<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii"> <style style="display: none;" id="owaParaStyle" type="text/css">P {margin-top:0;margin-bottom:0;}</style> </head> <body tabindex="0" aria-label="Nachrichtentext" fpstyle="1" dir="ltr"> <div name="divtagdefaultwrapper" id="divtagdefaultwrapper" style="font-family: Tahoma, Geneva, sans-serif; font-size: 10pt; color: #000000; margin: 0"> Hi! I have set up a simple test case for VLAN networks - just one Neutron network and one VLAN: /etc/quantum/plugin.ini [DATABASE] sql_connection = mysql://quantum:71884b6791004319@192.168.104.62/ovs_quantum sql_max_retries = 10 reconnect_interval = 2 [OVS] integration_bridge=br-int tenant_network_type = vlan enable_tunneling=False network_vlan_ranges = install:40:40 bridge_mappings = install:br-vlan [AGENT] polling_interval = 2 [SECURITYGROUP] firewall_driver = quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 531c4059-68ce-4051-a049-f7b715a3aa61 | | name | install-vlan | | provider:network_type | vlan | | provider:physical_network | install | | provider:segmentation_id | 40 | | router:external | False | | shared | False | | status | ACTIVE | | subnets | d961c242-004e-4502-a6bb-59ce3157040c | | tenant_id | 91108a7377204cd78eed2cf22a978475 | +---------------------------+--------------------------------------+ # ovs-vsctl show e10c8833-e54d-4693-a657-b2034c5b244f Bridge br-vlan Port "tapb07358d3-48" Interface "tapb07358d3-48" Port br-vlan Interface br-vlan type: internal Port "eth4" Interface "eth4" Port phy-br-vlan Interface phy-br-vlan Bridge br-int Port "tap3158d4cc-20" tag: 1 Interface "tap3158d4cc-20" Port "tap0fae4e60-f1" tag: 1 Interface "tap0fae4e60-f1" Port "qvo942326c5-68" tag: 2 Interface "qvo942326c5-68" Port br-int Interface br-int type: internal Port int-br-vlan Interface int-br-vlan Port int-br-ex Interface int-br-ex Port "tapd446cc89-be" tag: 2 Interface "tapd446cc89-be" Port "qvo7b22401b-89" tag: 2 Interface "qvo7b22401b-89" Bridge br-ex Port br-ex Interface br-ex type: internal ovs_version: "1.10.0" <div>I created an instance that runs GRML and got it an address (192.168.102.2) and tried to ping the router via the VLAN. The instance does not receive the ARP replies. This is a tcpdump from the trunk interface: # tcpdump -n -i eth4 -e arp tcpdump: WARNING: eth4: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth4, link-type EN10MB (Ethernet), capture size 65535 bytes 10:24:59.032932 fa:16:3e:a4:7e:d4 > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 40, p 0, ethertype ARP, Request who-has 192.168.102.1 tell 192.168.102.2, length 28 10:24:59.033341 00:00:5e:00:01:01 > fa:16:3e:a4:7e:d4, ethertype ARP (0x0806), length 60: Reply 192.168.102.1 is-at 00:00:5e:00:01:01, length 46 10:24:59.253619 90:e2:ba:3d:f6:5d > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 192.168.101.6 tell 192.168.101.7, length 46 10:25:00.030796 fa:16:3e:a4:7e:d4 > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 40, p 0, ethertype ARP, Request who-has 192.168.102.1 tell 192.168.102.2, length 28 10:25:00.032549 00:00:5e:00:01:01 > fa:16:3e:a4:7e:d4, ethertype ARP (0x0806), length 60: Reply 192.168.102.1 is-at 00:00:5e:00:01:01, length 46 10:25:00.253355 90:e2:ba:3d:f6:5d > Broadcast, ethertype ARP (0x0806), length 60: Request who-has 192.168.101.6 tell 192.168.101.7, length 46 10:25:01.030887 fa:16:3e:a4:7e:d4 > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 40, p 0, ethertype ARP, Request who-has 192.168.102.1 tell 192.168.102.2, length 28 10:25:01.031237 00:00:5e:00:01:01 > fa:16:3e:a4:7e:d4, ethertype ARP (0x0806), length 60: Reply 192.168.102.1 is-at 00:00:5e:00:01:01, length 46 Curious thing on the side - the replies come with a VLAN tag when I create an eth4.40 interface. Nothing changes on the OpenStack/OVS side, though. Here are the flows and port numbers for the two bridges: # ovs-ofctl show br-vlan OFPT_FEATURES_REPLY (xid=0x2): dpid:00000025b502001b n_tables:254, n_buffers:256 capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST ENQUEUE 1(eth4): addr:00:25:b5:02:00:1b config: 0 state: 0 current: 10GB-FD FIBER advertised: 10GB-FD FIBER supported: 10GB-FD FIBER speed: 10000 Mbps now, 10000 Mbps max 2(phy-br-vlan): addr:72:55:3c:e6:ae:6b config: 0 state: 0 current: 10GB-FD COPPER speed: 10000 Mbps now, 0 Mbps max 3(tapb07358d3-48): addr:d6:35:64:a1:87:15 config: 0 state: 0 current: 10GB-FD COPPER speed: 10000 Mbps now, 0 Mbps max LOCAL(br-vlan): addr:c2:98:c5:81:f9:f2 config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0 # ovs-ofctl dump-flows br-vlan NXST_FLOW reply (xid=0x4): cookie=0x0, duration=1057.205s, table=0, n_packets=343, n_bytes=25981, idle_age=0, priority=4,in_port=2,dl_vlan=2 actions=mod_vlan_vid:40,NORMAL cookie=0x0, duration=1065.475s, table=0, n_packets=32, n_bytes=2384, idle_age=1052, priority=2,in_port=2 actions=drop cookie=0x0, duration=1067.066s, table=0, n_packets=5515, n_bytes=366100, idle_age=0, priority=1 actions=NORMAL # ovs-ofctl show br-int OFPT_FEATURES_REPLY (xid=0x2): dpid:0000beab831a754e n_tables:254, n_buffers:256 capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST ENQUEUE 1(int-br-vlan): addr:52:1f:bd:18:93:90 config: 0 state: 0 current: 10GB-FD COPPER speed: 10000 Mbps now, 0 Mbps max 2(tap0fae4e60-f1): addr:f6:42:b0:32:da:73 config: 0 state: 0 current: 10GB-FD COPPER speed: 10000 Mbps now, 0 Mbps max 3(tap3158d4cc-20): addr:12:4e:1d:fd:e1:8b config: 0 state: 0 current: 10GB-FD COPPER speed: 10000 Mbps now, 0 Mbps max 4(tapd446cc89-be): addr:f2:66:2a:aa:d2:c6 config: 0 state: 0 current: 10GB-FD COPPER speed: 10000 Mbps now, 0 Mbps max 5(qvo942326c5-68): addr:16:cd:bc:df:c7:69 config: 0 state: 0 current: 10GB-FD COPPER speed: 10000 Mbps now, 0 Mbps max 6(qvo7b22401b-89): addr:be:3b:ee:cb:47:33 config: 0 state: 0 current: 10GB-FD COPPER speed: 10000 Mbps now, 0 Mbps max LOCAL(br-int): addr:3a:ff:87:95:03:0b config: 0 state: 0 speed: 0 Mbps now, 0 Mbps max OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0 # ovs-ofctl dump-flows br-int NXST_FLOW reply (xid=0x4): cookie=0x0, duration=1083.622s, table=0, n_packets=0, n_bytes=0, idle_age=1083, priority=3,in_port=1,dl_vlan=40 actions=mod_vlan_vid:2,NORMAL cookie=0x0, duration=1092.217s, table=0, n_packets=5659, n_bytes=375809, idle_age=0, priority=2,in_port=1 actions=drop cookie=0x0, duration=1093.975s, table=0, n_packets=457, n_bytes=39432, idle_age=0, priority=1 actions=NORMAL As you can see, the br-int flows don't see VLAN 40 and drop all packets from port 1, i.e. the br-vlan bridge. <title></title> <basefont size="2" face="Arial"> I'm out of ideas how to fix this. Before I install Ubuntu 13.04 and rebuild this thing, I thought somebody on this list understands what's happening. Best regards / Mit freundlichen Grüßen Lutz Christoph -- Lutz Christoph arago Institut für komplexes Datenmanagement AG Eschersheimer Landstraße 526 - 532 60433 Frankfurt am Main eMail: lchristoph@arago.de - www: http://www.arago.de Tel: 0172/6301004 Mobil: 0172/6301004 <a href="http://www.cloudops.de/"><img border="0" height="88" width="350" src="http://www.arago.net/wp-content/uploads/2013/06/EmailSignatur1.png"> </a> -- Bankverbindung: Frankfurter Sparkasse, BLZ: 500 502 01, Kto.-Nr.: 79343 Vorstand: Hans-Christian Boos, Martin Friedrich Vorsitzender des Aufsichtsrats: Dr. Bernhard Walther Sitz: Kronberg im Taunus - HRB 5731 - Registergericht: Königstein i.Ts Ust.Idnr. DE 178572359 - Steuernummer 2603 003 228 43435 </div> </div> </body> </html>