# Revision history [back]

### VLAN tagged packets getting dropped at physical switch in multi-node openstack setup

Hello,

I have a 2 node openstack setup (controller/network+compute) with VLAN tenant networks setup with devstack. I'm using the ml2 plugin with openvswitch-agent. I have a management, public and 2 data interfaces on both nodes. The management and public are using access ports, while the data interfaces are connected to trunk ports, the first one allowing ranges 3200-3299 and the second 3300-3399.

I have created an ovs bridge "br-vlan" and attached both data interfaces-enp3s0f0 and enp3s0f1-to it. Below is some ovs output and ml2_conf.ini :

[user@sut1-server15 ~]$sudo ovs-vsctl show 85c790fc-036b-4279-a269-404dac2a1895 Bridge br-vlan Port "enp3s0f0" Interface "enp3s0f0" Port phy-br-vlan Interface phy-br-vlan type: patch options: {peer=int-br-vlan} Port br-vlan Interface br-vlan type: internal Port "enp3s0f1" Interface "enp3s0f1" Bridge br-int fail_mode: secure Port "qr-8ba273db-ca" tag: 1 Interface "qr-8ba273db-ca" type: internal Port int-br-vlan Interface int-br-vlan type: patch options: {peer=phy-br-vlan} Port int-br-ex Interface int-br-ex type: patch options: {peer=phy-br-ex} Port "tap06819088-e4" tag: 1 Interface "tap06819088-e4" type: internal Port "tapf7aa8858-df" tag: 2 Interface "tapf7aa8858-df" type: internal Port "qr-b436675d-d5" tag: 2 Interface "qr-b436675d-d5" type: internal Port br-int Interface br-int type: internal [user@sut1-server15 ~]$ cat /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
tenant_network_types = vlan
extension_drivers = port_security
type_drivers = local,flat,vlan,gre,vxlan
mechanism_drivers = openvswitch,linuxbridge

[ml2_type_vlan]
network_vlan_ranges = public,vlan:3200:3399

[ovs]
bridge_mappings = public:br-ex,vlan:br-vlan


The public interface is connected to br-ex but we don't need to worry about that one at the moment since I just want to get the tenant traffic to work.

I can succesfully create the vlan network in openstack and attach a router to it. The dhcp-agent is also active and I can see it in my controller's namespace. I'm able to ping the router from the dhcp-agent and vice versa.

Once I boot up a VM in the network, it sends DHCP requests but it doesn't reach the dhcp-agent. In fact, it doesn't even reach the physical interface on the controller. The way I tested this was to run tcpdump on these interfaces on the compute node: tapXXX (the VM), br-int, br-vlan, ens255f0 (the physical interface). Below is the tcpdump output:

[user@sut1-server13 ~]\$ sudo tcpdump -i ens255f0 -e port 67 or port 68
tcpdump: WARNING: ens255f0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens255f0, link-type EN10MB (Ethernet), capture size 65535 bytes
00:16:24.001105 fa:16:3e:04:e6:76 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 326: vlan 3200, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:04:e6:76 (oui Unknown), length 280
00:16:27.004823 fa:16:3e:04:e6:76 (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 326: vlan 3200, p 0, ethertype IPv4, 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:04:e6:76 (oui Unknown), length 280


However, the packets never reach the controller. The packet flow can be seen from the following presentation on page 7: https://www.openstack.org/assets/presentation-media/openvswitch-in-neutron-1.pdf

What could be the reason that the physical switch is dropping the packet? Having both interfaces in the same ovs bridge shouldn't matter, because br-vlan will forward the packet to both physical interfaces, but the switch should not forward the one that is not within the allowed vlan range. The port is configured as a trunk port with vlan range 3200-3299.

The switch is a Quantum switch, is it possible that openvswitch has some compability issues with this particular hardware?