Solved, the darn MTU! forgot that it needs to be lowered to take account
of the tunnel
on both VMs "ip link set eth1 mtu 1400"
Now ssh works :)
On 21/04/2020 15:29, Numan Siddique wrote:
On Tue, Apr 21, 2020 at 6:37 PM Brendan Doyle <[email protected]> wrote:
Folks,
Anybody seen this, is it a known problem?
VM1 on hypervisor 1
----------------------------
ping IP of VM1 on hypervisor2
# ping -c1 192.16.1.5
PING 192.16.1.5 (192.16.1.5) 56(84) bytes of data.
64 bytes from 192.16.1.5: icmp_seq=1 ttl=64 time=0.494 ms
But
# ssh 192.16.1.5
Connection closed by 192.16.1.5 port 22
ssh works between VMs on the same hypervisor, seems going through the
tunnel is the
problem.
I don't think its a tunnel problem.
On VM2 hypervisor, you can run tcpdump on genev_sys_6081 interface and
see if you receive the ssh packets.
Thanks
Numan
configuration
===========
VM1 hypervisor1
-----------------------
ca-rain06-vmovs-1 ~]# ip a sh eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 52:54:00:be:06:16 brd ff:ff:ff:ff:ff:ff
inet 192.16.1.6/24 brd 192.16.1.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:febe:616/64 scope link
valid_lft forever preferred_lft forever
VM1 hypervisor2
------------------------
ca-rain05-vmovs-1 ~]# ip a sh eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP group default qlen 1000
link/ether 52:54:00:e6:4f:46 brd ff:ff:ff:ff:ff:ff
inet 192.16.1.5/24 brd 192.16.1.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fee6:4f46/64 scope link
valid_lft forever preferred_lft forever
hypervisor1
-----------------
# ovs-vsctl show
dbcc7c2e-cf07-4052-b40d-d4f47f5560b0
Bridge br-int
fail_mode: secure
Port ovn-ca-rai-0
Interface ovn-ca-rai-0
type: geneve
options: {csum="true", key=flow, remote_ip="172.20.1.17"}
Port ovn-ca-rai-1
Interface ovn-ca-rai-1
type: geneve
options: {csum="true", key=flow, remote_ip="172.20.1.5"}
Port vnet3
Interface vnet3
Port vnet1
Interface vnet1
Port vnet5
Interface vnet5
Port br-int
Interface br-int
type: internal
ovs_version: "2.13.90"
[ca-rain06 ~]# ip a sh bond0
7: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP group default qlen 1000
link/ether 98:03:9b:59:af:1c brd ff:ff:ff:ff:ff:ff
inet 172.20.1.6/24 brd 172.20.1.255 scope global bond0
valid_lft forever preferred_lft forever
inet6 fe80::9a03:9bff:fe59:af1c/64 scope link
valid_lft forever preferred_lft forever
hypervisor2
----------------
# ovs-vsctl show
169dc085-7224-42c3-b119-390b7d0fe450
Bridge br-int
fail_mode: secure
Port vnet6
Interface vnet6
Port br-int
Interface br-int
type: internal
Port ovn-ca-rai-1
Interface ovn-ca-rai-1
type: geneve
options: {csum="true", key=flow, remote_ip="172.20.1.6"}
Port ovn-ca-rai-0
Interface ovn-ca-rai-0
type: geneve
options: {csum="true", key=flow, remote_ip="172.20.1.17"}
Port vnet4
Interface vnet4
Port vnet8
Interface vnet8
Port vnet2
Interface vnet2
ovs_version: "2.13.90"
[ca-rain05 ~]# ip a sh bond0
7: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP group default qlen 1000
link/ether 98:03:9b:2d:91:a2 brd ff:ff:ff:ff:ff:ff
inet 172.20.1.5/24 brd 172.20.1.255 scope global bond0
valid_lft forever preferred_lft forever
inet6 fe80::9a03:9bff:fe2d:91a2/64 scope link
valid_lft forever preferred_lft forever
OVN Central (on a different hypervisor)
-----------------------------------------------------
# ovn-sbctl show
Chassis ca-rain17
hostname: ca-rain17.us.oracle.com
Encap geneve
ip: "172.20.1.17"
options: {csum="true"}
Chassis ca-rain06
hostname: ca-rain06.us.oracle.com
Encap geneve
ip: "172.20.1.6"
options: {csum="true"}
Port_Binding "47433b54-ac10-42f1-ae84-cc6fbb580297"
Port_Binding "06e85cca-867a-44fc-b2c1-be62f2fb06c0"
Port_Binding "284195d2-9280-4334-900e-571ecd00327a"
Chassis ca-rain05
hostname: ca-rain05.us.oracle.com
Encap geneve
ip: "172.20.1.5"
options: {csum="true"}
Port_Binding "ce78fd2b-4c68-428c-baf1-71718e7f3871"
Port_Binding "269089c4-9464-41ec-9f63-6b3804b34b07"
Port_Binding "00bff7c0-2e2d-41ba-9485-3b5fa9801365"
Port_Binding "1cb7d760-90b0-4201-9517-88cb2de31c79"
# ovn-nbctl show
switch 10073c55-8f96-411f-a3b6-89b13389a084 (ls_vcn2)
port 06e85cca-867a-44fc-b2c1-be62f2fb06c0
addresses: ["52:54:00:2a:7b:49 192.17.1.6"]
port ce78fd2b-4c68-428c-baf1-71718e7f3871
addresses: ["52:54:00:d8:6e:eb 192.17.1.5"]
port vcn2_subnet1-lr_vcn2
type: router
addresses: ["40:44:00:00:00:50"]
router-port: lr_vcn2-vcn2_subnet1
switch 0e58d3cd-c36a-4651-8b42-4821f653bcb2 (ls_vcn3)
port vcn3_subnet1-lr_vcn3
type: router
addresses: ["40:44:00:00:00:60"]
router-port: lr_vcn3-vcn3_subnet1
port 269089c4-9464-41ec-9f63-6b3804b34b07
addresses: ["52:54:00:30:38:35 192.16.1.5"]
port 284195d2-9280-4334-900e-571ecd00327a
addresses: ["52:54:00:02:55:96 192.16.1.6"]
switch e89dea6b-0fbd-4a6e-aeef-8d6a213efb55 (ls_vcn1)
port vcn1_subnet1-lr_vcn1
type: router
addresses: ["40:44:00:00:00:30"]
router-port: lr_vcn1-vcn1_subnet1
port vcn1_subnet2-lr_vcn1
type: router
addresses: ["40:44:00:00:00:40"]
router-port: lr_vcn1-vcn1_subnet2
port 00bff7c0-2e2d-41ba-9485-3b5fa9801365
addresses: ["52:54:00:e6:4f:46 192.16.1.5"]
port 1cb7d760-90b0-4201-9517-88cb2de31c79
addresses: ["52:54:00:80:d0:c8 192.16.2.5"]
port 47433b54-ac10-42f1-ae84-cc6fbb580297
addresses: ["52:54:00:be:06:16 192.16.1.6"]
router 6019ef0c-d5c3-428a-8fa2-4f7db3af2f4b (lr_vcn2)
port lr_vcn2-vcn2_subnet1
mac: "40:44:00:00:00:50"
networks: ["192.17.1.1/24"]
port lr_vcn2-lr_vcn1
mac: "40:44:00:00:00:80"
networks: ["100.64.30.2/10"]
router 318562e0-6c1d-4bc7-9da0-d8ccbd63c0b6 (lr_vcn3)
port lr_vcn3-vcn3_subnet1
mac: "40:44:00:00:00:60"
networks: ["192.16.1.1/24"]
router 61d04449-adaf-406f-b280-ad5aa24f24ca (lr_vcn1)
port lr_vcn1-lr_vcn2
mac: "40:44:00:00:00:70"
networks: ["100.64.30.1/10"]
port lr_vcn1-vcn1_subnet2
mac: "40:44:00:00:00:40"
networks: ["192.16.2.1/24"]
port lr_vcn1-vcn1_subnet1
mac: "40:44:00:00:00:30"
networks: ["192.16.1.1/24"]
[ca-rain17 ~]# ip a sh bond0
11: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP group default qlen 1000
link/ether 98:03:9b:89:21:d2 brd ff:ff:ff:ff:ff:ff
inet 172.20.1.17/24 brd 172.16.1.255 scope global bond0
valid_lft forever preferred_lft forever
inet 172.20.1.1/24 brd 172.16.1.255 scope global secondary bond0
valid_lft forever preferred_lft forever
inet6 fe80::9a03:9bff:fe89:21d2/64 scope link
valid_lft forever preferred_lft forever
Any Thoughs?
Thanks
Brendan
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
_______________________________________________
discuss mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
