netplugin icon indicating copy to clipboard operation
netplugin copied to clipboard

[L3 routing] cross host containers not able to ping each other

Open rockmenjack opened this issue 7 years ago • 2 comments

Description

we have below setup:

                            as:65000, router-id:10.100.106.254
                                   +-------------------+
                              +----+ Physical L3 Router+----+
                              |    +-------------------+    |
                              |                             |
                              |                             |
               as:65000 +-----+----+                   +----+----+  as:65000
                        | contiv1  |                   | contiv2 |
router-d:10.100.106.253 +-----+----+                   +----+----+  router-id:10.100.106.252
                              |                             |
                              |                             |
                   +----------+----------+        +---------+----------+
                   |  Pod1               |        | Pod2               |
                   |  IP:   10.100.106.1 |        | IP:   10.100.106.2 |
                   |  VLAN: 68           |        | VLAN: 68           |
                   +---------------------+        +--------------------+

Expected Behavior

pod1 shall be able to access pod2

Observed Behavior

but pod1 is not able to access pod2, e.g. ping. This is contrary to the result where everything works fine when running in virtualbox. Seems ovs did not forward the package.

Steps to Reproduce (for bugs)

  1. Create above netwoork
  2. Create two pods across contiv hosts
  3. Enter one containter and ping aother

Your Environment

  • netplugin v1.1
  • kubernetes 1.6
  • Centos 7
  • openvswitch 2.3.1

[root@084068 ~]# ovs-vsctl show c5bb32e1-7f91-4fda-b3ea-68eb2e93ec66 Bridge contivVxlanBridge Controller "tcp:127.0.0.1:6633" is_connected: true fail_mode: secure Port "contivh0" tag: 2 Interface "contivh0" type: internal Port "vxif101008471" Interface "vxif101008471" type: vxlan options: {dst_port="4789", key=flow, remote_ip="10.100.84.71", tos=inherit} Bridge contivVlanBridge Controller "tcp:127.0.0.1:6634" is_connected: true fail_mode: secure Port "eth2" Interface "eth2" Port "inb01" tag: 1 Interface "inb01" type: internal Port "vvport18" tag: 68 Interface "vvport18" ovs_version: "2.3.1"

the output from ovs-ofctl and netctl bgp inspect

rockmenjack avatar Nov 03 '17 02:11 rockmenjack

@rockmenjack are you using vlan networking in routing mode or vxlan networking in routing mode ? #netctl global-info, check fwd-mode(routing/bridge) #netctl net ls -a , check network types

vlan networking in routing mode requires BGP (experimental feature), https://github.com/contiv/netplugin/blob/master/scripts/l3bgp_demo.sh

rchirakk avatar Nov 03 '17 19:11 rchirakk

I am using routing mode with vlan...

2017-11-04 3:19 GMT+08:00 Ranjith [email protected]:

@rockmenjack https://github.com/rockmenjack are you using vlan networking in routing mode or vxlan networking in routing mode ? #netctl global-info, check fwd-mode(routing/bridge) #netctl net ls -a , check network types

vlan networking in routing mode requires BGP (experimental feature), https://github.com/contiv/netplugin/blob/master/scripts/l3bgp_demo.sh

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/contiv/netplugin/issues/1052#issuecomment-341801515, or mute the thread https://github.com/notifications/unsubscribe-auth/AfpNeCttLpg7BI4kLacF8BhtWv9s0F2oks5sy2cugaJpZM4QQmF5 .

rockmenjack avatar Nov 04 '17 15:11 rockmenjack