Ask Your Question
0

compute vlan network not able to send out dhcp requests

asked 2015-09-03 15:50:01 -0500

yee379 gravatar image

So... my compute node is configured with a vlan network; i can statically configure an ip address on a tagged network on a vm instance and i have full network connectively for that instance. however, when i try to run udhcpc on the (cirros) node, i cannot get dhcp... and i don't mean from the dhcp agent on the neutron node, i mean, i do not see the broadcast dhcp/bootp packets on other nodes on the same vlan (physical hosts, not vms). the weird thing is that i can sniff my bridge interface and i can see bootp packets exiting...

i'm running ovs without linux bridging on the hypervisor:

# ovs-vsctl show
0ae9317c-5782-4c18-acee-704e6aacf589
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
        Port "veth-4-proxy"
            Interface "veth-4-proxy"
    Bridge br-int
        fail_mode: secure
        Port int-br-proxy
            Interface int-br-proxy
                type: patch
                options: {peer=phy-br-proxy}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
        Port "qvo154456c7-7b"
            tag: 3
            Interface "qvo154456c7-7b"
        Port int-br-tun
            Interface int-br-tun
                type: patch
                options: {peer=phy-br-tun}
    Bridge br-proxy
        Port "veth-proxy-4"
            Interface "veth-proxy-4"
        Port "em1"
            Interface "em1"
        Port br-proxy
            Interface br-proxy
                type: internal
        Port phy-br-proxy
            Interface phy-br-proxy
                type: patch
                options: {peer=int-br-proxy}
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-ac17630b"
            Interface "vxlan-ac17630b"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="172.23.99.12", out_key=flow, remote_ip="172.23.99.11"}
        Port "vxlan-ac17630a"
            Interface "vxlan-ac17630a"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="172.23.99.12", out_key=flow, remote_ip="172.23.99.10"}
    ovs_version: "2.3.1"

a tcpdump on br-proxy when the instance is requesting dhcp shows that the packet is tagged with vlan 1441 (correct). similarly a tcpdump on em1 also shows the same. i can track the packet from the tap interface all the way down without any problems:

fa:16:3e:f3:e2:7c > Broadcast, ethertype 802.1Q (0x8100), length 326: vlan 1441, p 0, ethertype IPv4, (tos 0x0, ttl 64, id 0, offset 0, flags [none], proto UDP (17), length 308)
    0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from fa:16:3e:f3:e2:7c, length 280, xid 0x24693722, secs 484, Flags [none] (0x0000)
      Client-Ethernet-Address fa:16:3e:f3:e2:7c
      Vendor-rfc1048 Extensions
        Magic Cookie 0x63825363
        DHCP-Message Option 53, length 1: Discover
        Client-ID Option 61, length 7: ether fa:16:3e:f3:e2:7c
        MSZ Option 57, length 2: 576
        Parameter-Request Option 55, length 7:
          Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
          Domain-Name, BR, NTP
        Vendor-Class Option 60, length 12: "udhcp 1.20.1"
        END Option 255, length 0

my iptables on the node:

# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    neutron-openvswi-INPUT  all  --  anywhere             anywhere
2    ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
3    ACCEPT     icmp --  anywhere             anywhere
4    ACCEPT     all  --  anywhere             anywhere
5    ACCEPT     tcp  --  anywhere ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-03-10 02:32:59 -0500

yee379 gravatar image

just to answer my own question....

so my environment uses Cisco Nexus switches (this seems to happen on both 5500's and 7ks). basically, if a ip helper/ip dhcp relay is defined on the SVI, then dhcp packets never make it to other layer2 ports on that vlan.

https://supportforums.cisco.com/docum...

So just ensure that your dhcp server is in the ip dhcp relay address.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-09-03 15:50:01 -0500

Seen: 520 times

Last updated: Mar 10 '16