Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Why are packets not being forwarded from physical port to bridge?

We are having some problems on our openstack networking node. This is a havanna setup, and we are using open vswitch with GRE tunnels.

On this openvswitch is created a bridge "br700". This is connected to an interface, which tags with vlan 700ö This bridge looks like this:

   Bridge "br700"
        Port "qg-67a742dc-dc"
            Interface "qg-67a742dc-dc"
                type: internal
        Port "bond0.700"
            Interface "bond0.700"
        Port "br700"
            Interface "br700"
                type: internal
        Port "phy-br700"
            Interface "phy-br700"
        Port "qg-fe9ca3a1-9f"
            Interface "qg-fe9ca3a1-9f"
                type: internal

I have defined a router in neutron, that has it's gateway set to an external network, and there is an L3 agent to connect this network with this br700 bridge. This router gets created, and when I use ip netns exec qrouter-<id> bash to get in to the namespace this looks like this:

# ip a
245: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
246: qg-67a742dc-dc: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:23:4d:7d brd ff:ff:ff:ff:ff:ff
    inet 10.255.10.1/16 brd 10.255.255.255 scope global qg-67a742dc-dc
    inet6 fe80::f816:3eff:fe23:4d7d/64 scope link 
       valid_lft forever preferred_lft forever
247: qr-2c770d48-9d: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:fb:70:45 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.2/24 brd 192.168.0.255 scope global qr-2c770d48-9d
    inet6 fe80::f816:3eff:fefb:7045/64 scope link 
       valid_lft forever preferred_lft forever

As far as I can see this router instance has a port in br700.... I can ping hosts in 192.168.0.0/24 without any problem. I can also ping any other routing instances atached to 10.255.0.0/16, and any networks attached to them. So it appears that the br700 bridge is forwarding packets between prots. However, when I try to ping an external host on the 10.255.0.0/16 network this fails

We investigated this with tcpdump I started a ping to 10.255.1.110 on the networking node, while in the router namespace. What we saw was: - ARP packets are being sent out, asking who has 10.255.1.110. These packets are send out over the physical network. - The host 10.255.1.110 does receive these packets, and answers them. - On the network node the packets are seen as well, and when doing a tcpdump on bond0.700 we see them too. However they dont' seem to reach the virtual router. arp -an ? (10.255.1.110) at <incomplete> on qg-67a742dc-dc Adding a static ARP entry didn't solve it.

So I have the impression that somehow packets are not passed back from the interface bond0.700 in to the bridge. I am at a loss why.

We have another ovsbridge, br-ext, which is connected to bond0.500, and this one functions without problems...

What I need is hints where to look, what could be the cause....

Why are packets not being forwarded from physical port to bridge?

We are having some problems on our openstack networking node. This is a havanna setup, and we are using open vswitch with GRE tunnels.

On this openvswitch is created a bridge "br700". This is connected to an interface, which tags with vlan 700ö This bridge looks like this:

   Bridge "br700"
        Port "qg-67a742dc-dc"
            Interface "qg-67a742dc-dc"
                type: internal
        Port "bond0.700"
            Interface "bond0.700"
        Port "br700"
            Interface "br700"
                type: internal
        Port "phy-br700"
            Interface "phy-br700"
        Port "qg-fe9ca3a1-9f"
            Interface "qg-fe9ca3a1-9f"
                type: internal

I have defined a router in neutron, that has it's gateway set to an external network, and there is an L3 agent to connect this network with this br700 bridge. This router gets created, and when I use ip netns exec qrouter-<id> bash to get in to the namespace this looks like this:

# ip a
245: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
246: qg-67a742dc-dc: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:23:4d:7d brd ff:ff:ff:ff:ff:ff
    inet 10.255.10.1/16 brd 10.255.255.255 scope global qg-67a742dc-dc
    inet6 fe80::f816:3eff:fe23:4d7d/64 scope link 
       valid_lft forever preferred_lft forever
247: qr-2c770d48-9d: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:fb:70:45 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.2/24 brd 192.168.0.255 scope global qr-2c770d48-9d
    inet6 fe80::f816:3eff:fefb:7045/64 scope link 
       valid_lft forever preferred_lft forever

As far as I can see this router instance has a port in br700.... I can ping hosts in 192.168.0.0/24 without any problem. I can also ping any other routing instances atached to 10.255.0.0/16, and any networks attached to them. So it appears that the br700 bridge is forwarding packets between prots. However, when I try to ping an external host on the 10.255.0.0/16 network this fails

We investigated this with tcpdump I started a ping to 10.255.1.110 on the networking node, while in the router namespace. What we saw was: - ARP packets are being sent out, asking who has 10.255.1.110. These packets are send out over the physical network. - The host 10.255.1.110 does receive these packets, and answers them. - On the network node the packets are seen as well, and when doing a tcpdump on bond0.700 we see them too. However they dont' seem to reach the virtual router. arp -an ? (10.255.1.110) at <incomplete> on qg-67a742dc-dc Adding a static ARP entry didn't solve it.

So I have the impression that somehow packets are not passed back from the interface bond0.700 in to the bridge. I am at a loss why.

We have another ovsbridge, br-ext, which is connected to bond0.500, and this one functions without problems...

What I need is hints where to look, what could be the cause....I did some more testing, and found out that I can see the switching table of the ovswitch

# ovs-appctl fdb/show br700
 port  VLAN  MAC                Age
    9     0  fa:16:3e:e3:d8:be  199
    1     0  fa:16:3e:43:f0:54  193
    1     0  52:54:00:3d:ee:18  193

Now the interesting thing is that ovswitch seems to think that fa:16:3e:43:f0:54, which is the mac address of a port on my router instance, is on port 1, wich is the link to the physical network, bond0.700. That would explain why packets get lost. The switch doesn't forward it to the correct port. But why?