I've got DevStack (Mitaka/Stable) fully pulled up on Ubuntu 16.04 on top of a VMWare VM (250 GB, 16 GB RAM). It's currently got one interface (ens160) that it uses to connect to the external world. I thought that I had properly setup the local.conf file but when I make an instance I can't ping/ssh it or any routers connected to the public network. I am pinging from the VM that DevStack is on.

• I have added the security group rules correctly
• I have done, iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
• Maybe some other things too, it's been a long two days.

Here's how I imagined it working....http://imgur.com/a/tsMrO with the important bit is that traffic must hit the gateway of our Lab network with vlan 60 tag or nothing happens externally.

my local.conf file

[[local|localrc]]
HOST_IP=10.3.35.236
SERVICE_HOST=10.3.35.236
MYSQL_HOST=10.3.35.236
RABBIT_HOST=10.3.35.236
GLANCE_HOSTPORT=10.3.35.236:9292
ADMIN_PASSWORD=letmein
DATABASE_PASSWORD=letmein
RABBIT_PASSWORD=letmein
SERVICE_PASSWORD=letmein

## Neutron options
Q_USE_SECGROUP=True
FLOATING_RANGE="10.3.34.0/24"
IPV4_ADDRS_SAFE_TO_USE="10.0.0.0/22"
Q_FLOATING_ALLOCATION_POOL=start=10.3.34.240,end=10.3.34.254
PUBLIC_NETWORK_GATEWAY="10.3.34.1"
PUBLIC_INTERFACE=ens160

# Open vSwitch provider networking configuration
Q_USE_PROVIDERNET_FOR_PUBLIC=True
OVS_PHYSICAL_BRIDGE=br-ex
PUBLIC_BRIDGE=br-ex
OVS_BRIDGE_MAPPINGS=public:br-ex

disable_service n-net
enable_service neutron q-svc q-agt q-dhcp q-l3 q-meta
enable_service heat h-api h-api-cfn h-api-cw h-eng

Here's my sudo ovs-vsctl show command:

stack@devstack:~/devstack$ sudo ovs-vsctl show
a89383ad-a05b-4541-902e-91e35951ab99
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-int
        fail_mode: secure
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qg-abf9c7ae-2c"
            tag: 2
            Interface "qg-abf9c7ae-2c"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "qr-a4e307b5-38"
            tag: 1
            Interface "qr-a4e307b5-38"
                type: internal
        Port "tapc39a37fe-2e"
            tag: 1
            Interface "tapc39a37fe-2e"
                type: internal
        Port "qr-7cfeffbb-8d"
            tag: 1
            Interface "qr-7cfeffbb-8d"
                type: internal
    Bridge br-ex
        fail_mode: secure
        Port "ens160"
            Interface "ens160"
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    ovs_version: "2.5.2"

Any help would be greatly appreciated. The end goal here is to have Devstack pull up an instance, be able to SSH into it, and have the instance be able to pull files from the external internet.

Any advice would be greatly appreciated. I'd be happy to provide more info.