From: Martinx - ジェームズ email@example.com
Sent: Thursday, July 9, 2015 8:51 PM
To: James Denton
Subject: Re: [Openstack] 99.5% of packets are disappearing somewhere between the Linux Bridge (brqxxxxzzzz-yy) and the tap (tapxxxxzzzz-yy).
On 9 July 2015 at 11:17, James Denton firstname.lastname@example.org wrote:
- I can see the untagged packets arriving at "brq50b13311-fa", by using "tcpdump -eni brq50b13311-fa";
Do you mind posting the packet capture from eth3 and the bridge on pastebin?
I don't mind, I'll just replace the public IPs before posting (and possibly MAC)...
- Actual traffic hitting physical "eth3" with VLAN tag (OK):
- Actual traffic hitting "brq50b13311-fa" without tag (OK):
- Actual traffic hitting "tap9a546be0-d6" without tag (BUGGED - missing packets):
- Actual traffic hitting vNIC "eth3" without tag (BUGGED - missing packets):
*** Only PVST, OSPF and ICMP are appearing inside the Instance (and its tap, of course) ***
For example, I can not see the string "Cisco" while running "tcpdump -eni brq50b13311-fa | grep -i cisco", so, where those packets come from (that I'm seeing on tap9a546be0-d6 and within its instance - pastebin above) ???
Those are multicast packets for PVST and OSPF from the switch and router, respectively. You might try filtering by MAC on the bridge instead of using grep to isolate those packets:
tcpdump -eni brq50b13311-fa ether dst 01:00:0c:cc:cc:cd
I would expect to see those packets on eth3 as well.
You're absolutely right!
The PVST, OSPF (and very rare ICMP) are appearing @ eth3 too (with "vlan XXXX" tagged), my bad (that grep, "ether dst" is much better, tks).
Look, inside the Instance - vNIC eth3:
tcpdump -eni eth3
Only the PVST, OSPF and ICMP packets are hitting the tapxxxxzzzz-yy interface! As expected, I can see those packets inside of the Instance as well (Pastebin above).
Why TCP/UDP isn't passing?
- I CAN NOT see the untagged packets arriving at "tap9a546be0-d6", by using "tcpdump -eni tap9a546be0-d6"!
What do your security group rules look like?
I have no Security Groups, no Firewall, no ipset...
ML2 configuration contains:
What is driving me crazy is that, on top of this very same setup (including e1000 driver), but with different vlan tag, it works!
Is it the same eth3 interface? You may want to avoid vlan 666, anyway. Never known those numbers to be lucky.
Yes, very same eth3.
LOL... I just posted this number here, to not publish private data, actual VLAN ID is different. :-P
Why it works for "VLAN X", but not for "VLAN Y", is a mystery for me.
Thank you so much for your help!
I'm seeing some debugging progress here...
Hopping to get this fixed! It is very important for the project that I'm working on.
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : email@example.com
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack