Ask Your Question
0

Need help with my br-ex configuration

asked 2017-12-05 15:26:36 -0600

jcorkey gravatar image

I have deployed using kolla so openstack services are running in containers. I have one control node and one compute node.

in my globals.yml I set em1 as my network_interface and I set em2 as my neutron_external_interface

ifcfg-em1 configuration:

DEVICE="em1"
ONBOOT=yes
NETBOOT=yes
UUID="f75d9728-7e01-4b03-90a1-790b377c4465"
IPV6INIT=no
BOOTPROTO=none
TYPE=Ethernet
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV4_ROUTE_METRIC=100
IPV4_DNS_PRIORITY=100
DNS1=172.28.0.100
IPADDR=172.28.9.5
PREFIX=24
GATEWAY=172.28.9.1

ifcfg-em2 configuration:

TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
NAME=em2
UUID=d1c9d522-aa05-4c2e-9ee7-3369eee04bc6
DEVICE=em2
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none

Here is the ovs-vsctl show output from the control node which is running the network services:

[root@openstackcontroller network-scripts]# docker exec -ti openvswitch_vswitchd ovs-vsctl show
59269da8-6cdc-4fbf-a8f9-e1f5448f8452
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-ex
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "em2"
            Interface "em2"
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-ac1c0906"
            Interface "vxlan-ac1c0906"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="172.28.9.5", out_key=flow, remote_ip="172.28.9.6"}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "qr-c7a6dcf0-5b"
            tag: 4
            Interface "qr-c7a6dcf0-5b"
                type: internal
        Port "tap5ae8cbc8-df"
            tag: 4
            Interface "tap5ae8cbc8-df"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qg-2bfa4de4-ac"
            tag: 5
            Interface "qg-2bfa4de4-ac"
                type: internal
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port br-int
            Interface br-int
                type: internal
        Port "tapb0a96682-54"
            tag: 5
            Interface "tapb0a96682-54"
                type: internal

It says that the br-ex has em2 as a port

Bridge br-ex
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "em2"
            Interface "em2"

So why doesn't br-ex show that its up when I do ip a on the control node like below

[root@openstackcontroller network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether d4:ae:52:6f:49:33 brd ff:ff:ff:ff:ff:ff
    inet 172.28.9.5/24 brd 172.28.9.255 scope global em1
       valid_lft forever preferred_lft forever
    inet 172.28.9.139/32 scope global em1
       valid_lft forever preferred_lft forever
    inet6 fe80::d6ae:52ff:fe6f:4933/64 scope link
       valid_lft forever preferred_lft forever
3: em2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovs-system state UP qlen 1000
    link/ether d4:ae:52:6f:49:34 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::d6ae:52ff:fe6f:4934/64 scope ...
(more)
edit retag flag offensive close merge delete
add a comment

1 answer

Sort by » oldest newest most voted
0

answered 2017-12-07 08:44:30 -0600

Eduardo Gonzalez gravatar image

Hi,

br-ex does not need a config file. Issue here is that system detect (based on interface) config file that is ia port on a br-ex but really ovs isnt running in the host rather than a container. So it will endup not being able to attach interface into bridge.

During OVS deployment, kolla will create a OVS bridge and attach neutron_external_interface into it. When you create a network, set a gateway IP and a range and that will be the used to connect outside.

br-ex is shown as DOWN because the system does not recognizes the interface as UP, really is managed by OVS in a container.

Short resume.

  • DO not create a bridge file, just keep the interface IP without IP address.
  • OVS will configure the interface in the bridge.
  • Neutron will configure network/gateway in the brdige.
  • Nothing in the system is required unless you doing some bonding for vlans or HA.

Regards

edit flag offensive delete link more

Comments

Thank you. What should the configuration of the neutron_external_interface configuration look like then in order for ovs to use it? Mine is called em2. So should the ifcfg-em2 look like the below comment?

jcorkey gravatar imagejcorkey ( 2017-12-07 10:03:07 -0600 )edit
  • DEVICE=em2
    • DEVICETYPE=ovs
    • TYPE=OVSPort
    • OVS BRIDGE=br-ex
    • ONBOOT=yes
    • BOOTPROTO=none
jcorkey gravatar imagejcorkey ( 2017-12-07 10:04:21 -0600 )edit

also, will I have to re-deploy after removing the ip address from em2 or can I just remove to ip address and restart docker containers after modifying the ifcfg-em2 config?

jcorkey gravatar imagejcorkey ( 2017-12-07 10:39:25 -0600 )edit

how can I run tcpdump br-ex if br-ex is not listed anywhere?

jcorkey gravatar imagejcorkey ( 2017-12-07 16:59:52 -0600 )edit
1

Just this config:

DEVICE=<INTERFACE_NAME>
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"

Device SHOULD NOT be configured as a ovs device.

br-ex will exists after deployment

Eduardo Gonzalez gravatar imageEduardo Gonzalez ( 2017-12-11 01:55:12 -0600 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2017-12-05 15:26:36 -0600

Seen: 1,256 times

Last updated: Dec 07 '17

Related questions

In my kolla openstack deployment, Why is br-ex conflicting with external traffic?

kolla-ansible ceph osd not up

kolla ansible - instance no internet

How do you not lose instance snapshots or VM's after a redeployment with kolla

devstack: [Neutron] instances unreachables

How to change Openstack Kolla/Kolla-ansible container dumb-init command

kolla-ansible pull error

kolla-build fails to build ovsdpdk and kafka container images

ImportError: cannot import name decorate

Kolla-ansible unable to start memcached?