I posted this as https://github.com/openvswitch/ovs-issues/issues/122
but I got no reply, reposting here hoping to find some help. I may be
overlooking something obvious, but I've been unable for some time to
solve this problem.
######################
I have three hosts d1,d2,d3 where a openvswitch bridge ovsbr is
configured with rstp_enabled=true and tunnels building a full mesh:
----
root@d1# ovs-vsctl show
2c932329-097d-44ff-8f44-96680bd22076
Bridge ovsbr
Port "ovsbr-tnl-ipsec_gre-d3"
Interface "ovsbr-tnl-ipsec_gre-d3"
type: ipsec_gre
options: {psk="secret", remote_ip="3.3.3.3"}
Port ovsbr
Interface ovsbr
type: internal
Port "ovsbr-tnl-ipsec_gre-d2"
Interface "ovsbr-tnl-ipsec_gre-d2"
type: ipsec_gre
options: {psk="secret", remote_ip="2.2.2.2"}
ovs_version: "2.6.0"
root@d1:~# ovs-vsctl get bridge ovsbr rstp_enable
true
----
each host has the ovsbr port attached to a linux bridge, which is then
assigned an IP address 172.23.0.x/24
----
# brctl show lbr
bridge name bridge id STP enabled interfaces
lbr 8000.2a607c80b743 no ovsbr
# ip addr show lbr
6: lbr: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP group default qlen 1000
link/ether 2a:60:7c:80:b7:43 brd ff:ff:ff:ff:ff:ff
inet 172.23.0.11/24 brd 172.23.0.255 scope global lbr
valid_lft forever preferred_lft forever
inet6 fe80::2860:7cff:fe80:b743/64 scope link
valid_lft forever preferred_lft forever
----
Everything to this point works correctly: I have various services
communicating over the 172.23.0.0/24 space without any problem.
Trying to isolate some of those services, I decided to use vlans, but I
am unable to add a fake bridge and use it for communication between
hosts: these are the commands I run on d1, the equivalent command (with
different addresses) have been run on the other hosts:
----
ovs-vsctl --if-exists del-br vlan9
ovs-vsctl add-br vlan9 ovsbr 9
ifconfig vlan9 up 172.25.0.1/24
# for good measure allow traffic through iptables
iptables -I INPUT -i vlan9 -j ACCEPT
----
If I then try pinging from d1 to 172.23.0.2 I see the packets going
untagged to the vlan9 interface
----
root@d1:~# tcpdump -nnei vlan9 net 172.25.0.0/24
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on vlan9, link-type EN10MB (Ethernet), capture size 262144
bytes
17:34:13.222732 2a:60:7c:80:b7:43 > ff:ff:ff:ff:ff:ff, ethertype ARP
(0x0806), length 42: Request who-has 172.25.0.2 tell 172.25.0.1, length
28
----
Then tagged as belonging to vlan 9 through the ovsbr interface
----
root@d1:~# tcpdump -nnei ovsbr net 172.25.0.0/24
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on ovsbr, link-type EN10MB (Ethernet), capture size 262144
bytes
17:35:15.686745 2a:60:7c:80:b7:43 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
(0x8100), length 46: vlan 9, p 0, ethertype ARP, Request who-has
172.25.0.2 tell 172.25.0.1, length 28
----
on d2 i see the tagged arp request getting to the ovsbr interface, but
there is no response
----
root@d2:~# tcpdump -nnei ovsbr net 172.25.0.0/24
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on ovsbr, link-type EN10MB (Ethernet), capture size 262144
bytes
17:38:05.670754 2a:60:7c:80:b7:43 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
(0x8100), length 46: vlan 9, p 0, ethertype ARP, Request who-has
172.25.0.2 tell 172.25.0.1, length 28
17:38:06.694696 2a:60:7c:80:b7:43 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
(0x8100), length 46: vlan 9, p 0, ethertype ARP, Request who-has
172.25.0.2 tell 172.25.0.1, length 28
17:38:07.718705 2a:60:7c:80:b7:43 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
(0x8100), length 46: vlan 9, p 0, ethertype ARP, Request who-has
172.25.0.2 tell 172.25.0.1, length 28
----
and nothing on vlan9 interface
----
root@d2:~# tcpdump -nnei vlan9 net 172.25.0.0/24
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on vlan9, link-type EN10MB (Ethernet), capture size 262144
bytes
----
I tried the same setup using tagged ports (`ovs-vsctl add-port ovsbr
vlan9 tag=9 -- set interface vlan9 type=internal`) but the results where
the same.
######################
thanks,
dario zanzico
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
