Openvswitch + rstp - bug? or configuration mistake? Openvswitch with rstp enabled wont reply to arp requests, there for can not be reached, until it sends traffic outside where other hosts can pick up its mac address and send traffic.
Below test shows the simplest bridge configuration I can make, with 1 external and 1 int port. Ofcourse this is not how you would use STP in production, but it works as a simple example. Test: (Debian 12, ifupdown2) # Ensure config is clean. ovs-vsctl del-br storage # Create bridge with rstp enabled. BRIDGE=storage INTPORT=stor0 EXTPORT=ens19 # Create bridge ovs-vsctl add-br $BRIDGE ovs-vsctl set Bridge $BRIDGE rstp_enable=true # Add INTPORT ovs-vsctl add-port $BRIDGE $INTPORT ovs-vsctl set Port $INTPORT tag=18 ovs-vsctl set Interface $INTPORT type=internal ovs-vsctl set Port $INTPORT other_config:rstp-enable=true # Is this even required? - doesnt change working status. # Add EXTPORT ovs-vsctl add-port $BRIDGE $EXTPORT ovs-vsctl set Port $EXTPORT other_config:rstp-enable=true # Above configuration is correct according to docs (outside of the intport having rstp enabled). In this case ARP requests are being ignored. 11:14:37.395050 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.25.42.24 tell 172.25.42.21, length 28 11:14:37.483090 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.25.42.24 tell 172.25.42.22, length 28 11:14:38.418969 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.25.42.24 tell 172.25.42.21, length 28 11:14:38.507020 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.25.42.24 tell 172.25.42.22, length 28 Above is 2 systems (.21 and .22) trying to ping this system (.24) From TCPDump I can also see STP is in the correct state 11:16:27.810779 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 1000.6a:06:2b:fe:2b:41.800f, length 36 message-age 0.00s, max-age 6.00s, hello-time 2.00s, forwarding-delay 4.00s root-id 1000.6a:06:2b:fe:2b:41, root-pathcost 0, port-role Designated A working configuration would be removing the 3 rstp lines from above script. In this case ofcourse RSTP is not available, but the port does reply to the arp request ensuring other hosts can reach it. # Ensure config is clean. ovs-vsctl del-br storage # Create bridge with rstp enabled. BRIDGE=storage INTPORT=stor0 EXTPORT=ens19 # Create bridge ovs-vsctl add-br $BRIDGE # Add INTPORT ovs-vsctl add-port $BRIDGE $INTPORT ovs-vsctl set Port $INTPORT tag=18 ovs-vsctl set Interface $INTPORT type=internal # Add EXTPORT ovs-vsctl add-port $BRIDGE $EXTPORT # TCPDUMP: 11:24:34.707063 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.25.42.24 tell 172.25.42.21, length 28 11:24:35.211050 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 172.25.42.24 tell 172.25.42.22, length 28 11:24:39.832310 ARP, Ethernet (len 6), IPv4 (len 4), Reply 172.25.42.21 is-at 9e:eb:24:bb:1f:17, length 28 11:24:40.344110 ARP, Ethernet (len 6), IPv4 (len 4), Reply 172.25.42.22 is-at be:b9:84:91:a9:28, length 28 How above TCPDUMP looks weird, would expect "Reply 172.25.42.24 is-at <somewhere>" however that might be something im doing wrong with the tcpdump command, let me know :-) Enabling RSTP on this bridge after starting it up, simply: ovs-vsctl set Bridge $BRIDGE rstp_enable=true ovs-vsctl set Port $INTPORT other_config:rstp-enable=true ovs-vsctl set Port $EXTPORT other_config:rstp-enable=true Will stop any ARP messages again, so clearing the mac address table on one of the other hosts will cause communication to stop. Versions: *Please not this problem already exists for many years across different versions* # cat /etc/debian_version 12.4 # dpkg -l linux-image-amd64 linux-image-amd64 6.1.67-1 # uname -a Linux ceph04-test 6.1.0-16-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.67-1 (2023-12-12) x86_64 GNU/Linux # ovs-vswitchd --version ovs-vswitchd (Open vSwitch) 3.1.0 Other refs: https://mail.openvswitch.org/pipermail/ovs-discuss/2017-August/045083.html https://forum.proxmox.com/threads/ovs-intport-you-cant-ping-me-unless-i-ping-you-first.104828/ https://serverfault.com/questions/1041970/ovs-bridge-inbound-broadcast-packets-dropped-when-rstp-enabled
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
