Public bug reported:
It seems we have a case where the openvswitch firewall driver and a use
of trunks interferes with each other. I tried using the parent's MAC
address for a subport. Like this:
openstack network create net0
openstack network create net1
openstack subnet create --network net0 --subnet-range 10.0.4.0/24 subnet0
openstack subnet create --network net1 --subnet-range 10.0.5.0/24 subnet1
openstack port create --network net0 port0
parent_mac="$( openstack port show port0 | awk '/ mac_address / { print $4 }'
)"
openstack port create --network net1 --mac-address "$parent_mac" port1
openstack network trunk create --parent-port port0 --subport
port=port1,segmentation-type=vlan,segmentation-id=101 trunk0
openstack server create --flavor cirros256 --image cirros-0.3.4-x86_64-uec
--nic port-id=port0 --key-name key0 --wait vm0
Then all packets are lost on the trunk's parent port:
$ openstack server show vm0 | egrep addresses.*net0
| addresses | net0=10.0.4.6
|
$ sudo ip netns exec "qdhcp-$( openstack network show net0 | awk '/ id / {
print $4 }' )" ping -c3 10.0.4.6
WARNING: openstackclient.common.utils is deprecated and will be removed after
Jun 2017. Please use osc_lib.utils
PING 10.0.4.6 (10.0.4.6) 56(84) bytes of data.
--- 10.0.4.6 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2016ms
If I change the firewall_driver to noop and redo the same I have
connectivity.
If I still have the openvswitch firewall_driver but I don't explicitly
set the subport MAC, but let neutron automatically assign one, then
again I have connectivity.
devstack version: 81d89cf
neutron version: 60010a8
relevant parts of local.conf:
[[local|localrc]]
enable_service neutron-api
enable_service neutron-l3
enable_service neutron-agent
enable_service neutron-dhcp
enable_service neutron-metadata-agent
[[post-config|$NEUTRON_CONF]]
[DEFAULT]
service_plugins = router,trunk
[[post-config|$NEUTRON_PLUGIN_CONF]]
[securitygroup]
firewall_driver = openvswitch
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1626010
Title:
Connectivity problem on trunk parent with MAC reuse and openvswitch
firewall driver
Status in neutron:
New
Bug description:
It seems we have a case where the openvswitch firewall driver and a
use of trunks interferes with each other. I tried using the parent's
MAC address for a subport. Like this:
openstack network create net0
openstack network create net1
openstack subnet create --network net0 --subnet-range 10.0.4.0/24 subnet0
openstack subnet create --network net1 --subnet-range 10.0.5.0/24 subnet1
openstack port create --network net0 port0
parent_mac="$( openstack port show port0 | awk '/ mac_address / { print $4
}' )"
openstack port create --network net1 --mac-address "$parent_mac" port1
openstack network trunk create --parent-port port0 --subport
port=port1,segmentation-type=vlan,segmentation-id=101 trunk0
openstack server create --flavor cirros256 --image cirros-0.3.4-x86_64-uec
--nic port-id=port0 --key-name key0 --wait vm0
Then all packets are lost on the trunk's parent port:
$ openstack server show vm0 | egrep addresses.*net0
| addresses | net0=10.0.4.6
|
$ sudo ip netns exec "qdhcp-$( openstack network show net0 | awk '/ id / {
print $4 }' )" ping -c3 10.0.4.6
WARNING: openstackclient.common.utils is deprecated and will be removed
after Jun 2017. Please use osc_lib.utils
PING 10.0.4.6 (10.0.4.6) 56(84) bytes of data.
--- 10.0.4.6 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2016ms
If I change the firewall_driver to noop and redo the same I have
connectivity.
If I still have the openvswitch firewall_driver but I don't explicitly
set the subport MAC, but let neutron automatically assign one, then
again I have connectivity.
devstack version: 81d89cf
neutron version: 60010a8
relevant parts of local.conf:
[[local|localrc]]
enable_service neutron-api
enable_service neutron-l3
enable_service neutron-agent
enable_service neutron-dhcp
enable_service neutron-metadata-agent
[[post-config|$NEUTRON_CONF]]
[DEFAULT]
service_plugins = router,trunk
[[post-config|$NEUTRON_PLUGIN_CONF]]
[securitygroup]
firewall_driver = openvswitch
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1626010/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
