Hi Ilya, Thank you for your message.
Indeed the issue was ARP entries transitioning for a few seconds to INCOMPLETE or FAIL leading to packet loss. Best regards, Olivier On 2023-01-10T12:38:06.000+01:00, Ilya Maximets <i.maxim...@ovn.org> wrote: > On 1/10/23 10:19, Olivier Chaze via discuss wrote: >> ERRATUM, >> >> packets are seen in vxlan tcpdump : >> >> 1. tcpdump in the qrouter-namespace shows that VRRP packets are >> sent every 2 seconds as expected >> 2. tcpdump on a br-tun port mirrored shows VRRP packets every 2 >> seconds >> 3. no packet loss in OVS (ovs-dpctl get-flow >> ufid:08137467-da7d-4a15-bb5c-08f80bfe03d2) >> 4. tcpdump on the vxlan_sys_4789 interface shows packet being sent >> every 2 seconds >> 5. tcpdump on the physical NIC shows missing VRRP packets >> accordingly. >> 6. tcpdump on the other vxlan endpoints shows there are missing >> packets accordingly . >> >> Conclusion : >> There's a bottleneck somewhere between vxlan_sys_4789 and the >> physical link. > > Hi. > > It's hard to say what is going on in your case, and I didn't > really touch an OpenStack setup for a while, so I don't remember > how it looks like in details. But see some thoughts on the > subject below. > > After being sent to vxlan_sys_4789, packets are no longer in OVS, > but are subjects for a normal kernel routing. OVS is not managing > delivery of the packet from vxlan_sys_4789 to the physical NIC. > > If your physical NIC is part of the OVS bridge, packet will return > to OVS via the bridge port before being sent to the physical NIC. > Or via some other port in that bridge that has an IP address (I'd > not recommend such configuration). In this case OVS will handle > delivery of the packet between the bridge port and the physical NIC. > Packet will need to match some OpenFlow rules in that bridge. > > You may additionally check if that is happening to more precisely > pinpoint where the packets are lost, i.e. check tcpdump on the > bridge port where the physical NIC is attached and check OF rules > in that bridge. > > Make sure you don't have any firewall rules or QoS settings that > can apply to encapsulated packets between vxlan_sys_4789 and the > physical NIC. And make sure the encapsulated packet is routable > in the kernel, i.e. the host knows where to send them at all times. > E.g. IPs on OVS bridges are not flapping. > > Unless you're hitting the network really hard and saturating the > CPU or CPU is very busy with some other processing, it's likely > not a performance issue. > > I'm not really sure what is included in your OVS 2.15 package. > You said the version is 2.15.0, which is likely not an upstream > version. If it is though, then I'd highly recommend to update to > at least 2.15.7, or upgrade to the latest 2.17 LTS. > > Best regards, Ilya Maximets.
_______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
