On 1/10/23 10:19, Olivier Chaze via discuss wrote: > ERRATUM, > > packets are seen in vxlan tcpdump : > > 1. tcpdump in the qrouter-namespace shows that VRRP packets are sent every 2 > seconds as expected > 2. tcpdump on a br-tun port mirrored shows VRRP packets every 2 seconds > 3. no packet loss in OVS (ovs-dpctl get-flow > ufid:08137467-da7d-4a15-bb5c-08f80bfe03d2) > 4. tcpdump on the vxlan_sys_4789 interface shows packet being sent every 2 > seconds > 5. tcpdump on the physical NIC shows missing VRRP packets accordingly. > 6. tcpdump on the other vxlan endpoints shows there are missing packets > accordingly . > > > Conclusion : > There's a bottleneck somewhere between vxlan_sys_4789 and the physical link.
Hi. It's hard to say what is going on in your case, and I didn't really touch an OpenStack setup for a while, so I don't remember how it looks like in details. But see some thoughts on the subject below. After being sent to vxlan_sys_4789, packets are no longer in OVS, but are subjects for a normal kernel routing. OVS is not managing delivery of the packet from vxlan_sys_4789 to the physical NIC. If your physical NIC is part of the OVS bridge, packet will return to OVS via the bridge port before being sent to the physical NIC. Or via some other port in that bridge that has an IP address (I'd not recommend such configuration). In this case OVS will handle delivery of the packet between the bridge port and the physical NIC. Packet will need to match some OpenFlow rules in that bridge. You may additionally check if that is happening to more precisely pinpoint where the packets are lost, i.e. check tcpdump on the bridge port where the physical NIC is attached and check OF rules in that bridge. Make sure you don't have any firewall rules or QoS settings that can apply to encapsulated packets between vxlan_sys_4789 and the physical NIC. And make sure the encapsulated packet is routable in the kernel, i.e. the host knows where to send them at all times. E.g. IPs on OVS bridges are not flapping. Unless you're hitting the network really hard and saturating the CPU or CPU is very busy with some other processing, it's likely not a performance issue. I'm not really sure what is included in your OVS 2.15 package. You said the version is 2.15.0, which is likely not an upstream version. If it is though, then I'd highly recommend to update to at least 2.15.7, or upgrade to the latest 2.17 LTS. Best regards, Ilya Maximets. _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
