Hi Michiel,
On 1/15/24 11:45, Michiel van den Berg via discuss wrote:
Openvswitch + rstp - bug? or configuration mistake?
Openvswitch with rstp enabled wont reply to arp requests, there for can not be
reached, until it sends traffic outside where other hosts can pick up its mac
address and send traffic.
Below test shows the simplest bridge configuration I can make, with 1 external
and 1 int port. Ofcourse this is not how you would use STP in production, but it
works as a simple example.
Test: (Debian 12, ifupdown2)
# Ensure config is clean.
ovs-vsctl del-br storage
# Create bridge with rstp enabled.
BRIDGE=storage
INTPORT=stor0
EXTPORT=ens19
# Create bridge
ovs-vsctl add-br $BRIDGE
ovs-vsctl set Bridge $BRIDGE rstp_enable=true
Are you not adding any rule to the bridge?
# Add INTPORT
ovs-vsctl add-port $BRIDGE $INTPORT
ovs-vsctl set Port $INTPORT tag=18
ovs-vsctl set Interface $INTPORT type=internal
ovs-vsctl set Port $INTPORT other_config:rstp-enable=true # Is this even
required? - doesnt change working status.
# Add EXTPORT
ovs-vsctl add-port $BRIDGE $EXTPORT
ovs-vsctl set Port $EXTPORT other_config:rstp-enable=true
# Above configuration is correct according to docs (outside of the intport
having rstp enabled). In this case ARP requests are being ignored.
11:14:37.395050 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
172.25.42.24 tell 172.25.42.21, length 28
11:14:37.483090 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
172.25.42.24 tell 172.25.42.22, length 28
11:14:38.418969 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
172.25.42.24 tell 172.25.42.21, length 28
11:14:38.507020 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
172.25.42.24 tell 172.25.42.22, length 28
Above is 2 systems (.21 and .22) trying to ping this system (.24)
Where are those systems connected to?
From TCPDump I can also see STP is in the correct state
11:16:27.810779 STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id
1000.6a:06:2b:fe:2b:41.800f, length 36
message-age 0.00s, max-age 6.00s, hello-time 2.00s, forwarding-delay 4.00s
root-id 1000.6a:06:2b:fe:2b:41, root-pathcost 0, port-role Designated
Can you send the output of "ovs-appctl rstp/show {bridge}"?
Is there anything odd in the logs?
Is all traffic between those ports dropped or only ARP? i.e: if you manually set
the arp entries in both ends, does traffic flow again?
If the ARP packet is being dropped inside OVS you could try running "ovs-appctl
ofproto/trace", which will give us the reason why OVS decided to drop it.
A working configuration would be removing the 3 rstp lines from above script. In
this case ofcourse RSTP is not available, but the port does reply to the arp
request ensuring other hosts can reach it.
# Ensure config is clean.
ovs-vsctl del-br storage
# Create bridge with rstp enabled.
BRIDGE=storage
INTPORT=stor0
EXTPORT=ens19
# Create bridge
ovs-vsctl add-br $BRIDGE
# Add INTPORT
ovs-vsctl add-port $BRIDGE $INTPORT
ovs-vsctl set Port $INTPORT tag=18
ovs-vsctl set Interface $INTPORT type=internal
# Add EXTPORT
ovs-vsctl add-port $BRIDGE $EXTPORT
# TCPDUMP:
11:24:34.707063 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
172.25.42.24 tell 172.25.42.21, length 28
11:24:35.211050 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has
172.25.42.24 tell 172.25.42.22, length 28
11:24:39.832310 ARP, Ethernet (len 6), IPv4 (len 4), Reply 172.25.42.21 is-at
9e:eb:24:bb:1f:17, length 28
11:24:40.344110 ARP, Ethernet (len 6), IPv4 (len 4), Reply 172.25.42.22 is-at
be:b9:84:91:a9:28, length 28
How above TCPDUMP looks weird, would expect "Reply 172.25.42.24 is-at
<somewhere>" however that might be something im doing wrong with the tcpdump
command, let me know :-)
Enabling RSTP on this bridge after starting it up, simply:
ovs-vsctl set Bridge $BRIDGE rstp_enable=true
ovs-vsctl set Port $INTPORT other_config:rstp-enable=true
ovs-vsctl set Port $EXTPORT other_config:rstp-enable=true
Will stop any ARP messages again, so clearing the mac address table on one of
the other hosts will cause communication to stop.
Versions: *Please not this problem already exists for many years across
different versions*
# cat /etc/debian_version
12.4
# dpkg -l linux-image-amd64
linux-image-amd64 6.1.67-1
# uname -a
Linux ceph04-test 6.1.0-16-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.67-1
(2023-12-12) x86_64 GNU/Linux
# ovs-vswitchd --version
ovs-vswitchd (Open vSwitch) 3.1.0
Other refs:
https://mail.openvswitch.org/pipermail/ovs-discuss/2017-August/045083.html
<https://mail.openvswitch.org/pipermail/ovs-discuss/2017-August/045083.html>
https://forum.proxmox.com/threads/ovs-intport-you-cant-ping-me-unless-i-ping-you-first.104828/
<https://forum.proxmox.com/threads/ovs-intport-you-cant-ping-me-unless-i-ping-you-first.104828/>
https://serverfault.com/questions/1041970/ovs-bridge-inbound-broadcast-packets-dropped-when-rstp-enabled
<https://serverfault.com/questions/1041970/ovs-bridge-inbound-broadcast-packets-dropped-when-rstp-enabled>
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
--
Adrián Moreno
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
