[ovs-discuss] OpenvSwitch/KVM/Cisco-ASAv issue

Carl Wilkerson carl.wilkerson at weather.com
Wed Aug 3 15:09:41 UTC 2016 

I have an interesting issue.  My current setup is as follows:

Two identical Cisco UCS 240 servers.  OpenvSwitch (version 2.4.0) and KVM
running on CentOS 6.8.

*OVS setup:*
Linux created bond0 (physical eth0 and eth1 LACP pair) connected to ovs
bridge (br0) configured as a trunk allowing all configured VLANS.  Each
VNet libvirt interface is configured as a trunk port and is associated to a
virtual machine.  [Configuration snippet below]

*ovs-vsctl show:*
b6e04b17-521d-479b-a3d0-d66c062b2927
    Bridge "br2"
            Port "bond0"
                 trunks: [0, 3006, 3007, 3008, 3009, 3010, 3011, 3012,
3013, 3014, 3015, 3016, 3017, 4012]
                 Interface "bond0"
            Port "vnet1"
                 trunks: [0, 3006, 3007, 3008, 3009, 3010, 3011, 3012,
3013, 3014, 3015, 3016, 3017, 4012]
                 Interface "vnet1"
            Port "vnet2"
                 trunks: [0, 3006, 3007, 3008, 3009, 3010, 3011, 3012,
3013, 3014, 3015, 3016, 3017, 4012]
                 Interface "vnet2"
            Port "vnet3"
                 trunks: [0, 3006, 3007, 3008, 3009, 3010, 3011, 3012,
3013, 3014, 3015, 3016, 3017, 4012]
                 Interface "vnet3"
            Port "vnet4"
                 trunks: [0, 3006, 3007, 3008, 3009, 3010, 3011, 3012,
3013, 3014, 3015, 3016, 3017, 4012]
                 Interface "vnet4"
            Port "vnet5"
                 trunks: [0, 3006, 3007, 3008, 3009, 3010, 3011, 3012,
3013, 3014, 3015, 3016, 3017, 4012]
                 Interface "vnet5"
    ovs_version: "2.4.0"


*libvirt virtual network configuration (XML)*
<network>
  <name>ovs-net-vlan</name>
  <uuid>3be5d965-3b43-8a72-1b95-1c86d734018d</uuid>
  <forward mode='bridge'/>
  <bridge name='br2' />
  <virtualport type='openvswitch'/>
  <portgroup name='vlan-all' default='yes'>
    <vlan trunk='yes'>
      <tag id='0'/>
      <tag id='3006'/>
      <tag id='3007'/>
      <tag id='3008'/>
      <tag id='3010'/>
      <tag id='3011'/>
      <tag id='3009'/>
      <tag id='3012'/>
      <tag id='3013'/>
      <tag id='4012'/>
      <tag id='2015'/>
      <tag id='3014'/>
      <tag id='3015'/>
      <tag id='3016'/>
      <tag id='3017'/>
    </vlan>
  </portgroup>
</network>

The above configuration is the same on both KVM hosts.

I've configured a pair of Cisco ASAv's as suggested by cisco (one on each
virtual server).  Licensed the ASAv's individually.  Went through the
configuration step to pair the ASA's into a Active/Standby mode.

What has been happening is that when a fail-over event happens on the
ASA's, the failover will happen, however the following will happen:

1.  ARP requests/replies are not being forwarded for 1 of the five
interfaces configured on the ASA
2.  The VM cannot communicate to the attached virtual interface (Vnet
Interface)

The first issue happened initially and now we are experiencing the second
issue.

I looked through the openvswitch database and confirmed the port/interface
association and the default flows are still in place (no manual flows have
been created).

If I need to provide any additional information, please let me know..

Any assistance would be appreciated.

--Carl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openvswitch.org/pipermail/ovs-discuss/attachments/20160803/09dbcfbf/attachment-0002.html>

More information about the discuss mailing list