networking-ovn

VM can't ping another VM of different network on different hypervisor

Bug #1522022 reported by patrick
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
networking-ovn
Fix Released
Critical
Russell Bryant

Bug Description

Recently, I installed OVN in multi-nodes mode with devstack.

I created two vms, saying vm1(192.168.200.2, in hypervisor1), vm2 (192.168.100.6, in hypervisor2). When vm1 pings vm2, vm2 can receive the ICMP request and replied the request, but vm1 can't receive the reply message.

After diving into the OVS flows, I found the reply messages from vm2 were dropped in table 18.
cookie=0x0, duration=19893.440s, table=18, n_packets=143964, n_bytes=14108472, idle_age=0,priority=65535,ct_state=+inv+trk,metadata=0x3 actions=drop

And the conntrack entry is:
ipv4 2 icmp 1 29 src=192.168.200.2 dst=192.168.100.6 type=8 code=0 id=31635 src=192.168.100.6 dst=192.168.200.2 type=0 code=0 id=31635 mark=0 zone=1 use=2

Thanks.

Revision history for this message
Russell Bryant (russellb) wrote :

To be clear, this is two VMs on two separate Neutron networks? If so, this is a known issue in OVN. We're working on it here:

https://github.com/openvswitch/ovs/pull/92

Changed in networking-ovn:
status: New → Confirmed
assignee: nobody → Russell Bryant (russellb)
importance: Undecided → Critical
Revision history for this message
Russell Bryant (russellb) wrote :

I should also clarify that the issue I'm referring to is specific to using OVN's native L3. Is that what you're using, or are you using the Neutron L3 agent?

If you're using the L3 agent, then this is a different issue. In that case, do your security groups allow ICMP?

Revision history for this message
patrick (kldeng05) wrote :

@Russell.
Yes, The issue's topology is two VMs on two separate Neutron networks. And the issue occurred when using OVN's native L3.

Revision history for this message
Russell Bryant (russellb) wrote :

Great, thanks for clarifying! The patch I linked to on github should resolve it once we get it merged. I can't think of a way to workaround it otherwise.

Revision history for this message
Russell Bryant (russellb) wrote :

The pull request has been merged, so this should now be resolved. Please let me know if you still see this problem. Thanks!

Changed in networking-ovn:
status: Confirmed → Fix Committed
Russell Bryant (russellb)
Changed in networking-ovn:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.