版本:OpenStack Liberty Neutron DVR
现象:
1、在虚拟机内部不停地dhclient
2、在虚拟机所属的计算节点的物理网卡上抓包,发现该虚拟机发出的dhcp广播包
3、在虚拟机所属网络所在的NAT节点(qdhcp所在的节点)的物理网卡上抓包,同样发现了该虚拟机发出的dhcp广播包,即在bond1上抓到了包:
Bridge br-int fail_mode: secure Port "sg-297691c4-9f" tag: 1 Interface "sg-297691c4-9f" type: internal Port "tap8a1db903-07" tag: 2 Interface "tap8a1db903-07" type: internal Port br-int Interface br-int type: internal Port "qr-8d397111-81" tag: 1 Interface "qr-8d397111-81" type: internal Port int-br-vlan Interface int-br-vlan type: patch options: {peer=phy-br-vlan} Port "tap15d024ee-23" tag: 1 Interface "tap15d024ee-23" type: internal Bridge br-ex Port br-ex Interface br-ex type: internal Port "qg-ab607114-19" Interface "qg-ab607114-19" type: internal Bridge br-vlan Port br-vlan Interface br-vlan type: internal Port phy-br-vlan Interface phy-br-vlan type: patch options: {peer=int-br-vlan} Port "bond1" Interface "bond1" ovs_version: "2.4.0"
4、但是在qdhcp的网卡tap15d024ee-23抓不到dhcp广播包,查看各个ovs bridge的流表未发现什么问题,很是奇怪
原因:
后来在同事的帮助下,发现这个bond1还被加到了一个linux bridge上:
brctl show bridge name bridge id STP enabled interfaces br0 8000.1418774dd6a3 no em1 br1 8000.90e2ba8465f2 no bond1
分析:
原来这个bond1被加入到linux bridge上时,导致虽然看上去也被绑到br-vlan上,但是实际上并没有生效,因此导致上层的br-int无法收到dhcp广播包
解决:
将该bond1从linux bridge上解绑掉,然后重新加入到ovs bridge br-vlan上