OpenStack Pike and external network connectivity

asked 2017-11-29 12:23:12 -0600

holger-king gravatar image

updated 2017-11-29 13:46:16 -0600

Dear OpenStack community,

we just deployed OpenStack RDO version PIKE based on the following answer file (see https://drive.google.com/open?id=13CF...).

Now, we have an issue where we cannot reach the default gateway (here: 10.116.64.1) of the created OpenStack router "qrouter-b5d182d4-c8c2-44c3-bb95-d1ae4db0395f". This router is connecting the tenant-specific network 123.57.10.0/24 with the external network. Although the router has an interface with an IP address in the same network 10.116.64.109, the default GW is not reachable.

ip netns exec qrouter-b5d182d4-c8c2-44c3-bb95-d1ae4db0395f ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
16: qg-14f29b6f-c3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
    link/ether fa:16:3e:04:3e:f2 brd ff:ff:ff:ff:ff:ff
    inet 10.116.64.109/24 brd 10.116.64.255 scope global qg-14f29b6f-c3
       valid_lft forever preferred_lft forever
    inet 10.116.64.103/32 brd 10.116.64.103 scope global qg-14f29b6f-c3
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe04:3ef2/64 scope link
       valid_lft forever preferred_lft forever
17: qr-dbf5303f-71: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
    link/ether fa:16:3e:15:10:1f brd ff:ff:ff:ff:ff:ff
    inet 123.57.10.1/24 brd 123.57.10.255 scope global qr-dbf5303f-71
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe15:101f/64 scope link
       valid_lft forever preferred_lft forever

with the following routing table for this virtual router:

ip netns exec qrouter-b5d182d4-c8c2-44c3-bb95-d1ae4db0395f route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.116.64.1     0.0.0.0         UG    0      0        0 qg-14f29b6f-c3
10.116.64.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-14f29b6f-c3
123.57.10.0     0.0.0.0         255.255.255.0   U     0      0        0 qr-dbf5303f-71

When trying to ping the default GW 10.116.64.1, we cannot reach it:

ip netns exec qrouter-b5d182d4-c8c2-44c3-bb95-d1ae4db0395f ping 10.116.64.1
PING 10.116.64.1 (10.116.64.1) 56(84) bytes of data.
From 10.116.64.109 icmp_seq=1 Destination Host Unreachable
From 10.116.64.109 icmp_seq=2 Destination Host Unreachable
From 10.116.64.109 icmp_seq=3 Destination Host Unreachable

Neutron shows the follow details for the subnet associated with the router:

(neutron) subnet-show de90bb48-2bd8-40db-a854-ffeb3c6149f0
+-------------------+----------------------------------------------------+
| Field             | Value                                              |
+-------------------+----------------------------------------------------+
| allocation_pools  | {"start": "10.116.64.100", "end": "10.116.64.200"} |
| cidr              | 10.116.64.0/24                                     |
| created_at        | 2017-11-29T15:14:33Z                               |
| description       |                                                    |
| dns_nameservers   |                                                    |
| enable_dhcp       | False                                              |
| gateway_ip        | 10.116.64.1                                        |
| host_routes       |                                                    |
| id                | de90bb48-2bd8-40db-a854-ffeb3c6149f0               |
| ip_version        | 4                                                  |
| ipv6_address_mode |                                                    |
| ipv6_ra_mode      |                                                    |
| name              | bcn_subnet                                         |
| network_id        | 4a252be5-29f8-4119-9e3f-4ec05cdaf749               |
| project_id        | a2bad0f6b980499a87e77627a7165f6f                   |
| revision_number   | 0                                                  |
| service_types     |                                                    |
| subnetpool_id     |                                                    |
| tags              |                                                    |
| tenant_id         | a2bad0f6b980499a87e77627a7165f6f                   |
| updated_at        | 2017-11-29T15:14:33Z                               |
+-------------------+----------------------------------------------------+

Trying to ... (more)

edit retag flag offensive close merge delete

Comments

Is it correct that you have both a br-ex and br-eth1 configured in the answer file?

CONFIG_NEUTRON_L3_EXT_BRIDGE=br-ex
...
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-eth1:eth1
Bernd Bausch gravatar imageBernd Bausch ( 2017-11-30 03:04:36 -0600 )edit

The following configuration directives are unclear:

CONFIG_NEUTRON_OVS_EXTERNAL_PHYSNET=
CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=
CONFIG_NEUTRON_OVS_BRIDGE_IFACES=
CONFIG_NEUTRON_OVN_EXTERNAL_PHYSNET=
CONFIG_NEUTRON_OVN_BRIDGE_MAPPINGS=
CONFIG_NEUTRON_OVN_BRIDGE_IFACES=
holger-king gravatar imageholger-king ( 2017-12-01 01:47:59 -0600 )edit

I just checked the above mentioned configuration settings. The one prefixed with:

  • "CONFIG_NEUTRON_OVS" are for the OpenStack Networking Open vSwitch plugin
  • "CONFIG_NEUTRON_OVN" are for the OpenStack Networking Open Virtual Networking plugin
holger-king gravatar imageholger-king ( 2017-12-11 07:08:40 -0600 )edit

It seems to be important to have the same name for the external layer 3 bridge in "CONFIG_NEUTRON_L3_EXT_BRIDGE" and the "...BRIDGE_MAPPINGS" values before the colon as:

  • CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS
  • CONFIG_NEUTRON_OVN_BRIDGE_MAPPINGS

refer to the value of "CONFIG_NEUTRON_L3_EXT_BRIDGE"

holger-king gravatar imageholger-king ( 2017-12-11 07:11:38 -0600 )edit

With this adapted packstack ANSWER file it doesn't work either: the Default GW of the tenant specific router is not reachable via ping. This router connects tenant-internal und external networks.

Can you help?

holger-king gravatar imageholger-king ( 2017-12-11 12:47:04 -0600 )edit