Install guide: Add arp_ignore (sysctl.conf) to the other IP options
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Invalid
|
Undecided
|
Unassigned | ||
neutron |
Invalid
|
Undecided
|
Unassigned | ||
openstack-manuals |
Fix Released
|
Low
|
Unassigned |
Bug Description
We are facing a very strange behaviour of ARP in tenant networks, causing Windows guests to incorrectly decline DHCP addresses. These VMs apparently do an ARP request for the address they have been offered, discarding them in case a different MAC is reporting to own that IP already.
We are using openvswitch-agent with ml2 plugin.
Investigating this issue using Linux guests. Please look at the following example. A VM with the fixed-ip 192.168.1.15 reports the following ARP cache:
root@
Address HWtype HWaddress Flags Mask Iface
host-
192.168.1.13 ether a6:b2:dc:d8:39:c1 C eth0
192.168.1.119 (incomplete) eth0
host-
host-
host-
192.168.1.14 ether 0e:bf:04:b7:ed:52 C eth0
Both 192.168.1.13 and 192.168.1.14 do not exist in this subnet, and their MAC addresses a6:b2:dc:d8:39:c1 and 0e:bf:04:b7:ed:52 actually belong to other instance qbr* and qvb* devices, living on their respective hypervisor hosts!
Looking at 0e:bf:04:b7:ed:52, for example, yields
# ip link list | grep -C1 -e 0e:bf:04:b7:ed:52
59: qbr9ac24ac1-e1: <BROADCAST,
link/ether 0e:bf:04:b7:ed:52 brd ff:ff:ff:ff:ff:ff
60: qvo9ac24ac1-e1: <BROADCAST,
--
61: qvb9ac24ac1-e1: <BROADCAST,
link/ether 0e:bf:04:b7:ed:52 brd ff:ff:ff:ff:ff:ff
62: tap9ac24ac1-e1: <BROADCAST,
on the compute node. Using tcpdump on qbr9ac24ac1-e1 on the host and triggering a fresh ARM lookup from the guest results in
# tcpdump -i qbr9ac24ac1-e1 -vv -l | grep ARP
tcpdump: WARNING: qbr9ac24ac1-e1: no IPv4 address assigned
tcpdump: listening on qbr9ac24ac1-e1, link-type EN10MB (Ethernet), capture size 65535 bytes
14:00:32.089726 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.1.14 tell 192.168.1.15, length 28
14:00:32.089740 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.14 is-at 0e:bf:04:b7:ed:52 (oui Unknown), length 28
14:00:32.090141 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.14 is-at 7a:a5:71:63:47:94 (oui Unknown), length 28
14:00:32.090160 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.14 is-at 02:f9:33:d5:04:0d (oui Unknown), length 28
14:00:32.090168 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.1.14 is-at 9a:a0:46:e4:03:06 (oui Unknown), length 28
Four different devices are claiming to own the non-existing IP address! Looking them up in neutron shows they are all related to existing ports on the subnet, but different ones:
# neutron port-list | grep -e 47fbb8b5-55 -e 46647cca-32 -e e9e2d7c3-7e -e 9ac24ac1-e1
| 46647cca-
| 47fbb8b5-
| 9ac24ac1-
| e9e2d7c3-
Environment:
Host: Ubuntu server 14.04
Kernel: linux-image-
OpenStack Kilo:
# dpkg -l | grep -e nova -e neutron
ii neutron-common 1:2015.
ii neutron-plugin-ml2 1:2015.
ii neutron-
ii nova-common 1:2015.
ii nova-compute 1:2015.
ii nova-compute-kvm 1:2015.
ii nova-compute-
ii python-neutron 1:2015.
ii python-
ii python-
ii python-nova 1:2015.
ii python-novaclient 1:2.22.
Changed in openstack-manuals: | |
assignee: | nobody → Ryan Selden (ryanx-seldon) |
Changed in openstack-manuals: | |
assignee: | Ryan Selden (ryanx-seldon) → nobody |
Changed in openstack-manuals: | |
assignee: | Alexandra Settle (alexandra-settle) → nobody |
assignee: | nobody → cat lookabaugh (cat-lookabaugh) |
Changed in openstack-manuals: | |
assignee: | cat lookabaugh (cat-lookabaugh) → nobody |
Changed in openstack-manuals: | |
assignee: | nobody → Alexandra Settle (alexandra-settle) |
importance: | Medium → Low |
status: | Triaged → Confirmed |
tags: |
added: install-guide removed: arp nova ovs subnet tenant |
Changed in openstack-manuals: | |
assignee: | Alexandra Settle (alexandra-settle) → nobody |
Changed in openstack-manuals: | |
status: | Confirmed → Fix Released |
Changed in neutron: | |
status: | New → Invalid |
This feels like it needs neutron experts to weigh in because under this kind of environment the network setup is basically done by neutron.