版本:OpenStack Liberty Neutron DVR
现象:
1、在虚拟机内部不停地dhclient
2、在虚拟机所属的计算节点的物理网卡上抓包,发现该虚拟机发出的dhcp广播包
3、在虚拟机所属网络所在的NAT节点(qdhcp所在的节点)的物理网卡上抓包,同样发现了该虚拟机发出的dhcp广播包,即在bond1上抓到了包:
Bridge br-int
fail_mode: secure
Port "sg-297691c4-9f"
tag:
Interface "sg-297691c4-9f"
type: internal
Port "tap8a1db903-07"
tag:
Interface "tap8a1db903-07"
type: internal
Port br-int
Interface br-int
type: internal
Port "qr-8d397111-81"
tag:
Interface "qr-8d397111-81"
type: internal
Port int-br-vlan
Interface int-br-vlan
type: patch
options: {peer=phy-br-vlan}
Port "tap15d024ee-23"
tag:
Interface "tap15d024ee-23"
type: internal
Bridge br-ex
Port br-ex
Interface br-ex
type: internal
Port "qg-ab607114-19"
Interface "qg-ab607114-19"
type: internal
Bridge br-vlan
Port br-vlan
Interface br-vlan
type: internal
Port phy-br-vlan
Interface phy-br-vlan
type: patch
options: {peer=int-br-vlan}
Port "bond1"
Interface "bond1"
ovs_version: "2.4.0"
4、但是在qdhcp的网卡tap15d024ee-23抓不到dhcp广播包,查看各个ovs bridge的流表未发现什么问题,很是奇怪
原因:
后来在同事的帮助下,发现这个bond1还被加到了一个linux bridge上:
brctl show
bridge name bridge id STP enabled interfaces
br0 .1418774dd6a3 no em1
br1 .90e2ba8465f2 no bond1
分析:
原来这个bond1被加入到linux bridge上时,导致虽然看上去也被绑到br-vlan上,但是实际上并没有生效,因此导致上层的br-int无法收到dhcp广播包
解决:
将该bond1从linux bridge上解绑掉,然后重新加入到ovs bridge br-vlan上