vrouter doesn't handle properly zero-tagged vlan packets
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Juniper Openstack |
Fix Committed
|
Medium
|
Anand H. Krishnan | ||
OpenContrail |
Fix Committed
|
Medium
|
Anand H. Krishnan |
Bug Description
The issue appeared on Cisco UCS platform using enic drivers: vrouter wasn't working any more on this platform since release 1.2.
It took a while to find the reason, as checksum issues were first incriminated (enic is the only driver using CHECKSUM_COMPLETE instead of CHECKSUM_
This breaks vrouter since commit [2] as vrouter doesn't handle ARP responses properly any more: packets are either trapped to the agent with zero-vlan tag or just unhandled in recent versions [3]. This results in next-hops being maked as invalid in the fabric, which prevents any communication with other hosts in the subnet.
As a workaround, native VLAN should not be used for vrouter on UCS platform, configuring vrouter to use a vlan sub-interface fixes the issue.
[1] https:/
[2] https:/
[3] https:/
Changed in opencontrail: | |
importance: | Undecided → Medium |
Changed in opencontrail: | |
assignee: | nobody → Anand H. Krishnan (anandhk) |
Changed in juniperopenstack: | |
importance: | Undecided → Medium |
assignee: | nobody → Anand H. Krishnan (anandhk) |
Changed in opencontrail: | |
status: | In Progress → Fix Committed |
Changed in juniperopenstack: | |
status: | In Progress → Fix Committed |
milestone: | none → r3.2.0.0-fcs |
But if you use VLAN tag on vrouter interface which is possible within a standard Contrail setup you loose the ability to enable dpdk feature on that compute node. Contrail is not able to configure that correctly at least not with Cisco enic (1240) nor with Intel igb (I350). Conclusion: you can't use untagged traffic to access the VLAN due to zero-vlan tag issue on Cisco UCS. You can't enable dpdk acceleration while you use VLAN taged traffic due to Contrail. Seems to be a dead end street so far.
Cisco UCS always sends untagged traffic with this dummy VLAN 0 tag, even for best effort / default QoS class traffic! Perfectly standards compliant, but highly unusual!
Juniper Contrail engineering informed about flaw via cases 2016-0310-0756 and 2016-0323-0387 (both closed), Juniper not handling the problem in JTAC.