vxlan ttl defaults to 1

Bug #1755790 reported by Jonathan Rosser
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack-Ansible
Fix Released
Medium
Jonathan Rosser

Bug Description

No value is set for ttl in the [vxlan] section of linuxbridge_agent.ini, therefore the default linux TTL of 1 is used for packets leaving the vtep.

Here is an example for an instance arp packet leaving a compute host:

18:33:34.303003 7c:fe:90:de:08:20 > 01:00:5e:01:01:01, ethertype 802.1Q (0x8100), length 96: vlan 1941, p 0, ethertype IPv4, (tos 0x0, ttl 1, id 61202, offset 0, flags [none], proto UDP (17), length 78)
     10.41.1.130.55479 > 239.1.1.1.8472: [no cksum] OTV, flags [I] (0x08), overlay 0, instance 10045
fa:16:3e:22:7a:77 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.100.17 tell 192.168.100.12, length 28

The outer ethernet frame ttl=1 means that the vxlan packets are dropped at the next hop router in a l3 environment as the ttl is decremented to 0 at that point.

This has no impact in an AIO, MNAIO or l2 underlay deployment, but will break with a l3 underlay as described in the documentation [1].

Two things could be done:

* By default set a more appropriate ttl in the linuxbridge ini file.

* Include the necessary variables in the deploy guide example [1].

neutron_linuxbridge_agent_ini_overrides:
  vxlan:
    ttl: 32

[1] https://docs.openstack.org/project-deploy-guide/openstack-ansible/queens/app-config-pod.html

Revision history for this message
Jean-Philippe Evrard (jean-philippe-evrard) wrote :

good catch. Seems legit to me.

Changed in openstack-ansible:
status: New → Confirmed
importance: Undecided → Medium
assignee: nobody → Jean-Philippe Evrard (jean-philippe-evrard)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to openstack-ansible-os_neutron (master)

Fix proposed to branch: master
Review: https://review.openstack.org/636676

Changed in openstack-ansible:
assignee: Jean-Philippe Evrard (jean-philippe-evrard) → Jonathan Rosser (jrosser)
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to openstack-ansible-os_neutron (master)

Reviewed: https://review.openstack.org/636676
Committed: https://git.openstack.org/cgit/openstack/openstack-ansible-os_neutron/commit/?id=43f4fe7b3a270b5590d0f083eebf437fbed945a6
Submitter: Zuul
Branch: master

commit 43f4fe7b3a270b5590d0f083eebf437fbed945a6
Author: Jonathan Rosser <email address hidden>
Date: Wed Feb 13 16:52:52 2019 +0000

    Set appropriate default for vxlan multicast ttl

    Currently no default is set which means vlxan multicast traffic
    is dropped at the first L3 router. This patch increases the default
    to 32 which is sufficient for any reasonable network fabric and
    can be overridden if necessary.

    Without this patch vxlan project networks on a routed underlay network
    are not functional

    Change-Id: Iddf2e412b3d1f23362d94a7eabd8c062d68ae287
    Closes-Bug: 1755790

Changed in openstack-ansible:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_neutron stein-eol

This issue was fixed in the openstack/openstack-ansible-os_neutron stein-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_neutron train-eol

This issue was fixed in the openstack/openstack-ansible-os_neutron train-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_neutron ussuri-eol

This issue was fixed in the openstack/openstack-ansible-os_neutron ussuri-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_neutron yoga-eom

This issue was fixed in the openstack/openstack-ansible-os_neutron yoga-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_neutron victoria-eom

This issue was fixed in the openstack/openstack-ansible-os_neutron victoria-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_neutron wallaby-eom

This issue was fixed in the openstack/openstack-ansible-os_neutron wallaby-eom release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/openstack-ansible-os_neutron xena-eom

This issue was fixed in the openstack/openstack-ansible-os_neutron xena-eom release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.