Re: [Bridge] linux bridge does not forward arp reply back packets in a vmware vm

Ethernet Bridge development
 help / color / mirror / Atom feed

From: Stephen Hemminger <stephen@networkplumber.org>
To: Adrian P <adrian27oradea@gmail.com>
Cc: bridge@lists.linux-foundation.org
Subject: Re: [Bridge] linux bridge does not forward arp reply back packets in a vmware vm
Date: Fri, 15 Dec 2017 07:55:12 -0800	[thread overview]
Message-ID: <20171215075512.6138a258@xeon-e3> (raw)
In-Reply-To: <CA+k9h3PudMEAC7geZ7PPvR4m-6_9X4bFnWcvrBkb4sst0q3v8Q@mail.gmail.com>

On Fri, 15 Dec 2017 15:37:39 +0200
Adrian P <adrian27oradea@gmail.com> wrote:

> Hello,
> 
> I have a strange issue with a linux bridge created by
> openstack-neutron (pike release). This linux bridge is hosted in a
> vmware VM running latest CentOS 7, with a single network interface in
> promiscuous mode.
> 
> From openstack neutron perspective, the networking setup is simple: a
> single flat external provider network, with a single cirros VM
> instance connected to it.
> 
> Therefore, in the linux bridge running in the vmware host, I have 3 interfaces:
> 
> # brctl show
> bridge name     bridge id               STP enabled     interfaces
> brq025a9a94-58          8000.005056a6b378       no              ens160
>                                                         tap2eb4cad6-cd
>    <----- neutron DHCP agent tap interface
>                                                         tap6d31a191-9f
>    <----- cirros VM instance tap interface
> 
> The ens160 is the "physical" CentOS 7 host interface, that is in
> promiscuous mode.
> 
> The  tap2eb4cad6-cd tap interface is the neutron DHCP agent interface,
> and the tap6d31a191-9f tap interface is used by the cirros VM
> instance.
> 
> The problem is the following:
> 
> With a tcpdump, I am able to see the arp request (ARP, Request who-has
> 10.20.21.1 tell 10.20.21.233) going out from the cirros VM instance on
> tap interface tap6d31a191-9f, and well as on the bridge itself
> (brq025a9a94-58). However, the reply back to the arp request (Reply
> 10.20.21.1 is-at 00:17:08:c4:52:80) does not reach the cirros VM
> instance anymore. With tcpdump, I am able to see the arp reply back
> packets in the bridge (brq025a9a94-58), however they do not show up
> anymore on the cirros VM instance tap interface tap6d31a191-9f.
> 
> To me it seems that for whatever reason, the bridge does not forward
> the arp reply back packets to the cirros VM tap interface, and I do
> not understand why. The strange thing is that after a while, for
> apparently no reason, a single arp reply back packet gets through the
> bridge and the tap interface, and the arp table gets updated with
> correct IP address in the cirros VM instance. However, if I clean up
> the arp table in the cirros VM instance, it takes again 10 to 15
> minutes of continuously sending arp requests, until a single arp reply
> back packets gets through.
> 
> I was banging my head to the table for a few days with this issue, and
> finally, for apparent no reason, I manually configured the bridge max
> aging time to 0, to convert it in a hub, and from that moment
> everything started to work without any issue. Still, I do no
> understand why is this happening, and obviously I cannot manually set
> up the bridge aging time to 0 all the time in all the bridges
> openstack neutron creates automatically.
> 
> Any thoughts?
> 
> Many thanks in advance.
> 
> Best regards,
> Adrian

Does each tap instance and the ens160 have a different and valid Ethernet
address?  Also make sure the these are in the bridge forwarding table.

next prev parent reply	other threads:[~2017-12-15 15:55 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-15 13:37 [Bridge] linux bridge does not forward arp reply back packets in a vmware vm Adrian P
2017-12-15 15:55 ` Stephen Hemminger [this message]
2017-12-15 16:29   ` Adrian P
2017-12-16  1:47     ` Stephen Hemminger
2017-12-16  7:12       ` Adrian P
2017-12-16 14:19         ` Adrian P
2017-12-16 17:35           ` Stephen Hemminger
2017-12-16 18:14             ` Adrian P
2017-12-16 20:01               ` Adrian P
2017-12-18  2:54                 ` Toshiaki Makita
2017-12-18  8:05                   ` Adrian Pascalau
2017-12-19 19:18                     ` Adrian Pascalau
2017-12-20  5:04                       ` Toshiaki Makita
  -- strict thread matches above, loose matches on Subject: below --
2019-08-09  5:56 Ben Shaw
2019-10-02 12:00 Andreas Triller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171215075512.6138a258@xeon-e3 \
    --to=stephen@networkplumber.org \
    --cc=adrian27oradea@gmail.com \
    --cc=bridge@lists.linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox