Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

VM ON CONTROLLER NODE CAN NOT GET DHCP IP

I have one controller node and two compute node ,vms on compute nodes can get ip by dhcp ,but vms on controller failed . I tcpdump the dhcp server port ,it seems vms on controller node request normally but can not receive the ip ,the tcpdump log as followed :

[root@cloud01 ~]# ip netns exec qdhcp-58265ecd-0429-4cdc-84b7-ee4bd745a99a tcpdump -i tapa126c086-96 host 10.10.12.109

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tapa126c086-96, link-type EN10MB (Ethernet), capture size 65535 bytes 15:59:38.105489 IP 10.10.12.101.bootps > 10.10.12.109.bootpc: BOOTP/DHCP, Reply, length 327 15:59:38.107455 IP 10.10.12.101.bootps > 10.10.12.109.bootpc: BOOTP/DHCP, Reply, length 327 15:59:41.112144 IP 10.10.12.101.bootps > 10.10.12.109.bootpc: BOOTP/DHCP, Reply, length 327 15:59:44.116861 IP 10.10.12.101.bootps > 10.10.12.109.bootpc: BOOTP/DHCP, Reply, length 327 15:59:49.116265 ARP, Request who-has 10.10.12.109 tell 10.10.12.101, length 28 15:59:50.116076 ARP, Request who-has 10.10.12.109 tell 10.10.12.101, length 28 15:59:51.116276 ARP, Request who-has 10.10.12.109 tell 10.10.12.101, length 28

I thought the client (10.10.12.109) can not receive the the dhcp server (10.10.12.101) reply ,so I tried to add this rule to iptables:

-A neutron-openvswi-sbba680a9-2 -s 10.10.12.101/32 -j RETURN

it still dones't work .my iptables rules as following :

*filter
:INPUT ACCEPT [1745990:547416332]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1720163:541995461]
:neutron-filter-top - [0:0]
:neutron-openvswi-FORWARD - [0:0]
:neutron-openvswi-INPUT - [0:0]
:neutron-openvswi-OUTPUT - [0:0]
:neutron-openvswi-ibba680a9-2 - [0:0]
:neutron-openvswi-local - [0:0]
:neutron-openvswi-obba680a9-2 - [0:0]
:neutron-openvswi-sbba680a9-2 - [0:0]
:neutron-openvswi-sg-chain - [0:0]
:neutron-openvswi-sg-fallback - [0:0]
:nova-api-FORWARD - [0:0]
:nova-api-INPUT - [0:0]
:nova-api-OUTPUT - [0:0]
:nova-api-local - [0:0]
:nova-filter-top - [0:0]
-A INPUT -j neutron-openvswi-INPUT 
-A INPUT -j nova-api-INPUT 
-A FORWARD -j neutron-filter-top 
-A FORWARD -j neutron-openvswi-FORWARD 
-A FORWARD -j nova-filter-top 
-A FORWARD -j nova-api-FORWARD 
-A OUTPUT -j neutron-filter-top 
-A OUTPUT -j neutron-openvswi-OUTPUT 
-A OUTPUT -j nova-filter-top 
-A OUTPUT -j nova-api-OUTPUT 
-A neutron-filter-top -j neutron-openvswi-local 
-A neutron-openvswi-FORWARD -m physdev --physdev-out tapbba680a9-2e --physdev-is-br idged -j neutron-openvswi-sg-chain 
-A neutron-openvswi-FORWARD -m physdev --physdev-in tapbba680a9-2e --physdev-is-br idged -j neutron-openvswi-sg-chain 
-A neutron-openvswi-INPUT -m physdev --physdev-in tapbba680a9-2e --physdev-is-br idged -j neutron-openvswi-obba680a9-2 
-A neutron-openvswi-ibba680a9-2 -m state --state INVALID -j DROP 
-A neutron-openvswi-ibba680a9-2 -m state --state RELATED,ESTABLISHED -j RETURN 
-A neutron-openvswi-ibba680a9-2 -p tcp -m tcp --dport 22 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -p icmp -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.108/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.105/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.100/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.107/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.103/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.104/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.106/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.102/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.101/32 -p udp -m udp --sport 67 --dport 68 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -j neutron-openvswi-sg-fallback 
-A neutron-openvswi-obba680a9-2 -p udp -m udp --sport 68 --dport 67 -j RETURN 
-A neutron-openvswi-obba680a9-2 -j neutron-openvswi-sbba680a9-2 
-A neutron-openvswi-obba680a9-2 -p udp -m udp --sport 67 --dport 68 -j DROP
-A neutron-openvswi-obba680a9-2 -m state --state INVALID -j DROP 
-A neutron-openvswi-obba680a9-2 -m state --state RELATED,ESTABLISHED -j RETURN 
-A neutron-openvswi-obba680a9-2 -j RETURN 
-A neutron-openvswi-obba680a9-2 -j neutron-openvswi-sg-fallback 
-A neutron-openvswi-sbba680a9-2 -s 10.10.12.109/32 -m mac --mac-source FA:16:3E:E0:2D:D2 -j RETURN 
-A neutron-openvswi-sbba680a9-2 -j DROP 
-A neutron-openvswi-sg-chain -m physdev --physdev-out tapbba680a9-2e --physdev-is-br idged -j neutron-openvswi-ibba680a9-2 
-A neutron-openvswi-sg-chain -m physdev --physdev-in tapbba680a9-2e --physdev-is-br idged -j neutron-openvswi-obba680a9-2 
-A neutron-openvswi-sg-chain -j ACCEPT 
-A neutron-openvswi-sg-fallback -j DROP 
-A nova-api-INPUT -d 10.10.11.11/32 -p tcp -m tcp --dport 8775 -j ACCEPT 
-A nova-filter-top -j nova-api-local 
COMMIT

VM ON CONTROLLER NODE CAN NOT GET DHCP IPon controller node cannot get IP via DHCP

I have one controller node and two compute node ,vms on compute nodes can get ip by dhcp ,but vms on controller failed . I tcpdump the dhcp server port ,it seems vms on controller node request normally but can not receive the ip ,the tcpdump log as followed :

[root@cloud01 ~]# ip netns exec qdhcp-58265ecd-0429-4cdc-84b7-ee4bd745a99a tcpdump -i tapa126c086-96 host 10.10.12.109

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on tapa126c086-96, link-type EN10MB (Ethernet), capture size 65535 bytes 15:59:38.105489 IP 10.10.12.101.bootps > 10.10.12.109.bootpc: BOOTP/DHCP, Reply, length 327 15:59:38.107455 IP 10.10.12.101.bootps > 10.10.12.109.bootpc: BOOTP/DHCP, Reply, length 327 15:59:41.112144 IP 10.10.12.101.bootps > 10.10.12.109.bootpc: BOOTP/DHCP, Reply, length 327 15:59:44.116861 IP 10.10.12.101.bootps > 10.10.12.109.bootpc: BOOTP/DHCP, Reply, length 327 15:59:49.116265 ARP, Request who-has 10.10.12.109 tell 10.10.12.101, length 28 15:59:50.116076 ARP, Request who-has 10.10.12.109 tell 10.10.12.101, length 28 15:59:51.116276 ARP, Request who-has 10.10.12.109 tell 10.10.12.101, length 28

28

I thought the client (10.10.12.109) can not receive the the dhcp server (10.10.12.101) reply ,so I tried to add this rule to iptables:

-A neutron-openvswi-sbba680a9-2 -s 10.10.12.101/32 -j RETURN

it still dones't work .my iptables rules as following :

*filter
:INPUT ACCEPT [1745990:547416332]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1720163:541995461]
:neutron-filter-top - [0:0]
:neutron-openvswi-FORWARD - [0:0]
:neutron-openvswi-INPUT - [0:0]
:neutron-openvswi-OUTPUT - [0:0]
:neutron-openvswi-ibba680a9-2 - [0:0]
:neutron-openvswi-local - [0:0]
:neutron-openvswi-obba680a9-2 - [0:0]
:neutron-openvswi-sbba680a9-2 - [0:0]
:neutron-openvswi-sg-chain - [0:0]
:neutron-openvswi-sg-fallback - [0:0]
:nova-api-FORWARD - [0:0]
:nova-api-INPUT - [0:0]
:nova-api-OUTPUT - [0:0]
:nova-api-local - [0:0]
:nova-filter-top - [0:0]
-A INPUT -j neutron-openvswi-INPUT 
-A INPUT -j nova-api-INPUT 
-A FORWARD -j neutron-filter-top 
-A FORWARD -j neutron-openvswi-FORWARD 
-A FORWARD -j nova-filter-top 
-A FORWARD -j nova-api-FORWARD 
-A OUTPUT -j neutron-filter-top 
-A OUTPUT -j neutron-openvswi-OUTPUT 
-A OUTPUT -j nova-filter-top 
-A OUTPUT -j nova-api-OUTPUT 
-A neutron-filter-top -j neutron-openvswi-local 
-A neutron-openvswi-FORWARD -m physdev --physdev-out tapbba680a9-2e --physdev-is-br idged -j neutron-openvswi-sg-chain 
-A neutron-openvswi-FORWARD -m physdev --physdev-in tapbba680a9-2e --physdev-is-br idged -j neutron-openvswi-sg-chain 
-A neutron-openvswi-INPUT -m physdev --physdev-in tapbba680a9-2e --physdev-is-br idged -j neutron-openvswi-obba680a9-2 
-A neutron-openvswi-ibba680a9-2 -m state --state INVALID -j DROP 
-A neutron-openvswi-ibba680a9-2 -m state --state RELATED,ESTABLISHED -j RETURN 
-A neutron-openvswi-ibba680a9-2 -p tcp -m tcp --dport 22 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -p icmp -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.108/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.105/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.100/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.107/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.103/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.104/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.106/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.102/32 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -s 10.10.12.101/32 -p udp -m udp --sport 67 --dport 68 -j RETURN 
-A neutron-openvswi-ibba680a9-2 -j neutron-openvswi-sg-fallback 
-A neutron-openvswi-obba680a9-2 -p udp -m udp --sport 68 --dport 67 -j RETURN 
-A neutron-openvswi-obba680a9-2 -j neutron-openvswi-sbba680a9-2 
-A neutron-openvswi-obba680a9-2 -p udp -m udp --sport 67 --dport 68 -j DROP
-A neutron-openvswi-obba680a9-2 -m state --state INVALID -j DROP 
-A neutron-openvswi-obba680a9-2 -m state --state RELATED,ESTABLISHED -j RETURN 
-A neutron-openvswi-obba680a9-2 -j RETURN 
-A neutron-openvswi-obba680a9-2 -j neutron-openvswi-sg-fallback 
-A neutron-openvswi-sbba680a9-2 -s 10.10.12.109/32 -m mac --mac-source FA:16:3E:E0:2D:D2 -j RETURN 
-A neutron-openvswi-sbba680a9-2 -j DROP 
-A neutron-openvswi-sg-chain -m physdev --physdev-out tapbba680a9-2e --physdev-is-br idged -j neutron-openvswi-ibba680a9-2 
-A neutron-openvswi-sg-chain -m physdev --physdev-in tapbba680a9-2e --physdev-is-br idged -j neutron-openvswi-obba680a9-2 
-A neutron-openvswi-sg-chain -j ACCEPT 
-A neutron-openvswi-sg-fallback -j DROP 
-A nova-api-INPUT -d 10.10.11.11/32 -p tcp -m tcp --dport 8775 -j ACCEPT 
-A nova-filter-top -j nova-api-local 
COMMIT