Ask Your Question

SNAT DVR not working, missing iptables rules?

asked 2016-12-20 03:59:17 -0500

schlitzered gravatar image

Hey, i have setup a newton/centos7.3 based installation in my lab at home, using Openvswitch/DVR

as far as i can tell, tenant network traffic to external networks is not working. FIP & provider network traffic is working fine for vm´s.

i tried to dig a little deeper into this, and i am pretty sure that for some reasons the SNAT rules on the network/controller nodes are not created for the snat router instance. at least i am able to see traffic flowing to the snat router, but no traffic leaving the router at all.

i have created a detailed description of my home cluster and put it on pastebin. it includes all configuration files of all nodes, and the output of ip netns stuff, as well as iptables rules from all nodes.

here is the pastebin link:

i am pretty stranded right now, as i have no clue what is going wrong with my DVR SNAT setup.

edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted

answered 2016-12-22 03:12:37 -0500

kiseok7 gravatar image

Did you set agent_mode to "dvr_snat" in neutron-l3-agent.ini file on network-node? read this :

'dvr_snat' - this enables centralized SNAT support in conjunction with DVR. This mode must be used for an L3 agent running on a centralized node (or in single-host deployments, e.g. devstack)

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-12-20 03:59:17 -0500

Seen: 316 times

Last updated: Dec 22 '16