Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Traffic Not Reaching TAP Interface

My instances are able to communicate to the network external to openstack.

However, I am unable to communicate to my instances via their floating IP.

Upon running tcpdump on multiple points in the connection path I see that the ICMP echo request gets through all portions of the connection up until the TAP connected to my instance. Once I run a tcpdump on the TAP interface, I am no longer able to see the traffic.

Any ideas what could be preventing traffic from getting from the bridge to the tap interface?

What should I be checking? The default firewall rules seem to allow ICMP traffic from any device to any other device.

Traffic Not Reaching TAP Interface

My instances are able to communicate to the network external to openstack.

However, I am unable to communicate to my instances via their floating IP.

Upon running tcpdump on multiple points in the connection path I see that the ICMP echo request gets through all portions of the connection up until the TAP connected to my instance. Once I run a tcpdump on the TAP interface, I am no longer able to see the traffic.

Any ideas what could be preventing traffic from getting from the bridge to the tap interface?

What should I be checking? The default firewall rules seem to allow ICMP traffic from any device to any other device.

As per request:

sudo ovs-vsctl show
cb3540c7-517a-4c60-a1d4-ec7925fa7435
    Bridge br-int
        fail_mode: secure
        Port "tap7d5663b9-9b"
            tag: 1
            Interface "tap7d5663b9-9b"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
        Port "qg-2f1806e4-ca"
            tag: 2
            Interface "qg-2f1806e4-ca"
                type: internal
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qr-ad4ec613-f1"
            tag: 1
            Interface "qr-ad4ec613-f1"
                type: internal
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port "em1"
            Interface "em1"
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "gre-ac100002"
            Interface "gre-ac100002"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="172.16.0.1", out_key=flow, remote_ip="172.16.0.2"}
    ovs_version: "2.3.1"

and ifconfig

ifconfig -a
br-ex     Link encap:Ethernet  HWaddr b0:83:fe:d7:54:e1
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:72178 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4330812 (4.3 MB)  TX bytes:0 (0.0 B)

br-int    Link encap:Ethernet  HWaddr 9a:83:15:33:90:47
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:72258 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4337354 (4.3 MB)  TX bytes:0 (0.0 B)

br-tun    Link encap:Ethernet  HWaddr d2:40:d2:f4:52:40
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

em1       Link encap:Ethernet  HWaddr b0:83:fe:d7:54:e1
          inet6 addr: fe80::b283:feff:fed7:54e1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:75086 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5321 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4880981 (4.8 MB)  TX bytes:246790 (246.7 KB)
          Interrupt:40 Memory:95000000-957fffff

em2       Link encap:Ethernet  HWaddr b0:83:fe:d7:54:e3
          inet6 addr: fe80::b283:feff:fed7:54e3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:680 (680.0 B)
          Interrupt:44 Memory:94000000-947fffff

em3       Link encap:Ethernet  HWaddr b0:83:fe:d7:54:e5
          inet addr:10.128.0.225  Bcast:10.128.0.255  Mask:255.255.255.0
          inet6 addr: fe80::b283:feff:fed7:54e5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7516976 errors:0 dropped:3693 overruns:0 frame:0
          TX packets:1646308 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:604101365 (604.1 MB)  TX bytes:306511919 (306.5 MB)
          Interrupt:44 Memory:93000000-937fffff

em4       Link encap:Ethernet  HWaddr b0:83:fe:d7:54:e7
          inet addr:172.16.0.1  Bcast:172.16.255.255  Mask:255.255.0.0
          inet6 addr: fe80::b283:feff:fed7:54e7/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:347 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1014 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:39941 (39.9 KB)  TX bytes:117316 (117.3 KB)
          Interrupt:45 Memory:92000000-927fffff

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:557567 errors:0 dropped:0 overruns:0 frame:0
          TX packets:557567 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:27878704 (27.8 MB)  TX bytes:27878704 (27.8 MB)

ovs-system Link encap:Ethernet  HWaddr 7e:22:25:31:f7:70
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Here's the interface section of the instance:

<interface type='bridge'>
  <mac address='fa:16:3e:32:50:0f'/>
  <source bridge='qbre04f8d3b-0f'/>
  <target dev='tape04f8d3b-0f'/>
  <model type='virtio'/>
  <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>

Here's a ping that got from my external network to the source bridge qbre

sudo tcpdump -nei qbre04f8d3b-0f
tcpdump: WARNING: qbre04f8d3b-0f: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on qbre04f8d3b-0f, link-type EN10MB (Ethernet), capture size 65535 bytes
13:00:41.688816 fa:16:3e:a8:6a:97 > fa:16:3e:32:50:0f, ethertype IPv4 (0x0800), length 58: 10.190.0.1 > 192.168.1.3: ICMP echo request, id 43981, seq 1, length 24

What am I missing between qbre and tap interface?