpdump -i qg-a177332e-46 -n -vvv | grep "192.168.0.240"
tcpdump: listening on qg-a177332e-46, link-type EN10MB (Ethernet), capture size 65535 bytes
18:04:14.022552 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.0.240 tell 192.168.0.247, length 46
18:04:14.022633 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.0.240 is-at fa:16:3e:89:ef:61, length 28

I'm almost sure that its just not being routed or forwarded outside of the host because the tcpdump I've running on the host NIC (br-ex specifically) is not showing any ARP response packet. I've been searching for a way to resolve this but haven't found one yet.

Some information if it helps:

Here is the routing table for my qrouter-xyz:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 qg-a177332e-46    
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-a177332e-46    
192.168.14.0    0.0.0.0         255.255.255.0   U     0      0        0 qr-313d7856-a3

Routing table for the host:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 br-ex
192.168.0.0     0.0.0.0         255.255.255.0 ...
(more)
edit retag flag offensive close merge delete

Comments

The arp reply will be a unicast not destined for br-ex. Tcpdump on eth0 instead and use -e to see the mac headers. You probably need to enable promiscuous mode on eth0, or on a virtualbox/vmware nic if the host is a vm.

darragh-oreilly gravatar imagedarragh-oreilly ( 2013-10-30 17:41:50 -0500 )edit

Thanks for the tip, I can see the ARP response created by the qrouter passing through the Grizzly host and received by the external host. I then turned on promisc on br-ex and eth0 and pinging the qrouter still does not work. I used tcpdump to check all incoming icmp traffic, ping to .240 qrouter still isn't received by Grizzly host.

jborak gravatar imagejborak ( 2013-10-31 09:32:07 -0500 )edit

I added a route from the external host to the qrouter via the Grizzly host (.196) - route add 192.168.0.240 netmask 255.255.255.255 gw 192.168.0.196. So the grizzly host now receives the icmp but it stops there. I think I'm suffering from a larger question and that is how to tell the existing router (.0.1) on my external network, which my Grizzly host connects to, to route those floating ip's through my Grizzly host. Otherwise I would have to statically add routes for every external host which wants to connect to a VM.

jborak gravatar imagejborak ( 2013-10-31 09:43:55 -0500 )edit

What interface is 192.168.0.196 on? - I thought you had 192.168.0.50 on br-ex? There should be no IP address on eth0.

darragh-oreilly gravatar imagedarragh-oreilly ( 2013-10-31 10:50:29 -0500 )edit

My mistake, the Grizzly host is 192.168.0.50. You're right, there is no ip associated to eth0, only br-ex. Eth0 is attached to br-ex using ovs-vsctl add-port and during boot up I have some lines of shell script which pull the ip of eth0, the gateway, and set it to br-ex, setting the eth0 to 0.0.0.0.

jborak gravatar imagejborak ( 2013-10-31 10:56:04 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
2

answered 2014-01-20 09:30:48 -0500

jborak gravatar image

Resolution to this answer and my network issues required two changes to my configuration. The most important change was turning on promiscuous mode in the virtual network that my OpenStack guest on ESXi was connected to. I assumed incorrectly that it was turned on by default.

Be careful if you are trying out OpenStack in a virtual machine, if you're using VMWare it will disable promiscuous mode for security reasons. If you're using KVM or VirtualBox I think you might be okay out of the box but double check.

The next change I made was to my OVS plugin configuration. I use a GRE configuration and did not set local_ip to the IP address of the OpenStack host. Setting this fixed the tunneling.

Networking finally works!

edit flag offensive delete link more

Comments

I have the same question. I install openstack on the VMware Player. As your answer above, i can not turn on promiscuous mode of eth0? When i excute the cmd: ifconfig eth0 promise, it do not show any tips of error, so this mean that i turn on promiscuous successfully?

adam_ping gravatar imageadam_ping ( 2016-01-30 00:27:00 -0500 )edit

By the way, can you share your config to me?

adam_ping gravatar imageadam_ping ( 2016-01-30 00:27:19 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-10-30 17:07:31 -0500

Seen: 2,106 times

Last updated: Jan 20 '14