Any reason why no traffic can get from br-int to br-ex?

asked 2016-06-07 19:35:08 -0500

eyeofthebeholder gravatar image

So we just switched from standard routing linux bridge based Mitaka to DVR with OVS based Mitaka and we are having some issues with communication...

First off, I thought vm's connected directly to a linux bridge (for security filtering) vs directly to the ovs bridge br-int... Yet the tap interface of a vm directly connects to said br-int... Is that right?

Secondly, I had to create the br-ex manually... Why is that require manual intervention? I guess I just figured that would have been done automatically by Openstack?

Lastly, after creating a DVR router and starting up an instance, I can see traffic flowing from said instance and getting all the way to the local SNAT namespace where it stops. After looking into it further, no traffic seems to be flowing across the patch link between br-int and br-ex... I did some mirroring to confirm and sure enough, nothing... Also when i do a ovs-appctl fdb/show br-int as well as br-ex I don't see any mac's for the link between those two... Any ideas why this might be?

Really appreciate any help!

Steve

edit retag flag offensive close merge delete

Comments

where these ports created before you moved to ovs? neutron port-list -c binding:vif_type

darragh-oreilly gravatar imagedarragh-oreilly ( 2016-06-08 07:58:21 -0500 )edit

I'm pretty new to Openstack, so forgive my ignorance... When I run that command it gives me the specified column readout which has a mixture of mostly bridge and ovs... Not quite sure how to read that... any hints?

Thanks!

eyeofthebeholder gravatar imageeyeofthebeholder ( 2016-06-08 10:37:23 -0500 )edit
1

you probably need to delete and recreate any vms and networks that are using bridge ports

darragh-oreilly gravatar imagedarragh-oreilly ( 2016-06-08 11:55:52 -0500 )edit