Juniper Openstack

vRouter fails to resolve ARP of hosts connected to CPE

Bug #1566980 reported by Ato
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Juniper Openstack
Status tracked in Trunk
R2.22.x
Fix Committed
Medium
Naveen N
Juniper Openstack r2.22.2
R3.0
Fix Committed
Medium
Naveen N
Juniper Openstack r3.0.2.0
Trunk
Fix Committed
Medium
Naveen N
Juniper Openstack r3.1.0.0-fcs

Bug Description

This is the topology:

[laptop]---eth0[vRouter_1]---{IP Fabric}---[vRouter_2]tapX--[Service Instance]--tapY[vRouter_2]---{IP Fabric}---[Gateway]---{Internet}

vRouter_1 is a third-party x86 CPE that runs Ubuntu and Contrail vRouter. This CPE has physical hosts connected to its physical access ports. More specifically, it has a PC connected at port eth0. Contrail assigns this port (eth0) to VN left and IP address 192.168.150.1/24. So the laptop gets IP 192.168.150.1.

vRouter_2 is a classical compute node that runs VMs. The Service Instance is a VM with a left and a right interface. The left interface gets IP address 172.16.150.252/24. This subnet also belongs to VN left. The right interface is connected to the Internet VN.

The gateway address for the laptop is 192.168.150.254. The gateway address for the other subnet at VN left is 172.16.150.254 (although this latter detail is irrelevant).

The laptop accesses the internet through the Service Instance. When the laptop pings the internet, the forward flow is correct and the packets arrive to the destination. However the return flow is discarded at vRouter_1:

454948<=>73756 8.8.8.8:18909 192.168.150.1:0 1 (1)
(K(nh):20, Action:D(RevFlowChng), Flags:, S(nh):19, Stats:1/84, SPort:61249)

It looks like ARP resolution for 192.168.150.1 is failing.

Tags: vrouter
Hari Prasad Killi (haripk)
tags: added: vrouter
Nischal Sheth (nsheth)
information type: Proprietary → Public
Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R2.22.x

Review in progress for https://review.opencontrail.org/19175
Submitter: Naveen N (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/19175
Committed: http://github.org/Juniper/contrail-controller/commit/e4d62bbf1db21a22bb2cfa414fd50cf5800944f5
Submitter: Zuul
Branch: R2.22.x

commit e4d62bbf1db21a22bb2cfa414fd50cf5800944f5
Author: Naveen N <email address hidden>
Date: Fri Apr 8 10:15:44 2016 +0530

* Disable policy bit on resolve NH in vrouter

In case of gateway interface, a subnet route is created with
resolve NH with policy enabled if gateway has some policies
the same bit gets copied over the ARP NH created from this nexthop.
If policy bit is enabled in kernel then flow could get created
with resolve NH as key, for the very nexthop packet different flow
would be created using ARP NH, resolve the same by disabling
policy in vrouter
Closes-bug:#1566980

Change-Id: Idf70b22907902c2812624a6e7db74b438934c0fc

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] R3.0

Review in progress for https://review.opencontrail.org/20097
Submitter: Naveen N (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : [Review update] master

Review in progress for https://review.opencontrail.org/20098
Submitter: Naveen N (<email address hidden>)

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote : A change has been merged

Reviewed: https://review.opencontrail.org/20097
Committed: http://github.org/Juniper/contrail-controller/commit/f8b8578f0dd5449ee92d5037025edb4f5b3cdeb4
Submitter: Zuul
Branch: R3.0

commit f8b8578f0dd5449ee92d5037025edb4f5b3cdeb4
Author: Naveen N <email address hidden>
Date: Fri Apr 8 10:15:44 2016 +0530

* Disable policy bit on resolve NH in vrouter

In case of gateway interface, a subnet route is created with
resolve NH with policy enabled if gateway has some policies
the same bit gets copied over the ARP NH created from this nexthop.
If policy bit is enabled in kernel then flow could get created
with resolve NH as key, for the very nexthop packet different flow
would be created using ARP NH, resolve the same by disabling
policy in vrouter
Closes-bug:#1566980

Change-Id: Idf70b22907902c2812624a6e7db74b438934c0fc

Revision history for this message
OpenContrail Admin (ci-admin-f) wrote :

Reviewed: https://review.opencontrail.org/20098
Committed: http://github.org/Juniper/contrail-controller/commit/1fb866b67eb014bc0d016b3914906b31e85eb8cb
Submitter: Zuul
Branch: master

commit 1fb866b67eb014bc0d016b3914906b31e85eb8cb
Author: Naveen N <email address hidden>
Date: Fri Apr 8 10:15:44 2016 +0530

* Disable policy bit on resolve NH in vrouter

In case of gateway interface, a subnet route is created with
resolve NH with policy enabled if gateway has some policies
the same bit gets copied over the ARP NH created from this nexthop.
If policy bit is enabled in kernel then flow could get created
with resolve NH as key, for the very nexthop packet different flow
would be created using ARP NH, resolve the same by disabling
policy in vrouter
Closes-bug:#1566980

Change-Id: Idf70b22907902c2812624a6e7db74b438934c0fc

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.