vrouter uses MAC 00:00:5E:00:01:00 instead of MAC 00:00:5E:00:01:<vrrp-group-id> as a destination MAC to send frames to a service instance using VRRP and allowed address pair
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R3.0 |
Fix Committed
|
High
|
Naveen N | |||
R3.0.2.x |
Fix Committed
|
High
|
Naveen N | |||
Trunk |
Fix Committed
|
High
|
Naveen N |
Bug Description
The situation is as follow :
- Active/Backup service chaining using port tuples
- 2 Ubuntu VMs for the service instance, using VRRPD to elect a master, and allowed address pair to add the VIP address
- Packets are dropped on the active VM
While configuring the service instance to be in active/backup mode we pass in the allowed address pair parameters the VIP address and the VRRP MAC address corresponding with the VIP.
We can see all this parameters when looking at the config node.
However when we run a tcpdump on the left interface of the VM being the VRRP master, we see incoming traffic arriving with a destination mac set with the value 00:00:5E:00:01:00 and not 00:00:5E:
Changed in juniperopenstack: | |
assignee: | nobody → Hari Prasad Killi (haripk) |
information type: | Proprietary → Public |
tags: | added: csg |
Hi Naveen, Ganesha,
I tried with the –n option enabled and it worked. Indeed, when you turn that option on, the VRRP MAC is not configured on the interface which sticks with its interface MAC and traffic is flowing.
You’re right, I think we got confused while looking at it with Nischal, because the destination MAC is actually the first field … and not the second, sorry about that :)…, so 00:00:5E:00:01:00 is actually the source MAC in our case.
However, if the service instance, whatever it is (Ubuntu, vSRX, etc…) replaces its interface MAC by the VRRP MAC and doesn’t carry the native one, like VRRPD without the –n option did on my Ubuntu instances, then it will not work. Let me know if going further you plan to change the destination MAC to the VRRP MAC that is configured with AAP.
FYI, I tested a failover, I noticed the following :
If I only turn down, from CLI on the VM itself, the left interface of the master service VM it doesn’t switch over. I see that the VIP appears on the backup VM but if I run a tcpdump on the tap interface for left interface of the master service VM I can see that traffic is still sent there (same capture/output than below). I need to literally turn off the VM to switch traffic over to the backup VM. What kind of tracking are we doing to check wether the VIP is on one VM or the other and update the routing tables accordingly ?
Thank you for your help guys.
Regards, 00:01:: <vrrp_id>
Guilhem
From: Ganesha H V <email address hidden>
Date: Friday, May 20, 2016 at 4:05 AM
To: Naveen N <email address hidden>, Guilhem Tesseyre <email address hidden>
Cc: Hari Prasad Killi <email address hidden>, Praveen K V <email address hidden>
Subject: Re: Bug #1583200 vrouter uses MAC 00:00:5E:00:01:00 instead of MAC 00:00:5E:
Hi Gulhem,
Can you set the -n option in the vrrpd cli and check?
Thanks & Regards, 00:01:: <vrrp_id>
Ganesha HV.
"To be conscious that you're ignorant, is a great step to success" - Dr.Kalam
From: Naveen N
Sent: Friday, May 20, 2016 3:29:22 PM
To: Guilhem Tesseyre
Cc: Hari Prasad Killi; Praveen K V; Ganesha H V
Subject: Re: Bug #1583200 vrouter uses MAC 00:00:5E:00:01:00 instead of MAC 00:00:5E:
Hi Guilhem, 72:cd:d7: c6:81). Ideally VM should accept
We are sending packet to VM with its interface mac(02:
packet with interface mac and vrrp mac, because it owns both vrrp mac and interface mac.
vrrpd has a option to do this? Ganesh can u help with command used in sanity?
I will check with Harshad, if we want to send packet with vrrp mac for AAP traffic.
Regards
Naveen N