yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #40660
[Bug 1512199] [NEW] change vm fixed ips will cause unable to communicate to vm in other network
Public bug reported:
I use dvr+kilo, vxlan. The environment is like:
vm2-2<- compute1 ----------vxlan------------- comupte2 ->vm2-1
vm3-1<-
vm2-1<- net2 ---------router1--------- net3 ->vm3-1
vm2-2<-
vm2-1(192.168.2.3) and vm2-2(192.168.2.4) are in the same net(net2 192.168.2.0/24) but not assigned to the same compute node. vm3-1 is in net3(192.168.3.0/24). net2 and net3 are connected by router1. The three vms are in default security-group. Not use firewall.
1. Using command below to change the ip of vm2-1.
neutron port-update portID --fixed-ip subnet_id=subnetID,ip_address=192.168.2.10 --fixed-ip subnet_id=subnetID,ip_address=192.168.2.20
In vm2-1 using "sudo udhcpc"(carrios) to get ip, the dhcp message is correct but the ip not changed.
Then reboot vm2-1. The ip of vm2-1 turned to be 192.168.2.20.
2. Using vm2-2 could ping 192.168.2.20 successfully . But vm3-1 could
not ping 192.168.2.20 successfully.
By capturing packets and looking for related information, the reason maybe:
1. newIP(192.168.2.20) and MAC of vm2-1 was not wrote to arp cache in the namespace of router1 in compute1 node.
2. In dvr mode, the arp request from gw port(192.168.2.1) from compute1 to vm2-1 was dropped by flowtable in compute2. So the arp request(192.168.2.1->192.168.2.20) could not arrive at vm2-1.
3. For vm2-2, the arp request(192.168.2.4->192.168.2.20) was not dropped and could connect with vm2-1.
In my opinion, if both new fixed IPs of vm2-1(192.168.2.10 and
102.168.2.20) and MAC is wrote to arp cache in namespace of router1 in
compute1 node, the problem will resolved. But only one ip(192.168.2.10)
and MAC is wrote.
BTW, if only set one fixed ip for vm2-1, it works fine. But if set two
fixed ips for vm2-1, the problem above most probably happens.
** Affects: neutron
Importance: Undecided
Status: New
** Description changed:
I use dvr+kilo, vxlan. The environment is like:
- __________ __________
- | compute1 | | comupte2 | router1
- |__________| ---vxlan--- |__________ | / \
- / \ | net2 net3
- vm2-2 vm3-1 vm2-1 / \ |
- vm2-1 vm2-2 vm3-1
+ _____________ _____________
+ | compute1 | | comupte2 |
+ |_____________| ---vxlan--- |____________ |
+ / \ |
+ vm2-2 vm3-1 vm2-1
+
- vm2-1(192.168.2.3) and vm2-2(192.168.2.4) are in the same net(net2
- 192.168.2.0/24) but not assigned to the same compute node. vm3-1 is in
- net3(192.168.3.0/24). net2 and net3 are connected by router1. The three
- vms are in default security-group. Not use firewall.
+ router1
+ / \
+ net2 net3
+ / \ |
+ vm2-1 vm2-2 vm3-1
+ vm2-1(192.168.2.3) and vm2-2(192.168.2.4) are in the same net(net2 192.168.2.0/24) but not assigned to the same compute node. vm3-1 is in net3(192.168.3.0/24). net2 and net3 are connected by router1. The three vms are in default security-group. Not use firewall.
- 1. Using command below to change the ip of vm2-1.
+ 1. Using command below to change the ip of vm2-1.
neutron port-update portID --fixed-ip subnet_id=subnetID,ip_address=192.168.2.10 --fixed-ip subnet_id=subnetID,ip_address=192.168.2.20
- In vm2-1 using "sudo udhcpc"(carrios) to get ip, the dhcp message is correct but the ip not changed.
+ In vm2-1 using "sudo udhcpc"(carrios) to get ip, the dhcp message is correct but the ip not changed.
Then reboot vm2-1. The ip of vm2-1 turned to be 192.168.2.20.
2. Using vm2-2 could ping 192.168.2.20 successfully . But vm3-1 could
not ping 192.168.2.20 successfully.
By capturing packets and looking for related information, the reason maybe:
1. newIP(192.168.2.20) and MAC of vm2-1 was not wrote to arp cache in the namespace of router1 in compute1 node.
2. In dvr mode, the arp request from gw port(192.168.2.1) from compute1 to vm2-1 was dropped by flowtable in compute2. So the arp request(192.168.2.1->192.168.2.20) could not arrive at vm2-1.
3. For vm2-2, the arp request(192.168.2.4->192.168.2.20) was not dropped and could connect with vm2-1.
In my opinion, if both new fixed IPs of vm2-1(192.168.2.10 and
102.168.2.20) and MAC is wrote to arp cache in namespace of router1 in
compute1 node, the problem will resolved. But only one ip(192.168.2.10)
and MAC is wrote.
BTW, if only set one fixed ip for vm2-1, it works fine. But if set two
fixed ips for vm2-1, the problem above most probably happens.
** Description changed:
I use dvr+kilo, vxlan. The environment is like:
- _____________ _____________
- | compute1 | | comupte2 |
- |_____________| ---vxlan--- |____________ |
- / \ |
- vm2-2 vm3-1 vm2-1
-
+
+ compute1 ---vxlan--- comupte2
+ / \ |
+ vm2-2 vm3-1 vm2-1
- router1
- / \
- net2 net3
- / \ |
+ router1
+ / \
+ net2 net3
+ / \ |
vm2-1 vm2-2 vm3-1
vm2-1(192.168.2.3) and vm2-2(192.168.2.4) are in the same net(net2 192.168.2.0/24) but not assigned to the same compute node. vm3-1 is in net3(192.168.3.0/24). net2 and net3 are connected by router1. The three vms are in default security-group. Not use firewall.
1. Using command below to change the ip of vm2-1.
neutron port-update portID --fixed-ip subnet_id=subnetID,ip_address=192.168.2.10 --fixed-ip subnet_id=subnetID,ip_address=192.168.2.20
In vm2-1 using "sudo udhcpc"(carrios) to get ip, the dhcp message is correct but the ip not changed.
Then reboot vm2-1. The ip of vm2-1 turned to be 192.168.2.20.
2. Using vm2-2 could ping 192.168.2.20 successfully . But vm3-1 could
not ping 192.168.2.20 successfully.
By capturing packets and looking for related information, the reason maybe:
1. newIP(192.168.2.20) and MAC of vm2-1 was not wrote to arp cache in the namespace of router1 in compute1 node.
2. In dvr mode, the arp request from gw port(192.168.2.1) from compute1 to vm2-1 was dropped by flowtable in compute2. So the arp request(192.168.2.1->192.168.2.20) could not arrive at vm2-1.
3. For vm2-2, the arp request(192.168.2.4->192.168.2.20) was not dropped and could connect with vm2-1.
In my opinion, if both new fixed IPs of vm2-1(192.168.2.10 and
102.168.2.20) and MAC is wrote to arp cache in namespace of router1 in
compute1 node, the problem will resolved. But only one ip(192.168.2.10)
and MAC is wrote.
BTW, if only set one fixed ip for vm2-1, it works fine. But if set two
fixed ips for vm2-1, the problem above most probably happens.
** Description changed:
I use dvr+kilo, vxlan. The environment is like:
-
- compute1 ---vxlan--- comupte2
- / \ |
- vm2-2 vm3-1 vm2-1
+
+ compute1 ---vxlan--- comupte2 ->vm2-1
+ / \
+ vm2-2 vm3-1
router1
/ \
net2 net3
/ \ |
vm2-1 vm2-2 vm3-1
vm2-1(192.168.2.3) and vm2-2(192.168.2.4) are in the same net(net2 192.168.2.0/24) but not assigned to the same compute node. vm3-1 is in net3(192.168.3.0/24). net2 and net3 are connected by router1. The three vms are in default security-group. Not use firewall.
1. Using command below to change the ip of vm2-1.
neutron port-update portID --fixed-ip subnet_id=subnetID,ip_address=192.168.2.10 --fixed-ip subnet_id=subnetID,ip_address=192.168.2.20
In vm2-1 using "sudo udhcpc"(carrios) to get ip, the dhcp message is correct but the ip not changed.
Then reboot vm2-1. The ip of vm2-1 turned to be 192.168.2.20.
2. Using vm2-2 could ping 192.168.2.20 successfully . But vm3-1 could
not ping 192.168.2.20 successfully.
By capturing packets and looking for related information, the reason maybe:
1. newIP(192.168.2.20) and MAC of vm2-1 was not wrote to arp cache in the namespace of router1 in compute1 node.
2. In dvr mode, the arp request from gw port(192.168.2.1) from compute1 to vm2-1 was dropped by flowtable in compute2. So the arp request(192.168.2.1->192.168.2.20) could not arrive at vm2-1.
3. For vm2-2, the arp request(192.168.2.4->192.168.2.20) was not dropped and could connect with vm2-1.
In my opinion, if both new fixed IPs of vm2-1(192.168.2.10 and
102.168.2.20) and MAC is wrote to arp cache in namespace of router1 in
compute1 node, the problem will resolved. But only one ip(192.168.2.10)
and MAC is wrote.
BTW, if only set one fixed ip for vm2-1, it works fine. But if set two
fixed ips for vm2-1, the problem above most probably happens.
** Description changed:
I use dvr+kilo, vxlan. The environment is like:
- compute1 ---vxlan--- comupte2 ->vm2-1
- / \
- vm2-2 vm3-1
+ vm2-2<- compute1 ---vxlan--- comupte2 ->vm2-1
+ /
+ vm3-1
router1
/ \
net2 net3
/ \ |
vm2-1 vm2-2 vm3-1
vm2-1(192.168.2.3) and vm2-2(192.168.2.4) are in the same net(net2 192.168.2.0/24) but not assigned to the same compute node. vm3-1 is in net3(192.168.3.0/24). net2 and net3 are connected by router1. The three vms are in default security-group. Not use firewall.
1. Using command below to change the ip of vm2-1.
neutron port-update portID --fixed-ip subnet_id=subnetID,ip_address=192.168.2.10 --fixed-ip subnet_id=subnetID,ip_address=192.168.2.20
In vm2-1 using "sudo udhcpc"(carrios) to get ip, the dhcp message is correct but the ip not changed.
Then reboot vm2-1. The ip of vm2-1 turned to be 192.168.2.20.
2. Using vm2-2 could ping 192.168.2.20 successfully . But vm3-1 could
not ping 192.168.2.20 successfully.
By capturing packets and looking for related information, the reason maybe:
1. newIP(192.168.2.20) and MAC of vm2-1 was not wrote to arp cache in the namespace of router1 in compute1 node.
2. In dvr mode, the arp request from gw port(192.168.2.1) from compute1 to vm2-1 was dropped by flowtable in compute2. So the arp request(192.168.2.1->192.168.2.20) could not arrive at vm2-1.
3. For vm2-2, the arp request(192.168.2.4->192.168.2.20) was not dropped and could connect with vm2-1.
In my opinion, if both new fixed IPs of vm2-1(192.168.2.10 and
102.168.2.20) and MAC is wrote to arp cache in namespace of router1 in
compute1 node, the problem will resolved. But only one ip(192.168.2.10)
and MAC is wrote.
BTW, if only set one fixed ip for vm2-1, it works fine. But if set two
fixed ips for vm2-1, the problem above most probably happens.
** Description changed:
I use dvr+kilo, vxlan. The environment is like:
vm2-2<- compute1 ---vxlan--- comupte2 ->vm2-1
- /
- vm3-1
+ vm3-1<-
+
router1
/ \
net2 net3
/ \ |
vm2-1 vm2-2 vm3-1
vm2-1(192.168.2.3) and vm2-2(192.168.2.4) are in the same net(net2 192.168.2.0/24) but not assigned to the same compute node. vm3-1 is in net3(192.168.3.0/24). net2 and net3 are connected by router1. The three vms are in default security-group. Not use firewall.
1. Using command below to change the ip of vm2-1.
neutron port-update portID --fixed-ip subnet_id=subnetID,ip_address=192.168.2.10 --fixed-ip subnet_id=subnetID,ip_address=192.168.2.20
In vm2-1 using "sudo udhcpc"(carrios) to get ip, the dhcp message is correct but the ip not changed.
Then reboot vm2-1. The ip of vm2-1 turned to be 192.168.2.20.
2. Using vm2-2 could ping 192.168.2.20 successfully . But vm3-1 could
not ping 192.168.2.20 successfully.
By capturing packets and looking for related information, the reason maybe:
1. newIP(192.168.2.20) and MAC of vm2-1 was not wrote to arp cache in the namespace of router1 in compute1 node.
2. In dvr mode, the arp request from gw port(192.168.2.1) from compute1 to vm2-1 was dropped by flowtable in compute2. So the arp request(192.168.2.1->192.168.2.20) could not arrive at vm2-1.
3. For vm2-2, the arp request(192.168.2.4->192.168.2.20) was not dropped and could connect with vm2-1.
In my opinion, if both new fixed IPs of vm2-1(192.168.2.10 and
102.168.2.20) and MAC is wrote to arp cache in namespace of router1 in
compute1 node, the problem will resolved. But only one ip(192.168.2.10)
and MAC is wrote.
BTW, if only set one fixed ip for vm2-1, it works fine. But if set two
fixed ips for vm2-1, the problem above most probably happens.
** Description changed:
I use dvr+kilo, vxlan. The environment is like:
- vm2-2<- compute1 ---vxlan--- comupte2 ->vm2-1
- vm3-1<-
-
+ vm2-2<- compute1 ----------vxlan------------- comupte2 ->vm2-1
+ vm3-1<-
- router1
- / \
- net2 net3
- / \ |
- vm2-1 vm2-2 vm3-1
+ vm2-1<- net2 ---------router1--------- net3 ->vm3-1
+ vm2-2<-
+
+
vm2-1(192.168.2.3) and vm2-2(192.168.2.4) are in the same net(net2 192.168.2.0/24) but not assigned to the same compute node. vm3-1 is in net3(192.168.3.0/24). net2 and net3 are connected by router1. The three vms are in default security-group. Not use firewall.
1. Using command below to change the ip of vm2-1.
neutron port-update portID --fixed-ip subnet_id=subnetID,ip_address=192.168.2.10 --fixed-ip subnet_id=subnetID,ip_address=192.168.2.20
In vm2-1 using "sudo udhcpc"(carrios) to get ip, the dhcp message is correct but the ip not changed.
Then reboot vm2-1. The ip of vm2-1 turned to be 192.168.2.20.
2. Using vm2-2 could ping 192.168.2.20 successfully . But vm3-1 could
not ping 192.168.2.20 successfully.
By capturing packets and looking for related information, the reason maybe:
1. newIP(192.168.2.20) and MAC of vm2-1 was not wrote to arp cache in the namespace of router1 in compute1 node.
2. In dvr mode, the arp request from gw port(192.168.2.1) from compute1 to vm2-1 was dropped by flowtable in compute2. So the arp request(192.168.2.1->192.168.2.20) could not arrive at vm2-1.
3. For vm2-2, the arp request(192.168.2.4->192.168.2.20) was not dropped and could connect with vm2-1.
In my opinion, if both new fixed IPs of vm2-1(192.168.2.10 and
102.168.2.20) and MAC is wrote to arp cache in namespace of router1 in
compute1 node, the problem will resolved. But only one ip(192.168.2.10)
and MAC is wrote.
BTW, if only set one fixed ip for vm2-1, it works fine. But if set two
fixed ips for vm2-1, the problem above most probably happens.
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1512199
Title:
change vm fixed ips will cause unable to communicate to vm in other
network
Status in neutron:
New
Bug description:
I use dvr+kilo, vxlan. The environment is like:
vm2-2<- compute1 ----------vxlan------------- comupte2 ->vm2-1
vm3-1<-
vm2-1<- net2 ---------router1--------- net3 ->vm3-1
vm2-2<-
vm2-1(192.168.2.3) and vm2-2(192.168.2.4) are in the same net(net2 192.168.2.0/24) but not assigned to the same compute node. vm3-1 is in net3(192.168.3.0/24). net2 and net3 are connected by router1. The three vms are in default security-group. Not use firewall.
1. Using command below to change the ip of vm2-1.
neutron port-update portID --fixed-ip subnet_id=subnetID,ip_address=192.168.2.10 --fixed-ip subnet_id=subnetID,ip_address=192.168.2.20
In vm2-1 using "sudo udhcpc"(carrios) to get ip, the dhcp message is correct but the ip not changed.
Then reboot vm2-1. The ip of vm2-1 turned to be 192.168.2.20.
2. Using vm2-2 could ping 192.168.2.20 successfully . But vm3-1 could
not ping 192.168.2.20 successfully.
By capturing packets and looking for related information, the reason maybe:
1. newIP(192.168.2.20) and MAC of vm2-1 was not wrote to arp cache in the namespace of router1 in compute1 node.
2. In dvr mode, the arp request from gw port(192.168.2.1) from compute1 to vm2-1 was dropped by flowtable in compute2. So the arp request(192.168.2.1->192.168.2.20) could not arrive at vm2-1.
3. For vm2-2, the arp request(192.168.2.4->192.168.2.20) was not dropped and could connect with vm2-1.
In my opinion, if both new fixed IPs of vm2-1(192.168.2.10 and
102.168.2.20) and MAC is wrote to arp cache in namespace of router1 in
compute1 node, the problem will resolved. But only one
ip(192.168.2.10) and MAC is wrote.
BTW, if only set one fixed ip for vm2-1, it works fine. But if set two
fixed ips for vm2-1, the problem above most probably happens.
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1512199/+subscriptions
Follow ups
