Hi,
thanks for the reply. Indeed when I delete the virtual port and set the
addresses to unknown the vip becomes reachable and failover works as well. The
problem is that after a couple of seconds all traffic will be dropped again.
External traffic, though, still works (I have a Floating IP attached), but that
might be some traffic coming in that will keep the flows in the kernel.
ubuntu@tester:~$ ping 100.64.56.254
PING 100.64.56.254 (100.64.56.254) 56(84) bytes of data.
64 bytes from 100.64.56.254: icmp_seq=1 ttl=63 time=1.08 ms
64 bytes from 100.64.56.254: icmp_seq=2 ttl=63 time=0.859 ms
64 bytes from 100.64.56.254: icmp_seq=3 ttl=63 time=0.765 ms
<FAILOVER>
64 bytes from 100.64.56.254: icmp_seq=7 ttl=64 time=1.90 ms
64 bytes from 100.64.56.254: icmp_seq=8 ttl=64 time=0.516 ms
64 bytes from 100.64.56.254: icmp_seq=9 ttl=64 time=0.203 ms
^C
--- 100.64.56.254 ping statistics ---
9 packets transmitted, 6 received, 33.3333% packet loss, time 8100ms
rtt min/avg/max/mdev = 0.203/0.887/1.901/0.530 ms
ubuntu@tester:~$ sleep 5
ubuntu@tester:~$ ping 100.64.56.254
PING 100.64.56.254 (100.64.56.254) 56(84) bytes of data.
^C
--- 100.64.56.254 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3065ms
ubuntu@tester:~$
New Port Config:
root@net-ovn-db1:~# ovn-nbctl list Logical_Switch_Port opnsense1-wan
_uuid : 2ab1d971-3d0d-4472-b3f6-4280b083a633
addresses : ["fa:16:3e:61:76:50
100.64.56.252"<fa:16:3e:61:76:50100.64.56.252>, unknown]
dhcpv4_options : 511c2df2-56dc-419c-9066-8a2430115144
dhcpv6_options : []
dynamic_addresses : []
enabled : true
external_ids : {"redacted": "true"}
ha_chassis_group : []
mirror_rules : []
name : "c9d850ee-a534-4a52-8c16-b866d0a3a6d2"
options : {mcast_flood_reports="true", requested-chassis=hv1}
parent_name : []
port_security : []
tag : []
tag_request : []
type : ""
up : true
root@net-ovn-db1:~# ovn-nbctl list Logical_Switch_Port opnsense2-wan
_uuid : 3fa4640e-c60e-41d6-928d-e698843eba8a
addresses : ["fa:16:3e:84:d8:6c
100.64.56.253"<fa:16:3e:84:d8:6c100.64.56.253>, unknown]
dhcpv4_options : 511c2df2-56dc-419c-9066-8a2430115144
dhcpv6_options : []
dynamic_addresses : []
enabled : true
external_ids : {"redacted": "true"}
ha_chassis_group : []
mirror_rules : []
name : "95531103-ea2a-4040-adc4-1f2e9c24d5b9"
options : {mcast_flood_reports="true", requested-chassis=hv2}
parent_name : []
port_security : []
tag : []
tag_request : []
type : ""
up : true
Best regards,
Justin Lamp
Am 18.10.23 um 04:26 schrieb Numan Siddique:
Hi,
I don't think you can make your case work using the virtual ports.
That's because virtual ports are bound on a chassis where one of the
virtual parents sends out the virtual mac-virtual ip.
However I think you can make it work by not using virtual ports.
In your particular case, you can try doing the below.
$ ovn-nbctl lsp-del opnsense-wan-carp-port # Delete the virtual port
# Set an unknown address for your virtual parents.
$ ovn-nbctl lsp-set-addresses c9d850ee-a534-4a52-8c16-b866d0a3a6d2 unknown
$ ovn-nbctl lsp-set-addresses 95531103-ea2a-4040-adc4-1f2e9c24d5b9 unknown
I tested it locally and it worked for me.
Before running these commands make sure that the neutron server is
down so that it doesn't overwrite your changes.
The suggestion I gave is only for your testing to make sure that it
works or not. If it works, then perhaps you need to find a proper way
to address this in neutron ml2ovn so that virtual ports are not used.
Thanks
Numan
--
Justin Lamp
Systems Engineer
NETWAYS Managed Services GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg
Tel: +49 911 92885-0 | Fax: +49 911 92885-77
CEO: Julian Hein, Bernd Erk, Sebastian Saemann | AG Nuernberg HRB25207
https://www.netways.de | justin.l...@netways.de
** OSMC 2023 - November 07-09 | Nuremberg **
** stackconf 2024 - - Stay Tuned for 2024 | Berlin - stackconf.eu **
** NETWAYS Web Services - https://nws.netways.de **
** NETWAYS Trainings - https://netways.de/trainings **
_______________________________________________
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
