settingsLogin | Registersettings

how to allow vlan tagged traffic to be sent from SR-IOV based VM?

0 votes

Hey all,

I currently have liberty OpenStack setup (installed using RDO).

I configured SR-IOV on this setup (see configuration files attached), and started a VM.

When I pass vlan-tagged traffic I see that although it sent via VF it is not passing the PF (tcpdump shows nothing). I checked dmesg and saw no spoofed packets. Also, when using non vlan-tagged traffic I do see packets arrive at the PF.

Has anyone experienced this issue?

Thanks in advance,
Shaham

asked Nov 17, 2015 in openstack by shahamf (160 points)   1 1 3

6 Responses

0 votes
responded Nov 17, 2015 by shahamf (160 points)   1 1 3
0 votes

Hi Shaham,

Can you elaborate what is your setup?
Is it multi host or all in one installation?
And what are you trying to ping to ? is it another SR-IOV VM (direct port) or Paravirt VM (Normal port)?

According to your configuration I see you are using intel NIC (which I am not that familiar with I use Mellanox NIC), but I will try to help
Thank,
Moshe Levi.

From: OpenStack Mailing List Archive [mailto:corpqa@gmail.com]
Sent: Tuesday, November 17, 2015 6:29 PM
To: openstack@lists.openstack.org
Subject: [Openstack] how to allow vlan tagged traffic to be sent from SR-IOV based VM?

Link: https://openstack.nimeyo.com/65515/?show=65515#q65515
From: shahamf shahamf@gmail.com

Hey all,

I currently have liberty OpenStack setup (installed using RDO).

I configured SR-IOV on this setup (see configuration files attached), and started a VM.

When I pass vlan-tagged traffic I see that although it sent via VF it is not passing the PF (tcpdump shows nothing). I checked dmesg and saw no spoofed packets. Also, when using non vlan-tagged traffic I do see packets arrive at the PF.

Has anyone experienced this issue?

Thanks in advance,
Shaham


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
responded Nov 18, 2015 by Moshe_Levi (2,920 points)   3 6

Hey Moshe,

First of all, thanks for the quick response!

Regarding my setup, this is an all-in-one RDO installation ('packstack --allinone'). OS on my server is Centos 7. As you said I use Intel 82599 10-Gigabit Ethernet controller, that I used to create virtual functions. My SR-IOV ports, which I attached to my VM, are connected to a Cisco switch which is also connected to some other linux server. I try to ping this server.

If any more info is needed, please let me know.

Shaham

0 votes

By default allinone does not use vlans, therefore you need to make the changes to allow neutron to use vlans. Try to enable that by vi the /etc/neutron/plugin.ini

you will see a section called typedrivers = vxlan and add vlan which allows you to create neutron vlans networks and if you need to map vlans you also need to modify the ml2typevlan which allows you to map physicalnetwork.
example could be networklanrange = mynet1:200:202

have a good day,
Ciao

Remo

On Nov 18, 2015, at 10:00, OpenStack Mailing List Archive corpqa@gmail.com wrote:

Link: https://openstack.nimeyo.com/65515/?show=65622#a65622
From: shahamf shahamf@gmail.com

Hey Moshe,

First of all, thanks for the quick response!

Regarding my setup, this is an all-in-one RDO installation ('packstack --allinone'). OS on my server is Centos 7. As you said I use Intel 82599 10-Gigabit Ethernet controller, that I used to create virtual functions. My SR-IOV ports, which I attached to my VM, are connected to a Cisco switch which is also connected to some other linux server. I try to ping this server.

If any more info is needed, please let me know.

Shaham

!DSPAM:1,564c40b9150975184120359! _______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

!DSPAM:1,564c40b9150975184120359!


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
responded Nov 18, 2015 by Remo_Mattei (10,500 points)   1 2 4

Hey Ciao,

Thanks for the response!

Actually I already did that configuration, but it still does not work.

My config in /etc/neutron/plugin.ini is as follows:

typedrivers = vlan
tenant
networktypes = vlan
mechanism
drivers =openvswitch,sriovnicswitch
networkvlanranges = sriovnet1:600:699,sriovnet2:700:799

Thanks,
Shaham

0 votes

how did you create the network?

here is an example on how I do it:

neutron net-create external --router:external=True --provider:networktype vlan --provider:physicalnetwork physnet1 --provider:segmentation_id 111

this command if pre-juno so syntax has changed a little but it gives you the idea on how to.

Remo

On Nov 18, 2015, at 11:09, OpenStack Mailing List Archive corpqa@gmail.com wrote:

Link: https://openstack.nimeyo.com/65515/?show=65635#c65635
From: shahamf shahamf@gmail.com

Hey Ciao,

Thanks for the response!

Actually I already did that configuration, but it still does not work.

My config in /etc/neutron/plugin.ini is as follows:

typedrivers = vlan
tenantnetworktypes = vlan
mechanismdrivers =openvswitch,sriovnicswitch
networkvlanranges = sriovnet1:600:699,sriovnet2:700:799

Thanks,
Shaham

!DSPAM:1,564c50f1207417682233506! _______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

!DSPAM:1,564c50f1207417682233506!


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
responded Nov 18, 2015 by Remo_Mattei (10,500 points)   1 2 4

Oh, I followed the guide here:

http://redhatstackblog.redhat.com/2015/04/29/red-hat-enterprise-linux-openstack-platform-6-sr-iov-networking-part-ii-walking-through-the-implementation/

So I defined my network as follows:

neutron net-create sriov-net1 –provider:networktype=vlan –provider:physicalnetwork=sriovnet –provider:segmentation_id=83

It might be that this attribute was missing: --router:external=True.
I'll try adding it and will update.

Thanks!
Shaham

update: didn't help.

0 votes

The syntax has changed do make sure to look up the option otherwise it will not work you can just use the update cli command if you cannot make it work as soon as I gay back to my laptop I can send you the new command for the external syntax let me know

Ciao

Inviato da iPhone

Il giorno 18 nov 2015, alle ore 12:31, OpenStack Mailing List Archive corpqa@gmail.com ha scritto:

Link: https://openstack.nimeyo.com/65515/?show=65642#c65642
From: shahamf shahamf@gmail.com

Oh, I followed the guide here:

http://redhatstackblog.redhat.com/2015/04/29/red-hat-enterprise-linux-openstack-platform-6-sr-iov-networking-part-ii-walking-through-the-implementation/

So I defined my network as follows:

neutron net-create sriov-net1 –provider:networktype=vlan –provider:physicalnetwork=sriovnet –provider:segmentation_id=83

It might be that this attribute was missing: --router:external=True.
I'll try adding it and will update.

Thanks!
Shaham

!DSPAM:1,564c6449281301725612212!


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

!DSPAM:1,564c6449281301725612212!


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
responded Nov 18, 2015 by Remo_Mattei (10,500 points)   1 2 4

Actually the syntax did work for me, and router:external is actually set to True, but it still did not change the behavior:

[root@localhost ~(keystoneadmin)]# neutron net-show sriovnet1
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin
stateup | True |
| id | 655041d3-d2d7-4696-acfe-c42ff94963de |
| mtu | 0 |
| name | sriovnet1 |
| provider:network
type | vlan |
| provider:physicalnetwork | sriovnet1 |
| provider:segmentation
id | 600 |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | 58c6bbb6-9261-43ea-a660-13bad7e11b17 |
| tenant_id | fc62821757474cc38e5f4c1e2b756d94 |
+---------------------------+--------------------------------------+

Shaham

0 votes

can you check the router?

do ip netns
and that shows the output of your router
can your router reach the default gw?

ip netns exec qrouter-xxxxxxx-xxxxx ifconfig

then do
ip netns exec qrouter-xxxxxxx-xxxxx route -n
then do
ip netns exec qrouter-xxxxxxx-xxxxx ping -I interface of your external side to your default gw

Remo

On Nov 18, 2015, at 14:50, OpenStack Mailing List Archive <corpqa@gmail.com corpqa@gmail.com> wrote:

Link: https://openstack.nimeyo.com/65515/?show=65664#c65664 https://openstack.nimeyo.com/65515/?show=65664#c65664
From: shahamf <shahamf@gmail.com shahamf@gmail.com>

Actually the syntax did work for me, and router:external is actually set to True, but it still did not change the behavior:

[root@localhost ~(keystoneadmin)]# neutron net-show sriovnet1
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| adminstateup | True |
| id | 655041d3-d2d7-4696-acfe-c42ff94963de |
| mtu | 0 |
| name | sriovnet1 |
| provider:networktype | vlan |
| provider:physicalnetwork | sriovnet1 |
| provider:segmentationid | 600 |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | 58c6bbb6-9261-43ea-a660-13bad7e11b17 |
| tenant_id | fc62821757474cc38e5f4c1e2b756d94 |
+---------------------------+--------------------------------------+

Shaham

!DSPAM:1,564c852065092922846480! _______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

!DSPAM:1,564c852065092922846480!


Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
responded Nov 18, 2015 by Remo_Mattei (10,500 points)   1 2 4

Hey Remo,

'ip netns exec qrouter-41f2efea-7066-4dc3-bad7-41fdab130b65 ifconfig' gives me:

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 37 bytes 4144 (4.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 37 bytes 4144 (4.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

qg-f15a424d-e6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.24.4.226 netmask 255.255.255.240 broadcast 172.24.4.239
inet6 fe80::f816:3eff:fee3:4db5 prefixlen 64 scopeid 0x20
ether fa:16:3e:e3:4d:b5 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 43 bytes 2334 (2.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

qr-0efad2ba-64: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::f816:3eff:feb0:70ad prefixlen 64 scopeid 0x20
ether fa:16:3e:b0:70:ad txqueuelen 0 (Ethernet)
RX packets 6 bytes 480 (480.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 864 (864.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

'ip netns exec qrouter-41f2efea-7066-4dc3-bad7-41fdab130b65 route -n' gives:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.24.4.225 0.0.0.0 UG 0 0 0 qg-f15a424d-e6
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 qr-0efad2ba-64
172.24.4.224 0.0.0.0 255.255.255.240 U 0 0 0 qg-f15a424d-e6

None of the above is in the subnet of my SR-IOV ports.

Also, correct me if I'm wrong, but isn't the fact that I manage to run untagged traffic implies that it's something in the configuration that I miss?

Thanks a lot for your time and help, it is much appreciated! :)

...