[l2gw] How to handle correctly unknown-dst traffic

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[l2gw] How to handle correctly unknown-dst traffic

Saverio Proto-2
Hello,

I have a question about the l2gw. I did a deployment, I described the
steps here:
https://review.openstack.org/#/c/453209/

The unicast traffic works fine, but I dont understand what is the idea
behind the handling of the broadcast traffic.

Looking at openvswitch:

I obtain the uuid with `vtep-ctl list-ls`

vtep-ctl list-remote-macs <uuid>

In this output I get an entry for each VM that has an interface in the
L2 network I am bridging:

----
# vtep-ctl list-remote-macs <uuid>
ucast-mac-remote
  fa:16:3e:c2:7b:da -> vxlan_over_ipv4/10.1.1.167

mcast-mac-remote
-----

The ucast-mac-remote entry is created by Openstack when I start a VM.
(Also it is never removed when I delete the instance, is this a bug ? )
Note that 10.1.1.167 is the IP address of the hypervisor where the VM is
running.

But mcast-mac-remote is empty. So this means that ARP learning for
example works only in 1 way. The VM in openstack does not receive any
broadcast traffic, unless I do manually:

vtep-ctl add-mcast-remote ee87db33-1b3a-42e9-bc09-02747f8a0ad5
unknown-dst  10.1.1.167

This creates an entry in the table mcast-mac-remote and everything works
correctly.


Now I read here http://networkop.co.uk/blog/2016/05/21/neutron-l2gw/
about sending add-mcast-remote to the network nodes and then doing some
magic I dont really understand. But I am confused because in my setup
the tenant does not have a L3 router, so there is not a qrouter
namespace for this network, I was planning to keep the network node out
of the game.

Is anyone running this in production and can shed some light ?

thanks

Saverio











--
SWITCH
Saverio Proto, Peta Solutions
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 15, direct +41 44 268 1573
[hidden email], http://www.switch.ch

http://www.switch.ch/stories

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [hidden email]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Reply | Threaded
Open this post in threaded view
|

Re: [l2gw] How to handle correctly unknown-dst traffic

Saverio Proto-2
Hello,

I try again. Any l2gw plugin user that wants to comment on my email ?

thank you

Saverio


On 29/05/17 16:54, Saverio Proto wrote:

> Hello,
>
> I have a question about the l2gw. I did a deployment, I described the
> steps here:
> https://review.openstack.org/#/c/453209/
>
> The unicast traffic works fine, but I dont understand what is the idea
> behind the handling of the broadcast traffic.
>
> Looking at openvswitch:
>
> I obtain the uuid with `vtep-ctl list-ls`
>
> vtep-ctl list-remote-macs <uuid>
>
> In this output I get an entry for each VM that has an interface in the
> L2 network I am bridging:
>
> ----
> # vtep-ctl list-remote-macs <uuid>
> ucast-mac-remote
>   fa:16:3e:c2:7b:da -> vxlan_over_ipv4/10.1.1.167
>
> mcast-mac-remote
> -----
>
> The ucast-mac-remote entry is created by Openstack when I start a VM.
> (Also it is never removed when I delete the instance, is this a bug ? )
> Note that 10.1.1.167 is the IP address of the hypervisor where the VM is
> running.
>
> But mcast-mac-remote is empty. So this means that ARP learning for
> example works only in 1 way. The VM in openstack does not receive any
> broadcast traffic, unless I do manually:
>
> vtep-ctl add-mcast-remote ee87db33-1b3a-42e9-bc09-02747f8a0ad5
> unknown-dst  10.1.1.167
>
> This creates an entry in the table mcast-mac-remote and everything works
> correctly.
>
>
> Now I read here http://networkop.co.uk/blog/2016/05/21/neutron-l2gw/
> about sending add-mcast-remote to the network nodes and then doing some
> magic I dont really understand. But I am confused because in my setup
> the tenant does not have a L3 router, so there is not a qrouter
> namespace for this network, I was planning to keep the network node out
> of the game.
>
> Is anyone running this in production and can shed some light ?
>
> thanks
>
> Saverio
>
>
>
>
>
>
>
>
>
>
>


--
SWITCH
Saverio Proto, Peta Solutions
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 15, direct +41 44 268 1573
[hidden email], http://www.switch.ch

http://www.switch.ch/stories

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [hidden email]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Reply | Threaded
Open this post in threaded view
|

Re: [l2gw] How to handle correctly unknown-dst traffic

Ricardo Noriega De Soto
In reply to this post by Saverio Proto-2
Hi Saverio, 

Comments and questions inline:

First of all, which backend are you using? the l2gateway agent? or something like OpenDaylight?? I'm currently testing an L2GW scenario with ODL.


On Mon, May 29, 2017 at 4:54 PM, Saverio Proto <[hidden email]> wrote:
Hello,

I have a question about the l2gw. I did a deployment, I described the
steps here:
https://review.openstack.org/#/c/453209/

The unicast traffic works fine, but I dont understand what is the idea
behind the handling of the broadcast traffic.

Looking at openvswitch:

I obtain the uuid with `vtep-ctl list-ls`

vtep-ctl list-remote-macs <uuid>

In this output I get an entry for each VM that has an interface in the
L2 network I am bridging:

----
# vtep-ctl list-remote-macs <uuid>
ucast-mac-remote
  fa:16:3e:c2:7b:da -> vxlan_over_ipv4/10.1.1.167

mcast-mac-remote
-----

The ucast-mac-remote table is filled with information that don't match your comments. In my environment, I have created only one neutron network, one l2gw instance and one l2gw connection. However, the mac reflected in that table corresponds to the dhcp port of the Neutron network (I've checked the mac on the dhcp namespace and it's the same).
I've created several VMs in different compute nodes and there is only one line there. Could you check again the MAC address?
 

The ucast-mac-remote entry is created by Openstack when I start a VM.
(Also it is never removed when I delete the instance, is this a bug ? )
Note that 10.1.1.167 is the IP address of the hypervisor where the VM is
running.

But mcast-mac-remote is empty. So this means that ARP learning for
example works only in 1 way. The VM in openstack does not receive any
broadcast traffic, unless I do manually:

vtep-ctl add-mcast-remote ee87db33-1b3a-42e9-bc09-02747f8a0ad5
unknown-dst  10.1.1.167

This creates an entry in the table mcast-mac-remote and everything works
correctly.

In my setup I get this automatically:

mcast-mac-remote
  unknown-dst -> vxlan_over_ipv4/192.0.2.6

If you're using the agent, it might be a bug.
 


Now I read here http://networkop.co.uk/blog/2016/05/21/neutron-l2gw/
about sending add-mcast-remote to the network nodes and then doing some
magic I dont really understand. But I am confused because in my setup
the tenant does not have a L3 router, so there is not a qrouter
namespace for this network, I was planning to keep the network node out
of the game.

Is anyone running this in production and can shed some light ?

No production sorry, just PoC mode :-) 

thanks

Saverio











--
SWITCH
Saverio Proto, Peta Solutions
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone <a href="tel:%2B41%2044%20268%2015%2015" value="+41442681515" target="_blank">+41 44 268 15 15, direct <a href="tel:%2B41%2044%20268%201573" value="+41442681573" target="_blank">+41 44 268 1573
[hidden email], http://www.switch.ch

http://www.switch.ch/stories

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request@...enstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



--
Ricardo Noriega

Senior Software Engineer - NFV Partner Engineer | Office of Technology  | Red Hat
irc: rnoriega @freenode


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [hidden email]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Reply | Threaded
Open this post in threaded view
|

Re: [l2gw] How to handle correctly unknown-dst traffic

Saverio Proto-2
> The ucast-mac-remote table is filled with information that don't match
> your comments. In my environment, I have created only one neutron
> network, one l2gw instance and one l2gw connection. However, the mac
> reflected in that table corresponds to the dhcp port of the Neutron
> network (I've checked the mac on the dhcp namespace and it's the same).
> I've created several VMs in different compute nodes and there is only
> one line there. Could you check again the MAC address?

Hello,

I confirm I have one line per VM

root@l2gw-0:/# vtep-ctl list-remote-macs
ee87db33-1b3a-42e9-bc09-02747f8a0ad5
ucast-mac-remote
  fa:16:3e:6b:6e:d1 -> vxlan_over_ipv4/10.1.1.161
  fa:16:3e:7f:18:77 -> vxlan_over_ipv4/10.1.0.126
  fa:16:3e:90:7f:f9 -> vxlan_over_ipv4/10.1.1.177
  fa:16:3e:c2:7b:da -> vxlan_over_ipv4/10.1.1.167
  fa:16:3e:ca:ad:c6 -> vxlan_over_ipv4/10.1.0.126
  fa:16:3e:f0:21:01 -> vxlan_over_ipv4/10.1.1.175

I have the indication of the mac address of the VM, and the IP address
of the hypervisor where it is hosted.


> In my setup I get this automatically:
>
> mcast-mac-remote
>   unknown-dst -> vxlan_over_ipv4/192.0.2.6 <http://192.0.2.6>
>
> If you're using the agent, it might be a bug.

I am running Openstack Newton, on what version is based your PoC ?

thank you

Saverio


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [hidden email]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev