use provider-network extension with VLAN and OVS

Asked by Mathieu Rohon

Hi,

in Devstack, i'm trying to use the provider-extension on a VLAN network, with the OVS plugin. I only use quantum and l2-agent, i've disabled other agents.
This VLAN segment is also used to control teh openstack infractructure.
here is what i put in my ovs_quantum_plugin.ini :

network_vlan_ranges = physnet0:254:254
bridge_mappings = physnet0:br-eth0

br-eth0 is created and eth0 is attached to br-eth0

First, i create a provider network :
#quantum net-create provider-net --provider:network_type vlan --provider

->first issue, if it try to boot a VM directly on the creaed network, the VM is created without any NIC. I have to create a subnet in attached to the provider-network :
#quantum subnet-create --allocation-pool start=192.168.254.240,end=192.168.254.249 b051f8a1-ca3e-4d91-a9ca-62b1f7bca9fa 192.168.254.0/24 --enable_dhcp False

I also configure security-groups so that icmp is enabled.

once the VM is created, i configure the ip of its eth0, with the .240 ip, as allocated in quantum.

I try to ping the gateway on this network, but it doesn't work : with wireshark, i can see the ARP packet coming back to br-int, but it's not forwarded to the VM.

here are some outputs that might help :
http://paste.openstack.org/show/31799/

I don't know if it's a bug so id rather ask a quastion first.

thanks

Question information

Language:
English Edit question
Status:
Solved
For:
neutron Edit question
Assignee:
No assignee Edit question
Solved by:
Mathieu Rohon
Solved:
Last query:
Last reply:

This question was reopened

Revision history for this message
Mathieu Rohon (mathieu-rohon) said :
#1

as you can see in my paste, the :
#ovs-ofctl dump-flows br-int

arp packet which returns to the VM are dropped :

in_port(8),eth(src=00:22:83:a2:62:30,dst=fa:16:3e:de:d8:da),eth_type(0x0806),arp(sip=192.168.254.1,tip=192.168.254.240,op=2,sha=00:22:83:a2:62:30,tha=fa:16:3e:de:d8:da), packets:998, bytes:59880, used:0.628s, actions:drop

Revision history for this message
Mathieu Rohon (mathieu-rohon) said :
#2

I think that the problem comes from the fact that devstack is plugged on a port in access mode, so the vlan is poped by the switch, and the rule :
cookie=0x0, duration=4789.094s, table=0, n_packets=0, n_bytes=0, priority=3,in_port=8,dl_vlan=254 actions=mod_vlan_vid:1,NORMAL

of the br-int table doesn't work any more.

Revision history for this message
Mathieu Rohon (mathieu-rohon) said :
#3

ok it works by adding this :

ovs-ofctl add-flow br-int priority=4,in_port=8,actions=mod_vlan_vid:1,NORMAL

thanks for hearing me ;-)

Revision history for this message
Mathieu Rohon (mathieu-rohon) said :
#4

ok it works by adding this :

ovs-ofctl add-flow br-int priority=4,in_port=8,actions=mod_vlan_vid:1,NORMAL

thanks for hearing me ;-)

Revision history for this message
Mathieu Rohon (mathieu-rohon) said :
#5

just another question with quite the same config on folsom.

The difference is that i'm not in a nested environment. My eth0 is a real interface on the compute-node, bridged into br-eth0.
The providre network use br-eth0 and the vlan 254.

packets from my VM are going out from eth0, in the vlan 254, and they're coming back on eth0, in the vlan 254. but they are not forwarded to phy-br-eth0, in the bridge br-eth0.

only packets that are not tagged in a vlan are forwarded to phy-br-eth0.

Revision history for this message
Mathieu Rohon (mathieu-rohon) said :
#6

it looks like something was wrong in my config : eth0 was configured in /etc/network/interfaces
then, I manually bring it down and put it in br-eth0.
the result is that only packets untagged was send to br-eth0.

if i leave it unconfigured at startup, and then put it in br-eth0 and bring it up, tagged packets are forwarded in the bridge.