Juniper Openstack

vrouter uses MAC 00:00:5E:00:01:00 instead of MAC 00:00:5E:00:01:<vrrp-group-id> as a destination MAC to send frames to a service instance using VRRP and allowed address pair

  1. Series r3.0
  2. Bug #1583200
Bug #1583200 reported by Guilhem Tesseyre
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R3.0
Fix Committed
High
Naveen N
Juniper Openstack r3.0.3.0
R3.0.2.x
Fix Committed
High
Naveen N
Juniper Openstack r3.0.2.1
Trunk
Fix Committed
High
Naveen N
Juniper Openstack r3.1.0.0-fcs

Bug Description

The situation is as follow :
 - Active/Backup service chaining using port tuples
 - 2 Ubuntu VMs for the service instance, using VRRPD to elect a master, and allowed address pair to add the VIP address
 - Packets are dropped on the active VM

While configuring the service instance to be in active/backup mode we pass in the allowed address pair parameters the VIP address and the VRRP MAC address corresponding with the VIP.
We can see all this parameters when looking at the config node.
However when we run a tcpdump on the left interface of the VM being the VRRP master, we see incoming traffic arriving with a destination mac set with the value 00:00:5E:00:01:00 and not 00:00:5E:00:01:<id>. Hence, the VM drops the traffic and we don't see anything coming out on the right interface.

Tags: csg vrouter
Rudra Rugge (rrugge)
Changed in juniperopenstack:
assignee: nobody → Hari Prasad Killi (haripk)
Nischal Sheth (nsheth)
information type: Proprietary → Public
Revision history for this message
Hari Prasad Killi (haripk) wrote :

Hi Naveen, Ganesha,

I tried with the –n option enabled and it worked. Indeed, when you turn that option on, the VRRP MAC is not configured on the interface which sticks with its interface MAC and traffic is flowing.
You’re right, I think we got confused while looking at it with Nischal, because the destination MAC is actually the first field … and not the second, sorry about that :)…, so 00:00:5E:00:01:00 is actually the source MAC in our case.

However, if the service instance, whatever it is (Ubuntu, vSRX, etc…) replaces its interface MAC by the VRRP MAC and doesn’t carry the native one, like VRRPD without the –n option did on my Ubuntu instances, then it will not work. Let me know if going further you plan to change the destination MAC to the VRRP MAC that is configured with AAP.

FYI, I tested a failover, I noticed the following :
If I only turn down, from CLI on the VM itself, the left interface of the master service VM it doesn’t switch over. I see that the VIP appears on the backup VM but if I run a tcpdump on the tap interface for left interface of the master service VM I can see that traffic is still sent there (same capture/output than below). I need to literally turn off the VM to switch traffic over to the backup VM. What kind of tracking are we doing to check wether the VIP is on one VM or the other and update the routing tables accordingly ?

Thank you for your help guys.

Regards,
Guilhem
From: Ganesha H V <email address hidden>
Date: Friday, May 20, 2016 at 4:05 AM
To: Naveen N <email address hidden>, Guilhem Tesseyre <email address hidden>
Cc: Hari Prasad Killi <email address hidden>, Praveen K V <email address hidden>
Subject: Re: Bug #1583200 vrouter uses MAC 00:00:5E:00:01:00 instead of MAC 00:00:5E:00:01::<vrrp_id>

Hi Gulhem,

Can you set the -n option in the vrrpd cli and check?

Thanks & Regards,
Ganesha HV.
"To be conscious that you're ignorant, is a great step to success" - Dr.Kalam
From: Naveen N
Sent: Friday, May 20, 2016 3:29:22 PM
To: Guilhem Tesseyre
Cc: Hari Prasad Killi; Praveen K V; Ganesha H V
Subject: Re: Bug #1583200 vrouter uses MAC 00:00:5E:00:01:00 instead of MAC 00:00:5E:00:01::<vrrp_id>

Hi Guilhem,
  We are sending packet to VM with its interface mac(02:72:cd:d7:c6:81). Ideally VM should accept
packet with interface mac and vrrp mac, because it owns both vrrp mac and interface mac.

vrrpd has a option to do this? Ganesh can u help with command used in sanity?

I will check with Harshad, if we want to send packet with vrrp mac for AAP traffic.

Regards
Naveen N

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/21408
Submitter: Naveen N (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/21408
Committed: http://github.org/Juniper/contrail-controller/commit/00a4123cc79038302eab6d1afb60077a286b8b83
Submitter: Zuul
Branch: master

commit 00a4123cc79038302eab6d1afb60077a286b8b83
Author: Naveen N <email address hidden>
Date: Fri Jun 24 14:01:56 2016 +0530

* Use Allowed address pair mac while sending traffic to AAP route

Currently agent used to send traffic to AAP destination with its
interface mac, changing it to send with mac configured in AAP
1> Allocated a new label for AAP route such that label can point to
different interface NH
2> Make mac as key component in interface NH
Test case for same.
Closes-bug:#1583200

Change-Id: I9a7980a9b4dc2acb204350cad8d7cae2570e545e

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0

Review in progress for https://review.opencontrail.org/21754
Submitter: Naveen N (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0.2.x

Review in progress for https://review.opencontrail.org/21873
Submitter: Naveen N (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/21873
Committed: http://github.org/Juniper/contrail-controller/commit/74fc522097ed9f3c4b5217cd2ae0e1d123a4ff5b
Submitter: Zuul
Branch: R3.0.2.x

commit 74fc522097ed9f3c4b5217cd2ae0e1d123a4ff5b
Author: Naveen N <email address hidden>
Date: Fri Jun 24 14:01:56 2016 +0530

* Use Allowed address pair mac while sending traffic to AAP route

Currently agent used to send traffic to AAP destination with its
interface mac, changing it to send with mac configured in AAP
1> Allocated a new label for AAP route such that label can point to
different interface NH
2> Make mac as key component in interface NH
Test case for same.
Closes-bug:#1583200

Change-Id: Icf6d6b48329fdfee4df73efe5280376c05cc801d

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0

Review in progress for https://review.opencontrail.org/21754
Submitter: Naveen N (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/21754
Committed: http://github.org/Juniper/contrail-controller/commit/05e245ab14f7c9a4fb148c33d7f25ba17cde34eb
Submitter: Zuul
Branch: R3.0

commit 05e245ab14f7c9a4fb148c33d7f25ba17cde34eb
Author: Naveen N <email address hidden>
Date: Fri Jun 24 14:01:56 2016 +0530

* Use Allowed address pair mac while sending traffic to AAP route

Currently agent used to send traffic to AAP destination with its
interface mac, changing it to send with mac configured in AAP
1> Allocated a new label for AAP route such that label can point to
different interface NH
2> Make mac as key component in interface NH
Test case for same.
Closes-bug:#1583200

Change-Id: Icf6d6b48329fdfee4df73efe5280376c05cc801d

Guilhem Tesseyre (guilhem-tesseyre)
tags: added: csg
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.