Ask Your Question
0

vm vxlan communication

asked 2015-12-07 13:31:41 -0500

aksan gravatar image

updated 2015-12-08 11:04:11 -0500

Suppose I have created two networks net1 and net2. I have 2 compute nodes ,compute1 and compute2.

I have 4 VMs (respective network and compute node is mentioned) vm1: network->net1 hypervisor->compute1 ;; vm2: network->net1 hypervisor->compute2 ;; vm3: network->net2 hypervisor->compute1 ;; vm4: network->net2 hypervisor->compute2;;

I have a router which connects net1 and net2.

Now if i ping from vm1 to vm2 and do a tcpdump on compute1, i can see a vxlan id = 1040. When i ping from vm1 to vm3, i see 2 request and reply with 2 vxlan id 1040 and 1046. Why the icmp packet is even captured by tcpdump if the VMs are on same hypervisor?

Since net1 has 1040 vxlan id and net2 has 1046 vxlan id ,when vm1 ping to vm4 , which vxlan id will be used ?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-12-09 05:32:22 -0500

Prateek K gravatar image

From the information that you have shared what I can say is the person who is incharge here is the network node not the compute node.

The compute node has openvswitch agent which is the core services who does this segmentation and creates the flows. You can even see the flows via command ovs-ofctl dump-flows <bridge_name>

So in your case what is happening as the VM's are in different network OVS sitting on compute node is unaware about it as the VXLAN id changes. So the service passes it to the data port which is connected to network node. Its the router sitting on the network node who acts as a common person between the two networks and sends it again to the compute node but with different VXLAN id or the id in which the instance is present which is to be pinged.

Just see the flows on OVS for all the bridges on compute and network node and you will find your answer. Also see the network namespace of the router on the network node and do a tcpdump inside the namespace that will give you more clarity.

What I guess is confusing you is vxlan has things like l2 learning and arp_responder which is not getting used in this case as they are not in same network.

edit flag offensive delete link more

Comments

In my case, the network service is running on controller node with DVR. What i see on tcp dump is this:

comp1 > comp2 vni 1040 echo request; comp2 > comp1 vni 1046 echo request; comp1 > comp2 vni 1046 echo reply; comp2 > comp1 vni 1040 echo reply. The thing is its not going to controller node. Why?

aksan gravatar imageaksan ( 2015-12-09 07:45:39 -0500 )edit

ok... If DVR is there then it can work without the network node. Do a ip netns on the compute node and there you will definitely find a qrouter-xxx namespace ... Then see the iptables of this namespace and also see the NAT tables. DVR's main advantage is to manage traffic without network node

Prateek K gravatar imagePrateek K ( 2015-12-09 22:58:49 -0500 )edit

when you say without network node, do you mean that l3 agent, ovs agent, dhcp agent, metadata agent are not required and dvr manages these? If dvr is there, then where are the flow tables saved? Please expain and also point me to some blog articles or documentation. Thanks

aksan gravatar imageaksan ( 2015-12-11 11:52:26 -0500 )edit

That the main agenda of DVR.... When you setup dvr there is an extra interface that is there in compute. That for this purpose only. Regarding flows do ip netns on compute node ... there would be a namespace handling this and ovs for flows. https://wiki.openstack.org/wiki/Neutr...

Prateek K gravatar imagePrateek K ( 2015-12-12 03:58:50 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-12-07 13:31:41 -0500

Seen: 216 times

Last updated: Dec 09 '15