share_dhcp_address patch results in hyp unable to ping VM on another hyp

Bug #1176248 reported by Vinay
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Undecided
Unassigned

Bug Description

We have openstack folsom installed on ubuntu in multi_host mode.

We decided to apply the shared_dhcp_address patch because we were using a lot of small tenants on a medium-ish cluster
(50+ compute nodes).

https://review.openstack.org/#/c/16578/

However after application of the patch we found that the hypervisor is unable to ping a VM on another hypervisor.
Before the patch this was working successfully.

Can anyone throw some light as to what could be happening here.

The ICMP packet does reach the VM and VM tries to send a ICMP echo reply but instead gets back an error saying destination
not found.

Revision history for this message
Russell Bryant (russellb) wrote :

Since this patch isn't in Folsom officially, this isn't really something we can support. You can try the openstack mailing list, though.

If you're able to reproduce a problem using grizzly or the latest code in master, feel free to reopen. Thanks!

Changed in nova:
status: New → Invalid
Revision history for this message
Vinay (vingup2005) wrote :

OK. we understand now why we cannot access VMs on another hyp. It is because ebtables rules are blocking arp traffic made by the dnsmasq gateway IP.

What is the real reason behind putting those ebtables rules? What we have found that when we dropped the rules (manually),
the communication seems to go through. So want to understand what is the purpose of those rules.

Thanks Again!

Vinay (vingup2005)
Changed in nova:
status: Invalid → Opinion
status: Opinion → New
Revision history for this message
Russell Bryant (russellb) wrote :

This isn't a great discussion forum. Please try the openstack mailing list or ask.openstack.org

Changed in nova:
status: New → Invalid
Jiajun Liu (ljjjustin)
Changed in nova:
assignee: nobody → Jiajun Liu (ljjjustin)
Revision history for this message
Jiajun Liu (ljjjustin) wrote :

when we ping VM from hypervisor, the hypervisor will use the shared dhcp address as source ip address. however, the ebtables rule added in https://review.openstack.org/#/c/16578/ will drop those packets who's source ip address is shared dhcp address. so we can not ping VM from hypervisor. We need to change the ebtable rules in order to allow the hypervisor to ping VM.

Changed in nova:
status: Invalid → Confirmed
Revision history for this message
Jian Wen (wenjianhn) wrote :

I don't think this is a bug.
With share_dhcp_address turned on, this behavior is expected.

You can access the instance on the host of the instance. By doing
so, the DHCP address on the host is used.

Jiajun Liu (ljjjustin)
Changed in nova:
assignee: Jiajun Liu (ljjjustin) → nobody
status: Confirmed → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers