did you check your br iptables? (they are called etables) here is a link it may help you.
http://ebtables.netfilter.org/br_fw_ia/br_fw_ia.html Remo > Martinx - ジェームズ <mailto:[email protected]> > July 7, 2015 at 19:30 > I don't know if it will help but, tcpdump shows: > > NOTE: I re-created the "stack", so, the IDs have changed but, the > problem remains... > > For "brq44b54ac7-c4": > > --- > time tcpdump -c 100 -eni brq44b54ac7-c4 > > ...... NORMAL TRAFFIC (I guess).... > ...... > 02:12:38.415680 1c:df:0f:ef:bd:1b > 1c:df:0f:ef:b9:1b, ethertype IPv4 > (0x0800), length 363: 192.168.4.66.62521 > 192.168.13.16.18457: Flags > [P.], seq 439562052:439562361, ack 3427842886, win 22919, length 309 > 02:12:38.417826 1c:df:0f:ef:b9:1b > 1c:df:0f:ef:bd:1b, ethertype IPv4 > (0x0800), length 235: 192.168.13.16.18457 > 192.168.4.101.63781: Flags > [P.], seq 54:235, ack 1727, win 513, length 181 > ...... > > real 0m0.874s > user 0m0.004s > sys 0m0.000s > --- > > For its "tap0b5eb746-ed": > > --- > .... > 02:14:06.915717 1c:df:0f:ef:b9:1b > 01:00:5e:00:00:05, ethertype IPv4 > (0x0800), length 134: 192.168.25.2 > 224.0.0.5 <http://224.0.0.5>: > OSPFv2, Hello, length 84 > 02:14:08.505713 f4:ac:c1:ba:7b:83 > 01:00:0c:cc:cc:cd, 802.3, length > 64: LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl > 0x03: oui Cisco (0x00000c), pid PVST (0x010b): STP 802.1w, Rapid STP, > Flags [Learn, Forward], bridge-id 6a4d.f4:ac:c1:ba:7b:80.8003, length 42 > ... > > real 2m20.069s > user 0m0.004s > sys 0m0.016s > --- > > "brctl show" returns: > > --- > ... > brq44b54ac7-c4 8000.ecf4bbd0417b no eth2.101 > tap0b5eb746-ed > ... > --- > > > The first tcpdump takes about 1 second, the second, more than 2 > minutes! And the lines are very different... > > I'm stucked... Since the "Instance #1" works, and its "duplicated > configuration - Instance #2", doesn't... I'm only changing the vlan > id! :-/ > > Switch configurations are okay, since I can see the packets arriving @ > eth2 normally. > > Maybe it is time to go back to OVS instead of Linux Bridges... :-( > > Thanks, > Thiago > > > !DSPAM:1,559c8f3943821478921271! > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > !DSPAM:1,559c8f3943821478921271! > Martinx - ジェームズ <mailto:[email protected]> > July 7, 2015 at 17:37 > On 7 July 2015 at 21:00, Martinx - ジェームズ > <[email protected] <mailto:[email protected]>> wrote: > > Also, I'm not using any kind of Security Groups or Firewall, my > "ml2_conf.ini" looks likes this: > > --- > ....... > [ml2_type_flat] > flat_networks = external > > [ml2_type_vlan] > network_vlan_ranges = physvlan2 > > [securitygroup] > enable_security_group = False > enable_ipset = False > firewall_driver = neutron.agent.firewall.NoopFirewallDriver > > [agent] > tunnel_types = vxlan > > [vxlan] > enable_vxlan = True > local_ip = 10.0.1.31 > l2_population = True > > [l2pop] > agent_boot_time = 180 > > [linux_bridge] > physical_interface_mappings = external:eth1,vxlan:dummy0,physvlan2:eth2 > --- > > Nova also doesn't make use of any firewall driver. So, the iptables > rules here are just the bare minimal. > > My eth0 is the first network interface, it is the default gateway of > the host itself (Horizon, APIs, etc, runs on top of eth0). > > The vxlan on top of a dummy0 interface works fine for this > "all-in-one" deployment. > > The Instances attached to the "physvlan2:100:101" have two interfaces, > vritual eth0 is vxlan, virtual eth1 is attached to physvlan2 (100 or > 101), they can ping the Internet without problems. > > Thanks, > Thiago > !DSPAM:1,559c73b7319121044113558! > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > !DSPAM:1,559c73b7319121044113558! > Martinx - ジェームズ <mailto:[email protected]> > July 7, 2015 at 17:00 > > BTW, the symptoms are weird... After a reboot (and starting the > Intance #2 with bigger txqueue from the beginning), I'm not seeing the > packets being dropped @ the tap interface but, they to not arrive > anyway... > > I would love to know what can cause the packets arriving the > "brqXXX-yy" interface but not its "tapXXX-YY"... Very weird... > > Thanks in advance! > !DSPAM:1,559c69fe301462031411247! > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > !DSPAM:1,559c69fe301462031411247! > Martinx - ジェームズ <mailto:[email protected]> > July 7, 2015 at 16:51 > Guys, > > I have an "all-in-one" OpenStack Juno setup, with LinuxBridges, where > I'm planning to use it with two tagged networks. > > Like this: > > For "Instance #1", "brctl show" returns: > > ---- > root@openstack-1:~# brctl show > bridge name bridge id STP enabled interfaces > > brqfac384d5-cd 8000.ecf4bbd0417a no eth2.100 > > tap47417a6d-3b > ---- > > For "Instance #2", "brctl show" returns: > > ---- > bridge name bridge id STP enabled interfaces > > brq50721b16-1c 8000.ecf4bbd0417a no eth2.101 > > tap15f2960f-54 > ---- > > "Instance #1" works as expected, I can see the the packets arriving > inside the Instance attached to the TAP "tap15f2960f-54". > > Also, I can run "tcpdump -c 100 -eni tap15f2960f-54" or "tcpdump -c > 100 -eni brq50721b16-1c" to see the packets. > > BUT, my second "Instance #2" doesn't receive the packets!! > > > # "Wire" > > If I run "tcpdump -c 100 -eni eth2", I can see both "vlan 100" and > "vlan 101" packets arriving. > > # vlan 100 - okay > If I run "tcpdump -c 100 -eni brqfac384d5-cd", as I said before, I can > see the packets. > > If I run "tcpdump -c 100 -eni tap47417a6d-3b", as I said before, I can > see the packets. > > # vlan 101 - not okay > If I run "tcpdump -c 100 -eni brq50721b16-1c", I can see the packets. > > If I run "tcpdump -c 100 -eni tap15f2960f-54", BOOM! I am unable to > see the packets!! > > -- > > > Why the packets are being dropped between "brq50721b16-1c" and > "tap15f2960f-54" ??? > > "ifconfig tap15f2960f-54" shows packets being dropped. > > "ifconfig tap47417a6d-3b" shows 0 packets being dropped. > > > I already double checked everything!! Also, I tried to raise txqueue, > checked ebtabled, iptables... I have no clue about whats going on here... > > I really appreciate any help! > > Thanks! > Thiago > !DSPAM:1,559c69f7301311341913631! > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > !DSPAM:1,559c69f7301311341913631!
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
