openvswitch provider network fails upon VM creation

asked 2018-09-19 09:34:01 -0500

sebastien gravatar image

Greetings,

here is my configuration:

controller node with 2 nic: one is mgmt network on eno2 with IP 192.168.10.60 (netmask 22), gateway/firewall is 192.168.8.1 on eth1 the other is eno1 as OVSPort for br-provider with fixe IP 192.168.12.60 (netmask 24), gateway firewall (same appliance as above= is 192.168.12.1 on eth2

storage/compute node with 2 nic: one is mgmt network on em4 with IP 192.168.10.59 (netmask 22), gateway/firewall is 192.168.8.1 on eth1 the other is em1 as OVSPort for br-provider with fixe IP 192.168.12.60 (netmask 24), gateway firewall (same appliance as above= is 192.168.12.1 on eth2

I had to create route rules as follows to be able to get network working properly:

192.168.12.0/24 dev br-provider tab 2
default via 192.168.12.1 dev br-provider tab 2
192.168.8.0/22 dev em4 tab 1
default via 192.168.8.1 dev em4 tab 1
from 192.168.12.59/32 tab 2 priority 200
from 192.168.10.59/32 tab 1 priority 100

Now, when I create a provider network on OpenStack, and then create a VM on that network, everything on the provider network falls down, ping don't reply no more from or to any of the 192.168.12.0/24 network, both compute and controller can't ping the gateway on its 192.168.12.1 address and only the mgmt network is working.

. admin-openrc
openstack subnet create --network bgx_provider --allocation-pool start=192.168.13.101,end=192.168.13.250 --dns-nameserver 208.67.222.222 --gateway 192.168.13.1 --subnet-range 192.168.13.0/24 bgx_provider-v4
. extra1-openrc
openstack server create --flavor 0S_A0 --image CentOS-7-x86_64-GenericCloud-1511 --nic net-id=9b33dc0a-0cad-4b27-a606-a5c8c79db32c --security-group default --key-name extra1_key tst-centos7-01

here are some more infos about my setup:

# ovs-vsctl list-ports br-provider
eno1
phy-br-provider
# ovs-vsctl list-ports br-tun
patch-int
# ovs-vsctl list-ports br-int
int-br-provider
patch-tun

how could I trace this behavior and check out the issue?

On another setup, I had the exact same configuration (hardware with 2 separated networks, same gateway) and it was working fine. The only difference was that the gateway was a Cisco appliance. On this current setup, the gateway is a watchguard appliance.

Best Regards,

edit retag flag offensive close merge delete