compute vlan network not able to send out dhcp requests

asked 2015-09-03 15:50:01 -0500

yee379 gravatar image

So... my compute node is configured with a vlan network; i can statically configure an ip address on a tagged network on a vm instance and i have full network connectively for that instance. however, when i try to run udhcpc on the (cirros) node, i cannot get dhcp... and i don't mean from the dhcp agent on the neutron node, i mean, i do not see the broadcast dhcp/bootp packets on other nodes on the same vlan (physical hosts, not vms). the weird thing is that i can sniff my bridge interface and i can see bootp packets exiting...

i'm running ovs without linux bridging on the hypervisor:

# ovs-vsctl show
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
        Port "veth-4-proxy"
            Interface "veth-4-proxy"
    Bridge br-int
        fail_mode: secure
        Port int-br-proxy
            Interface int-br-proxy
                type: patch
                options: {peer=phy-br-proxy}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
        Port "qvo154456c7-7b"
            tag: 3
            Interface "qvo154456c7-7b"
        Port int-br-tun
            Interface int-br-tun
                type: patch
                options: {peer=phy-br-tun}
    Bridge br-proxy
        Port "veth-proxy-4"
            Interface "veth-proxy-4"
        Port "em1"
            Interface "em1"
        Port br-proxy
            Interface br-proxy
                type: internal
        Port phy-br-proxy
            Interface phy-br-proxy
                type: patch
                options: {peer=int-br-proxy}
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-ac17630b"
            Interface "vxlan-ac17630b"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="", out_key=flow, remote_ip=""}
        Port "vxlan-ac17630a"
            Interface "vxlan-ac17630a"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="", out_key=flow, remote_ip=""}
    ovs_version: "2.3.1"

a tcpdump on br-proxy when the instance is requesting dhcp shows that the packet is tagged with vlan 1441 (correct). similarly a tcpdump on em1 also shows the same. i can track the packet from the tap interface all the way down without any problems:

fa:16:3e:f3:e2:7c > Broadcast, ethertype 802.1Q (0x8100), length 326: vlan 1441, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 308) > [udp sum ok] BOOTP/DHCP, Request from fa:16:3e:f3:e2:7c, length 280, xid 0x24693722, secs 484, Flags [none] (0x0000)
      Client-Ethernet-Address fa:16:3e:f3:e2:7c
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Discover
        Client-ID Option 61, length 7: ether fa:16:3e:f3:e2:7c
        MSZ Option 57, length 2: 576
        Parameter-Request Option 55, length 7:
          Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
          Domain-Name, BR, NTP
        Vendor-Class Option 60, length 12: "udhcp 1.20.1"
        END Option 255, length 0

my iptables on the node:

# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    neutron-openvswi-INPUT  all  --  anywhere             anywhere
2    ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
3    ACCEPT     icmp --  anywhere             anywhere
4    ACCEPT     all  --  anywhere             anywhere
5    ACCEPT     tcp  --  anywhere ...
1 answer

answered 2016-03-10 02:32:59 -0500

yee379 gravatar image

just to answer my own question....

so my environment uses Cisco Nexus switches (this seems to happen on both 5500's and 7ks). basically, if a ip helper/ip dhcp relay is defined on the SVI, then dhcp packets never make it to other layer2 ports on that vlan.

So just ensure that your dhcp server is in the ip dhcp relay address.

Asked: 2015-09-03 15:50:01 -0500

Seen: 520 times

Last updated: Mar 10 '16