Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Finally made it work, despite I am still not 100% sure what exactly made the difference.

For sure, watch your Security Group settings. When it says:

Security Groups 
ALLOW IPv4 to 
ALLOW IPv6 from default 
ALLOW IPv6 to ::/0 
ALLOW IPv4 from default

you may be tempted to think this means "all Ports open in both directions". But it doesn't mean that. I haven't found out yet what "default" means, but it does by no means mean "any". In some newer versions of the Horizon dashboard and / or Neutron networking there are two new terms: Egress and Ingress, which means outbound traffic (originating from the VM instance) and inbound traffic (coming to the VM instance), respectively. The default security group is setup for allowing all outbound traffic but somewhat restricting inbound traffic. And it's not too helpful that the display of the rules is different in different places, so to be on the save side, define your own "allow everything" rules at least for the initial testing purposes.

Second, interestingly enough, it doesn't seem to matter if br-int is up or not, even after taking it down using

ifconfig br-int down

it still worked fine.

So going over the long dialogue with darragh-oreilly the question about ML2 versus OpenVSwitch plugin remains open.

In other words: It works, but I still feel a bit uneasy as I am just not sure why it works now and why exactly it did not work initially. For sure, debugging a Neutron setup should be somehow made easier. Just I don't know yet how.