Ask Your Question

IGMP snooping/query support in Openvswitch

asked 2013-12-11 01:59:42 -0600

tcheung gravatar image

updated 2013-12-13 17:17:06 -0600

Askbot gravatar image

As I know, Openvswitch is a L2 virtual switch that currently does not support IGMP snooping/query. (This has been confirmed from Openvswitch mailing list.)

We are running 2 VM (VM-A and VM-B) under same VLAN on the same OpenStack compute node (Grizzly version) with Openvswitch (v1.9.0). Both VM-A and VM-B are in same security group. Theoretically, if only VM-A has joined the multicast group, VM-B can also receive this multicast traffic even VM-B has not join the group (since there’s no IGMP snooping/query implementation in Openvswitch)

However in our experiment, VM-B would not receive the multicast traffic joined by VM-A. The effect like Openvswitch has already supported IGMP snooping/query. Is there anything we have missed?

edit retag flag offensive close merge delete


Security groups maybe?

darragh-oreilly gravatar imagedarragh-oreilly ( 2013-12-11 05:42:27 -0600 )edit

Hi darragh, both VM-A and VM-B are in same security group

tcheung gravatar imagetcheung ( 2013-12-13 01:03:52 -0600 )edit

@tcheung - any solution for this? I'm looking for the same answer.

cnkcb gravatar imagecnkcb ( 2014-08-29 11:12:33 -0600 )edit

4 answers

Sort by » oldest newest most voted

answered 2013-12-13 03:06:40 -0600

darragh-oreilly gravatar image

I'm not sure that means that all traffic will be passed. You can run tcpdump on the various interfaces that ovs hybrid vif driver creates. Then you should see if the packet is being dropped by the iptables rules from security groups. Or just try disabling them, by using the generic vif driver.

edit flag offensive delete link more

answered 2014-06-05 02:29:23 -0600

Liping Mao gravatar image

As I know, neutron-l3-agent does not support IGMP, so you must use external phy Router here. BTW, Are VMA and VMB on the same compute node? If they are on different node?

edit flag offensive delete link more

answered 2014-08-29 12:09:40 -0600

cnkcb gravatar image

Add firewall rule to allow IGMP protocol;

In Havana/Horizon Access & Security, edit default rules and add a new rule;

  • Rule: Other Protocol
  • Direction: Ingress
  • IP Protocol: 2
  • Remote: CIDR
  • CIDR:
edit flag offensive delete link more

answered 2014-03-11 02:27:56 -0600

yadidi gravatar image

what's the ending, please?

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2013-12-11 01:59:42 -0600

Seen: 2,753 times

Last updated: Aug 29 '14