Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Custom open vSwitch setup drops packets behind interface

Hi there,

I have following Setup:
Networks:
Net_1: 192.168.1.0/24
Net_2: 192.168.2.0/24

VMs (all running ubuntu 14.04):
switch:
intf eth2 = 192.168.1.4
intf eth3 = 192.168.2.4
VM One:
intf eth1 = 192.168.1.5
VM Two:
intf eth1 = 192.168.2.5

The switch-VM is hosting an open vSwitch in fail-mode: secure. I added following flow rules:

NXST_FLOW reply (xid=0x4):
cookie=0x0, ..., priority=10,in_port=3 actions=output:2
cookie=0x0, ..., priority=10,in_port=2 actions=output:3

I want to allow the two VMs (One and Two) to communicate with each other for testing purposes. So i try to ping One -> Two

The Problem now is that the ICMP echo request, sent from Vm One, goes through the switch (->eth1 -> eth3 ->) and is dropped behind eth3. So it never reaches VM Two. I guess this is because the interface eth3 has IP 192.168.2.4 but my request comes from IP 192.168.1.5. It seems like openStack is dropping every packet behind eth3 (and vice versa) that hast not the interfaces IP as source address. I think this is some sort of security behavior of openStack. Is it possible to allow sending out packets over an interface with a source IP not being the interfaces IP?

I hope someone can help me with this issue.

Btw. Arp is working just well.

ubuntu@one:~$ arp -a
...
? (192.168.2.5) at fa:16:3e:37:24:79 [ether] on eth1