Arp issues across kvm nodes

Community Support
1

Hello,

We are having some issues using VXLAN networks, it sometimes seems to have issues sending arp request across the bridge it creates meaning machines within the network cannot talk to each other.

We have a number of KVM nodes which are connected to a single switch via an interface called privlan, after creating a vxlan network it seems to create the bridge and attach the interfaces as expected.

VIRTUAL NETWORK 482 INFORMATION
ID                       : 482
NAME                     : sam_test_vx
USER                     : m12233
GROUP                    : oneadmin
LOCK                     : None
CLUSTERS                 : 0
BRIDGE                   : onebr482
VN_MAD                   : vxlan
PHYSICAL DEVICE          : privlan
VLAN ID                  : 484
AUTOMATIC VLAN ID        : YES
AUTOMATIC OUTER VLAN ID  : NO
USED LEASES              : 4

PERMISSIONS
OWNER                    : um-
GROUP                    : ---
OTHER                    : ---

VIRTUAL NETWORK TEMPLATE
BRIDGE="onebr482"
BRIDGE_TYPE="linux"
CLUSTERS="0"
DESCRIPTION="Template for creating a Private network using VXLAN"
OUTER_VLAN_ID=""
PHYDEV="privlan"
SECURITY_GROUPS="0"
TEMPLATE_ID="0"
VN_MAD="vxlan"

ADDRESS RANGE POOL
AR 0
SIZE           : 65533
LEASES         : 4

RANGE                                   FIRST                               LAST
MAC                         02:00:c0:a8:00:01                  02:00:c0:a8:ff:fd
IP                                192.168.0.1                    192.168.255.253


LEASES
AR  OWNER                         MAC              IP                        IP6
0   V:2422          02:00:c0:a8:00:01     192.168.0.1                          -
0   V:2423          02:00:c0:a8:00:02     192.168.0.2                          -
0   V:2424          02:00:c0:a8:00:03     192.168.0.3                          -
0   V:2425          02:00:c0:a8:00:04     192.168.0.4                          -

brctl:

onebr482		8000.ce1591a77b71	no		one-2422-0
							privlan.484

but pinging from one vm to another it fails, tcpdumping the bridge interface we can see it sending out arp requests, but it doesn’t seem to get responses and tcpdumping the same bridge on the other kvm node where the other vm is running is seeing no arp requests:

00:50:47.465925 ARP, Request who-has 192.168.0.2 tell 192.168.0.3, length 28
2

Hi,

Are you sure this isn’t related to some kind of IGMP snooping issue on your physical switch?

AFAIK the VXLAN will be picked up by IGMP snooping when the port is created on the hypervisor. But after a timeout the switch will forget about it an drop the port/vlan and not forward multicast traffic anymore. This will result in broadcasts not working anymore but unicast traffic will still flow.

3

Thanks for the reply.

We’ve disabled IGMP snooping and multicast bridge filtering on the switch, so it shouldn’t be stopping the multicast packets. Yet still see the issues

Screenshot 2021-02-15 at 13.14.47
Screenshot 2021-02-15 at 13.14.471806×526 112 KB
Screenshot 2021-02-15 at 13.23.26
Screenshot 2021-02-15 at 13.23.26898×408 59.1 KB

4

I did notice that when tcpdumping the interfaces it causes the networks to work as expected. I’m assuming due to it setting the interface to promiscuous mode for the tcpdumping. Should this bet set to on for the interface by default?