Re: [Bridge] linux bridge does not forward arp reply back packets in a vmware vm

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Stephen Hemminger <stephen@networkplumber.org>
To: Adrian P <adrian27oradea@gmail.com>
Cc: bridge@lists.linux-foundation.org
Subject: Re: [Bridge] linux bridge does not forward arp reply back packets in a vmware vm
Date: Fri, 15 Dec 2017 07:55:12 -0800	[thread overview]
Message-ID: <20171215075512.6138a258@xeon-e3> (raw)
In-Reply-To: <CA+k9h3PudMEAC7geZ7PPvR4m-6_9X4bFnWcvrBkb4sst0q3v8Q@mail.gmail.com>

On Fri, 15 Dec 2017 15:37:39 +0200
Adrian P <adrian27oradea@gmail.com> wrote:

> Hello,
> 
> I have a strange issue with a linux bridge created by
> openstack-neutron (pike release). This linux bridge is hosted in a
> vmware VM running latest CentOS 7, with a single network interface in
> promiscuous mode.
> 
> From openstack neutron perspective, the networking setup is simple: a
> single flat external provider network, with a single cirros VM
> instance connected to it.
> 
> Therefore, in the linux bridge running in the vmware host, I have 3 interfaces:
> 
> # brctl show
> bridge name     bridge id               STP enabled     interfaces
> brq025a9a94-58          8000.005056a6b378       no              ens160
>                                                         tap2eb4cad6-cd
>    <----- neutron DHCP agent tap interface
>                                                         tap6d31a191-9f
>    <----- cirros VM instance tap interface
> 
> The ens160 is the "physical" CentOS 7 host interface, that is in
> promiscuous mode.
> 
> The  tap2eb4cad6-cd tap interface is the neutron DHCP agent interface,
> and the tap6d31a191-9f tap interface is used by the cirros VM
> instance.
> 
> The problem is the following:
> 
> With a tcpdump, I am able to see the arp request (ARP, Request who-has
> 10.20.21.1 tell 10.20.21.233) going out from the cirros VM instance on
> tap interface tap6d31a191-9f, and well as on the bridge itself
> (brq025a9a94-58). However, the reply back to the arp request (Reply
> 10.20.21.1 is-at 00:17:08:c4:52:80) does not reach the cirros VM
> instance anymore. With tcpdump, I am able to see the arp reply back
> packets in the bridge (brq025a9a94-58), however they do not show up
> anymore on the cirros VM instance tap interface tap6d31a191-9f.
> 
> To me it seems that for whatever reason, the bridge does not forward
> the arp reply back packets to the cirros VM tap interface, and I do
> not understand why. The strange thing is that after a while, for
> apparently no reason, a single arp reply back packet gets through the
> bridge and the tap interface, and the arp table gets updated with
> correct IP address in the cirros VM instance. However, if I clean up
> the arp table in the cirros VM instance, it takes again 10 to 15
> minutes of continuously sending arp requests, until a single arp reply
> back packets gets through.
> 
> I was banging my head to the table for a few days with this issue, and
> finally, for apparent no reason, I manually configured the bridge max
> aging time to 0, to convert it in a hub, and from that moment
> everything started to work without any issue. Still, I do no
> understand why is this happening, and obviously I cannot manually set
> up the bridge aging time to 0 all the time in all the bridges
> openstack neutron creates automatically.
> 
> Any thoughts?
> 
> Many thanks in advance.
> 
> Best regards,
> Adrian

Does each tap instance and the ens160 have a different and valid Ethernet
address?  Also make sure the these are in the bridge forwarding table.

next prev parent reply	other threads:[~2017-12-15 15:55 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-15 13:37 [Bridge] linux bridge does not forward arp reply back packets in a vmware vm Adrian P
2017-12-15 15:55 ` Stephen Hemminger [this message]
2017-12-15 16:29   ` Adrian P
2017-12-16  1:47     ` Stephen Hemminger
2017-12-16  7:12       ` Adrian P
2017-12-16 14:19         ` Adrian P
2017-12-16 17:35           ` Stephen Hemminger
2017-12-16 18:14             ` Adrian P
2017-12-16 20:01               ` Adrian P
2017-12-18  2:54                 ` Toshiaki Makita
2017-12-18  8:05                   ` Adrian Pascalau
2017-12-19 19:18                     ` Adrian Pascalau
2017-12-20  5:04                       ` Toshiaki Makita
  -- strict thread matches above, loose matches on Subject: below --
2019-08-09  5:56 Ben Shaw
2019-10-02 12:00 Andreas Triller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171215075512.6138a258@xeon-e3 \
    --to=stephen@networkplumber.org \
    --cc=adrian27oradea@gmail.com \
    --cc=bridge@lists.linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.