Problem connecting external host to vxlan

asked 2018-05-23

crazik gravatar image

What I need: connect external host to the neutron VXLAN subnet (for Octavia deployment).
What I did:

  • created network&subnet on neutron
  • spawned OpenStack VM with this subnet
  • created vxlan-ID interface on my external host with static address from neutron subnet
    (ip link add vxlanXX type vxlan id XX dev br0.yy dstport 0, and so on..)

What happens:

  • when I ping subnet ha-router from external host, there is no effect
  • when I ping external host from neutron namespace for this qrouter, ping starts to work in a few seconds on both sides.
  • when I try to ping any nova instance inside this subnet, there is no connection
  • when I add routing to this subnet via neutron ha-router (x.x.x.1), I got redirects, but still no connection
  • when I login to the nova instance and add exclusive routing to the my external instance via ha-router, then pings starts working on both sides.

I need to make it working without adding additional routings, or find a way to automatically add them to the newly created Openstack's VMs.
Probably I did some mistakes in above config, so please help me to find a proper way to do that.
All examples I found are about connecting OpenStack subnets with OVS, which I can't use.


  • Ubuntu Xenial
  • OpenStack Queens
  • Neutron with LinuxBridge Agents
Normally, Octavia runs in instances that are hosted on compute nodes. Why do you want to deploy it otherwise?

Bernd Bausch ( 2018-05-23 )

You mean Octavia manager/api, or Amphoras? I thought that only Amphoras live there. As I said - I saw many configuration examples for similar design, but based on OVS, not linuxbridge.

crazik ( 2018-05-23 )

2 answers

answered 2018-05-24

crazik gravatar image

I changed network type from VXLAN to VLAN everything is working as expected.
I have no more time for VXLAN debugging, but it might be worth to solve this in a further time.

answered 2018-05-23

johnsom gravatar image

Yes, this is a common deployment topology connecting the lb-mgmt-net in neutron to your controller instances/hosts.

This does sound like a neutron / networking issue and not related to Octavia itself. Just off the top of my head here are a few things to consider: 1. Check your security groups and iptables configurations 2. Check you host's reverse path check settings in the kernel 3. Check the spanning tree configurations (if there are any)


Correct, it's a neutron issue only.
No iptables on both ends, SG permits all. rp_filter =1.

Anyway, I switched to the VLANs.

crazik ( 2018-05-24 )

