VLAN tagged packets getting dropped at physical switch in multi-node openstack setup

asked 2015-08-21 08:26:04 -0500

Markus gravatar image

Hello,

I have a 2 node openstack setup (controller/network+compute) with VLAN tenant networks setup with devstack. I'm using the ml2 plugin with openvswitch-agent. I have a management, public and 2 data interfaces on both nodes. The management and public are using access ports, while the data interfaces are connected to trunk ports, the first one allowing ranges 3200-3299 and the second 3300-3399.

I have created an ovs bridge "br-vlan" and attached both data interfaces-enp3s0f0 and enp3s0f1-to it. Below is some ovs output and ml2_conf.ini :

[user@sut1-server15 ~]$ sudo ovs-vsctl show
85c790fc-036b-4279-a269-404dac2a1895
    Bridge br-vlan
        Port "enp3s0f0"
            Interface "enp3s0f0"
        Port phy-br-vlan
            Interface phy-br-vlan
                type: patch
                options: {peer=int-br-vlan}
        Port br-vlan
            Interface br-vlan
                type: internal
        Port "enp3s0f1"
            Interface "enp3s0f1"
    Bridge br-int
        fail_mode: secure
        Port "qr-8ba273db-ca"
            tag: 1
            Interface "qr-8ba273db-ca"
                type: internal
        Port int-br-vlan
            Interface int-br-vlan
                type: patch
                options: {peer=phy-br-vlan}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "tap06819088-e4"
            tag: 1
            Interface "tap06819088-e4"
                type: internal
        Port "tapf7aa8858-df"
            tag: 2
            Interface "tapf7aa8858-df"
                type: internal
        Port "qr-b436675d-d5"
            tag: 2
            Interface "qr-b436675d-d5"
                type: internal
        Port br-int
            Interface br-int
                type: internal


[user@sut1-server15 ~]$ cat /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
tenant_network_types = vlan
extension_drivers = port_security
type_drivers = local,flat,vlan,gre,vxlan
mechanism_drivers = openvswitch,linuxbridge

[ml2_type_vlan]
network_vlan_ranges = public,vlan:3200:3399

[ovs]
bridge_mappings = public:br-ex,vlan:br-vlan

The public interface is connected to br-ex but we don't need to worry about that one at the moment since I just want to get the tenant traffic to work.

I can succesfully create the vlan network in openstack and attach a router to it. The dhcp-agent is also active and I can see it in my controller's namespace. I'm able to ping the router from the dhcp-agent and vice versa.

Once I boot up a VM in the network, it sends DHCP requests but it doesn't reach the dhcp-agent. In fact, it doesn't even reach the physical interface on the controller. The way I tested this was to run tcpdump on these interfaces on the compute node: tapXXX (the VM), br-int, br-vlan, ens255f0 (the physical interface). Below is the tcpdump output:

[user@sut1-server13 ~]$ sudo tcpdump -i ens255f0 -e port 67 or port 68
tcpdump: WARNING: ens255f0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens255f0, link-type EN10MB (Ethernet), capture size 65535 bytes
00:16:24.001105 fa:16:3e:04:e6:76 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 326: vlan 3200, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:04:e6:76 (oui Unknown), length 280
00:16:27.004823 fa:16:3e:04:e6:76 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 326: vlan 3200, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:04:e6:76 (oui Unknown), length 280

However, the packets never reach the controller. The packet flow ... (more)

edit retag flag offensive close merge delete