Juniper Openstack

VM on FIP VN unable to ping FIP assigned to VM if encap is VxLAN

  1. Series r3.0
  2. Bug #1507045
Bug #1507045 reported by amit surana
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R2.20
New
Medium
Manish Singh
R3.0
New
Medium
Manish Singh
Trunk
New
Medium
Manish Singh

Bug Description

If configured encap is VxLAN, then a VM instantiated in the public VN (VN that has FIP pool) is unable to ping the FIP of a private VM. If a different encap is chosen, the ping works fine. Seems like bridging is broken in this scenario.

16.144.0.5 is a VM in a public VN that pings 16.144.0.7 which is the FIP of a private VM (12.160.0.6). The below pings are dropped due to 'invalid nh'.

15:35:36.742445 90:e2:ba:50:a9:d8 > 90:e2:ba:5e:a0:04, ethertype IPv4 (0x0800), length 148: 172.16.180.16.54689 > 172.16.180.13.4789: VXLAN, flags [I] (0x08), vni 8
02:29:ab:04:b2:cd > 02:10:75:a2:c5:1a, ethertype IPv4 (0x0800), length 98: 16.144.0.5 > 16.144.0.7: ICMP echo request, id 1913, seq 6, length 64
15:35:36.746431 90:e2:ba:50:a9:d8 > 90:e2:ba:5e:a0:04, ethertype IPv4 (0x0800), length 92: 172.16.180.16.57559 > 172.16.180.13.4789: VXLAN, flags [I] (0x08), vni 8
02:29:ab:04:b2:cd > 02:10:75:a2:c5:1a, ethertype ARP (0x0806), length 42: Request who-has 16.144.0.7 tell 16.144.0.5, length 28
15:35:37.742442 90:e2:ba:50:a9:d8 > 90:e2:ba:5e:a0:04, ethertype IPv4 (0x0800), length 148: 172.16.180.16.54689 > 172.16.180.13.4789: VXLAN, flags [I] (0x08), vni 8
02:29:ab:04:b2:cd > 02:10:75:a2:c5:1a, ethertype IPv4 (0x0800), length 98: 16.144.0.5 > 16.144.0.7: ICMP echo request, id 1913, seq 7, length 64
15:35:37.746401 90:e2:ba:50:a9:d8 > 90:e2:ba:5e:a0:04, ethertype IPv4 (0x0800), length 92: 172.16.180.16.57559 > 172.16.180.13.4789: VXLAN, flags [I] (0x08), vni 8
02:29:ab:04:b2:cd > 02:10:75:a2:c5:1a, ethertype ARP (0x0806), length 42: Request who-has 16.144.0.7 tell 16.144.0.5, length 28
^C
4 packets captured
6 packets received by filter
0 packets dropped by kernel
root@csol2-node13:~#
root@csol2-node13:~#
root@csol2-node13:~# vxlan --dump
VXLAN Table

 VNID NextHop
----------------
      4 18
      6 55
      8 43
      9 20
root@csol2-node13:~# nh --get 43
Id:43 Type:Vrf_Translate Fmly: AF_INET Flags:Valid, Vxlan, Rid:0 Ref_cnt:2 Vrf:4
              Vrf:4

root@csol2-node13:~# rt --dump 4 | grep :
Flags: L=Label Valid, P=Proxy ARP, T=Trap ARP, F=Flood ARP
16.144.0.5/32 32 LP 412 36 2:29:ab:4:b2:cd(68860)
16.144.0.7/32 32 P - 60 2:10:75:a2:c5:1a(147416)
16.144.0.8/32 32 LP 384 51 2:7:c1:27:1:30(169124)
root@csol2-node13:~# rt --dump 4 --family bridge
Kernel L2 Bridge table 0/4

Flags: L=Label Valid, Df=DHCP flood

Index DestMac Flags Label/VNID Nexthop
68860 2:29:ab:4:b2:cd LDf 8 50
75840 0:0:5e:0:1:1 LDf 8 22
140524 2:11:7c:44:be:f7 LDf 8 23
147416 2:10:75:a2:c5:1a Df - 3
169124 2:7:c1:27:1:30 LDf 8 52
196364 0:0:5e:0:1:0 Df - 3
198656 90:e2:ba:5e:a0:4 Df - 3
206596 ff:ff:ff:ff:ff:ff LDf 0 80
238524 28:c0:da:fd:2f:f0 LDf 8 22

root@csol2-node13:~# nh --get 3
Id:3 Type:L2 Receive Fmly: AF_INET Flags:Valid, Rid:0 Ref_cnt:12 Vrf:0

Tags: vrouter soln
Hari Prasad Killi (haripk)
tags: added: vrouter
amit surana (asurana-t)
summary: - VM on FIP VN unable to ping FIP of private VN if encap is VxLAN
+ VM on FIP VN unable to ping FIP assigned to VM if encap is VxLAN
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Bug update]

bug update...

Nischal Sheth (nsheth)
information type: Proprietary → Public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.