compute vlan network not able to send out dhcp requests
So... my compute node is configured with a vlan network; i can statically configure an ip address on a tagged network on a vm instance and i have full network connectively for that instance. however, when i try to run udhcpc on the (cirros) node, i cannot get dhcp... and i don't mean from the dhcp agent on the neutron node, i mean, i do not see the broadcast dhcp/bootp packets on other nodes on the same vlan (physical hosts, not vms). the weird thing is that i can sniff my bridge interface and i can see bootp packets exiting...
i'm running ovs without linux bridging on the hypervisor:
# ovs-vsctl show
0ae9317c-5782-4c18-acee-704e6aacf589
Bridge br-ex
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Port br-ex
Interface br-ex
type: internal
Port "veth-4-proxy"
Interface "veth-4-proxy"
Bridge br-int
fail_mode: secure
Port int-br-proxy
Interface int-br-proxy
type: patch
options: {peer=phy-br-proxy}
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port br-int
Interface br-int
type: internal
Port "qvo154456c7-7b"
tag: 3
Interface "qvo154456c7-7b"
Port int-br-tun
Interface int-br-tun
type: patch
options: {peer=phy-br-tun}
Bridge br-proxy
Port "veth-proxy-4"
Interface "veth-proxy-4"
Port "em1"
Interface "em1"
Port br-proxy
Interface br-proxy
type: internal
Port phy-br-proxy
Interface phy-br-proxy
type: patch
options: {peer=int-br-proxy}
Bridge br-tun
fail_mode: secure
Port br-tun
Interface br-tun
type: internal
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port "vxlan-ac17630b"
Interface "vxlan-ac17630b"
type: vxlan
options: {df_default="true", in_key=flow, local_ip="172.23.99.12", out_key=flow, remote_ip="172.23.99.11"}
Port "vxlan-ac17630a"
Interface "vxlan-ac17630a"
type: vxlan
options: {df_default="true", in_key=flow, local_ip="172.23.99.12", out_key=flow, remote_ip="172.23.99.10"}
ovs_version: "2.3.1"
a tcpdump on br-proxy when the instance is requesting dhcp shows that the packet is tagged with vlan 1441 (correct). similarly a tcpdump on em1 also shows the same. i can track the packet from the tap interface all the way down without any problems:
fa:16:3e:f3:e2:7c > Broadcast, ethertype 802.1Q (0x8100), length 326: vlan 1441, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 308)
0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from fa:16:3e:f3:e2:7c, length 280, xid 0x24693722, secs 484, Flags [none] (0x0000)
Client-Ethernet-Address fa:16:3e:f3:e2:7c
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether fa:16:3e:f3:e2:7c
MSZ Option 57, length 2: 576
Parameter-Request Option 55, length 7:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
Domain-Name, BR, NTP
Vendor-Class Option 60, length 12: "udhcp 1.20.1"
END Option 255, length 0
my iptables on the node:
# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 neutron-openvswi-INPUT all -- anywhere anywhere
2 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
3 ACCEPT icmp -- anywhere anywhere
4 ACCEPT all -- anywhere anywhere
5 ACCEPT tcp -- anywhere ...