Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I fixed this. There were several problems, and here are my fixes. I have it just the way I want it with external traffic going out one interface ( p1p1, vlan 3), internal vm traffic handled on another interface ( p1p2 vlans 4 and 5 ).

Solutions were:

  1. activating vlan interfaces on fedora/os
  2. putting just one vlan interface into the ovs bridge
  3. admin up the vlan interfaces on the switch
  4. setting the MTU size via dnsmasq.conf

Changes to the packstack answer file were:

  1. CONFIG_NEUTRON_L3_EXT_BRIDGE=br-p1p1
  2. CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-p1p2:p1p2
  3. CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=inter-vlan:br-p1p2

Then, I had to create the vlan interfaces and load the 8021q kernel module:

[root@compute4 ~]# cat /etc/sysconfig/network-scripts/ifcfg-p1p1.3 DEVICE=p1p1.3 VLAN=yes VLAN_NAME_TYPE=DEV_PLUS_VID_NO_PAD PHYSDEV=p1p1 ONBOOT=yes [root@compute4 ~]# cat /etc/sysconfig/network-scripts/ifcfg-p1p1 TYPE=Ethernet BOOTPROTO=none DEVICE=p1p1 NAME=p1p1 DEFROUTE=no ONBOOT=yes [root@compute4 ~]# cat /etc/sysconfig/network-scripts/ifcfg-p1p2.4 DEVICE=p1p2.4 VLAN=yes VLAN_NAME_TYPE=DEV_PLUS_VID_NO_PAD PHYSDEV=p1p2 ONBOOT=yes [root@compute4 ~]# cat /etc/sysconfig/network-scripts/ifcfg-p1p2.5 DEVICE=p1p2.5 VLAN=yes VLAN_NAME_TYPE=DEV_PLUS_VID_NO_PAD PHYSDEV=p1p2 ONBOOT=yes [root@compute4 ~]# cat /etc/sysconfig/network-scripts/ifcfg-p1p2 TYPE=Ethernet NAME=p1p2 DEVICE=p1p2 BOOTPROTO=none DEFROUTE=no ONBOOT=yes

I had to change which interfaces were in the bridges, and I added the vlan interfaces instead of the base interface. Caveat: it seems that you only need to add one vlan interface, even though you might have activated more than one on a particular interface. If I added both p1p2.4 and p1p2.5 to br-p1p2, I caused a packet storm on my switch.

[root@compute3 ~]# ovs-vsctl show c3b0d272-16f3-44b4-a38c-4840bde464c9 Bridge "br-p1p2" Port "br-p1p2" Interface "br-p1p2" type: internal Port "p1p2.4" Interface "p1p2.4" Port "phy-br-p1p2" Interface "phy-br-p1p2" Bridge "br-p1p1" Port "qg-a01da6d6-27" Interface "qg-a01da6d6-27" type: internal Port "br-p1p1" Interface "br-p1p1" type: internal Port "p1p1.3" Interface "p1p1.3" Bridge br-int Port br-int Interface br-int type: internal Port "int-br-p1p2" Interface "int-br-p1p2" Port "tapee78ce58-f5" tag: 1 Interface "tapee78ce58-f5" type: internal Port "tap75d3f322-49" tag: 2 Interface "tap75d3f322-49" type: internal Port "qvob1b9a2b7-b6" tag: 1 Interface "qvob1b9a2b7-b6" Port "qr-bb90214d-35" tag: 1 Interface "qr-bb90214d-35" type: internal ovs_version: "1.11.0"

But it still didn't work, so I checked the switch. 'show interface trunk' said only a couple vlans were up. I had to go into each vlan interface and perform a 'no shutdown' to activate, then used 'show interface trunk' to verify the trunks were up and being passed on the trunk interfaces.

Once that was all settled, all VMS could get a dhcp ip, but the floating ip wouldnt work on the compute node that didnt have a qrouter-xxx ip namespace. I could ping, but ssh just hung. TCPdump showed traffic being recieved remotely and within the vm, the vm would show tcp session ESTABLISHED in netstat, but a tcpdump showed it kept retransmitting a large packet of available algorithms.

I had to add to /etc/neutron/dhcp_agent.ini, dnsmasq_config_file = /etc/neutron/dnsmasq.conf

and in /etc/neutron/dnsmasq.conf: dhcp-option=26,1454

in order to reduce the MTU to 1454 to allow for the vlan headers. I also suspect I will have to disable NIC offloading inside of the VM's to improve performance -- see http://openstack.redhat.com/forum/discussion/comment/1565 But for now everything works.

That's it. I hope this helps someone.