End-to-End Service Health Check fails due to wrong ARP reply
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R3.1 |
Fix Committed
|
High
|
Prabhjot Singh Sethi | |||
Trunk |
Fix Committed
|
High
|
Prabhjot Singh Sethi |
Bug Description
Issue seen in latest 3.1 daily. Already discussed with Nischal.
In the following capture:
- 02:0a:88:fc:91:06 is the MAC of the VMI
- 10.1.1.5 is the IP of the VMI
- 10.1.1.7 is the IP that the vRouter dynamically allocates to source the end-to-end probes:
root@5b3s27:~# tcpdump -nei tap0a88fc91-06
16:16:22.649332 00:00:5e:00:01:00 > 02:0a:88:fc:91:06, ethertype IPv4 (0x0800), length 98: 10.1.1.7 > 10.2.2.4: ICMP echo request, id 5240, seq 2, length 64
16:16:22.653359 02:0a:88:fc:91:06 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.1.1.7 tell 10.1.1.5, length 28
16:16:22.653385 02:0a:88:fc:91:06 > 02:0a:88:fc:91:06, ethertype ARP (0x0806), length 42: Reply 10.1.1.7 is-at 02:0a:88:fc:91:06, length 28
16:16:23.251368 02:0a:88:fc:91:06 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.1.1.7 tell 10.1.1.5, length 28
16:16:23.251398 02:0a:88:fc:91:06 > 02:0a:88:fc:91:06, ethertype ARP (0x0806), length 42: Reply 10.1.1.7 is-at 02:0a:88:fc:91:06, length 28
The vRouter mistakenly sources the ARP reply from the VMI MAC, hence the VM (vSRX) doesn't accept it. Configuring a static ARP on the VM is a workaround.
tags: | added: service-chain |
information type: | Proprietary → Public |
tags: | added: vrouter |
Review in progress for https:/ /review. opencontrail. org/23634
Submitter: Prabhjot Singh Sethi (<email address hidden>)