Juniper Openstack

End-to-End Service Health Check fails due to wrong ARP reply

Bug #1612865 reported by Ato on 2016-08-13

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R3.1	Fix Committed	High	Prabhjot Singh Sethi	Juniper Openstack r3.1.1.0
Trunk	Fix Committed	High	Prabhjot Singh Sethi	Juniper Openstack r3.2.0.0-fcs "r3.2.0.0"

Bug Description

Issue seen in latest 3.1 daily. Already discussed with Nischal.

In the following capture:

- 02:0a:88:fc:91:06 is the MAC of the VMI
- 10.1.1.5 is the IP of the VMI
- 10.1.1.7 is the IP that the vRouter dynamically allocates to source the end-to-end probes:

root@5b3s27:~# tcpdump -nei tap0a88fc91-06

16:16:22.649332 00:00:5e:00:01:00 > 02:0a:88:fc:91:06, ethertype IPv4 (0x0800), length 98: 10.1.1.7 > 10.2.2.4: ICMP echo request, id 5240, seq 2, length 64
16:16:22.653359 02:0a:88:fc:91:06 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.1.1.7 tell 10.1.1.5, length 28
16:16:22.653385 02:0a:88:fc:91:06 > 02:0a:88:fc:91:06, ethertype ARP (0x0806), length 42: Reply 10.1.1.7 is-at 02:0a:88:fc:91:06, length 28
16:16:23.251368 02:0a:88:fc:91:06 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 10.1.1.7 tell 10.1.1.5, length 28
16:16:23.251398 02:0a:88:fc:91:06 > 02:0a:88:fc:91:06, ethertype ARP (0x0806), length 42: Reply 10.1.1.7 is-at 02:0a:88:fc:91:06, length 28

The vRouter mistakenly sources the ARP reply from the VMI MAC, hence the VM (vSRX) doesn't accept it. Configuring a static ARP on the VM is a workaround.

Tags:

Nischal Sheth (nsheth) on 2016-08-13

tags:	added: service-chain
information type:	Proprietary → Public

Hari Prasad Killi (haripk) on 2016-08-17

tags:

added: vrouter

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-08-26: [Review update] master

Review in progress for https://review.opencontrail.org/23634
Submitter: Prabhjot Singh Sethi (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-08-26: [Review update] R3.1

Review in progress for https://review.opencontrail.org/23635
Submitter: Prabhjot Singh Sethi (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-08-27: [Review update] master

Review in progress for https://review.opencontrail.org/23634
Submitter: Prabhjot Singh Sethi (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-08-27: [Review update] R3.1

Review in progress for https://review.opencontrail.org/23635
Submitter: Prabhjot Singh Sethi (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-08-30: [Review update] master

Review in progress for https://review.opencontrail.org/23634
Submitter: Prabhjot Singh Sethi (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-08-30: [Review update] R3.1

#11

Review in progress for https://review.opencontrail.org/23635
Submitter: Prabhjot Singh Sethi (<email address hidden>)

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-08-30: A change has been merged

#13

Reviewed: https://review.opencontrail.org/23634
Committed: http://github.org/Juniper/contrail-controller/commit/0f8450cab7986231188b4e13f609c0526ee428d2
Submitter: Zuul
Branch: master

commit 0f8450cab7986231188b4e13f609c0526ee428d2
Author: Prabhjot Singh Sethi <email address hidden>
Date: Tue Aug 30 14:31:27 2016 +0530

Fix ARP response for health check IP

Issue:
------
Vrouter use to respond to health check service IP's ARP
with interface MAC which is incorrect as the interface
itself doesnot host the health check service IP

Fix:
----
Vrouter to proxy ARP for health check service IP with
Vrouter MAC, no evpn route export for health check
service IP

Closes-Bug: 1612865
Change-Id: If4c0b25730e3ca1c3966eff469c1b882df95bbb2

Revision history for this message

OpenContrail Admin (ci-admin-f) wrote on 2016-09-01:

#14

Reviewed: https://review.opencontrail.org/23635
Committed: http://github.org/Juniper/contrail-controller/commit/24433e39973e3a4a2491fcb4f1170f100834dc08
Submitter: Zuul
Branch: R3.1

commit 24433e39973e3a4a2491fcb4f1170f100834dc08
Author: Prabhjot Singh Sethi <email address hidden>
Date: Tue Aug 30 14:31:27 2016 +0530

Fix ARP response for health check IP

Issue:
------
Vrouter use to respond to health check service IP's ARP
with interface MAC which is incorrect as the interface
itself doesnot host the health check service IP

Fix:
----
Vrouter to proxy ARP for health check service IP with
Vrouter MAC, no evpn route export for health check
service IP

Closes-Bug: 1612865
Change-Id: If4c0b25730e3ca1c3966eff469c1b882df95bbb2
(cherry picked from commit 0f8450cab7986231188b4e13f609c0526ee428d2)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.