Not getting traffic through vxlan bridge


#1

I’m having a hard time getting packets through my vxlan bridges. My hosts are all CentOS Linux release 7.3.1611 (Core) .

The template for vxlan seems simple, and seems to be doing the right thing:
VIRTUAL NETWORK TEMPLATE
BRIDGE="vxlan1"
PHYDEV="team1.3"
SECURITY_GROUPS="0"
VN_MAD=“vxlan”

I’ve created the team1.3 interface on all my hosts:
cat /etc/sysconfig/network-scripts/ifcfg-team1.3
DEVICE=team1.3
BOOTPROTO=none
ONBOOT=yes
MTU=9000
VLAN=yes

team1 is a 2x10G lacp bonded interface:
[root@tm-onhost3 ~]# cat /etc/sysconfig/network-scripts/ifcfg-team1
DEVICE=team1
BOOTPROTO=none
ONBOOT=yes
USERCTL=no
IPV6INIT=no
MTU=9000
TYPE=Unknown
DEVICETYPE="Team"
TEAM_CONFIG=’{ “runner”: { “name”: “lacp”, “active”: true, “fast_rate”: true, “tx_hash”: [“eth”, “ipv4”, “ipv6”] },“link_watch”: {“name”: “ethtool”} }’

When I launch vms on this bridge, the vxlan1 bridge is created and assigned a vid (team1.3.9 in this case):
[root@tm-onhost3 ~]# brctl show
bridge name bridge id STP enabled interfaces
vxlan1 8000.cee3313fc8bb no one-58-0
team1.3.9

The vxlan bits seem to be there, in that I see the multicast group assignments on interface team1.3 and brctl showmacs show all the mac addresses, but ONLY for the devices local to that host.

On the switch these hosts all connect to, I’ve disabled igmp-snooping on vlan 3 just to be safe.

Is anyone else using vxlan like this?

Thanks,
-ian


#2

To simplify things, I flushed iptables and deleted the bridge. I created vxlan interfaces on two hosts and gave them ips using the same commands. I disabled igmp-snooping on the switch on that vlan.

tcpdump on the vlan interface (team1.3) shows the vxlan arp requests hitting the interface, but no replies. Does anyone have any idea why isn’t centos replying to these ping requests on the vxlan interface?


#3

Finally figured this out. One thing all the examples assume is that the host has a single interface. I was attempting to use a vlan subinterface for the vxlan networks. You have to assign it an ip address :-/ for the vxlan tunnel traffic to be received on.


(Jaime Melis) #4

Thanks for reporting this, that’s very true and it’s not clear in the docs. I will add it right away.

Thanks.

EDIT: Done: https://github.com/OpenNebula/docs/commit/baf5c0b8a7767d7a90079b0ba6a8455b94c7ec5b


(David Brierley) #5

Stumbled accross this earlier, makes sense now and managed to sort mine.

The source of the VXLAN traffic is the physical hosts interface IP you specify in PHYDEV
If you are using a VLAN interface put it here: so bond1.255 for example

The VLAN ID specified in the VXLAN network is actually the VXLAN Network Identifier (VNI) and not vlan ID.

If using Vlan’s to provide the VXLAN the Vlan interface Must have an IP so it can source the traffic to the multicast destination.

Of course if you are using multiple hosts there must be an IP on each host to source the traffic.
Setting up a VXLAN service VLAN worked for me here.

Thanks guys !!!