Ask Your Question
0

selfservice VM cannot ping to router at network node

asked 2018-11-02 05:40:43 -0600

tien86 gravatar image

updated 2018-11-02 07:23:00 -0600

Dear,

I configure as https://docs.openstack.org/neutron/ro.... controller + compute1(Compute Node) + compute2 ( Network node )

I can create subnet 192.0.2.x on compute1, router on compute2. 2 VMs on compute1 can ping each other but cannot ping to gateway. I check packet go to Compute2 seem dropped.

ID PKT       TAB PRI   MATCH                                                       ACT                 
0  810833    0   1     in_port=patch-int                                           resubmit(,2)        
1  0         0   1     in_port=vxlan-0a01112a                                      resubmit(,4)        
2  79901     0   0     *                                                           drop                

3  810415    2   0     dl_dst=01:00::00/01:00::00                                  resubmit(,22)       
4  418       2   0     dl_dst=00::00/01:00::00                                     resubmit(,20)       

5  0         3   0     *                                                           drop                

6  0         4   1     tun_id=0x62                                                 mod_vlan_vid:1,resubmit(,10)
7  0         4   1     tun_id=0xc                                                  mod_vlan_vid:4,resubmit(,10)
8  0         4   1     tun_id=0x1f                                                 mod_vlan_vid:3,resubmit(,10)
9  0         4   0     *                                                           drop                

10 0         6   0     *                                                           drop                

11 0         10  1     *                                                           learn(table=20,hard_timeout=300,priority=1,cookie=0x61747ac29cf7d2aa,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:OXM_OF_IN_PORT[]),output:patch-int

12 0         20  2     dl_vlan=1,dl_dst=fa:16:3e:f9:46:b8                          strip_vlan,load:0x62->NXM_NX_TUN_ID[],output:vxlan-0a01112a
13 0         20  2     dl_vlan=1,dl_dst=fa:16:3e:5d:f2:38                          strip_vlan,load:0x62->NXM_NX_TUN_ID[],output:vxlan-0a01112a
14 0         20  2     dl_vlan=3,dl_dst=fa:16:3e:c8:f2:c2                          strip_vlan,load:0x1f->NXM_NX_TUN_ID[],output:vxlan-0a01112a
15 0         20  2     dl_vlan=3,dl_dst=fa:16:3e:0f:ac:dc                          strip_vlan,load:0x1f->NXM_NX_TUN_ID[],output:vxlan-0a01112a
16 0         20  2     dl_vlan=1,dl_dst=fa:16:3e:8b:f9:47                          strip_vlan,load:0x62->NXM_NX_TUN_ID[],output:vxlan-0a01112a
17 0         20  2     dl_vlan=4,dl_dst=fa:16:3e:be:0d:2e                          strip_vlan,load:0xc->NXM_NX_TUN_ID[],output:vxlan-0a01112a
18 0         20  2     dl_vlan=4,dl_dst=fa:16:3e:1e:01:cc                          strip_vlan,load:0xc->NXM_NX_TUN_ID[],output:vxlan-0a01112a
19 418       20  0     *                                                           resubmit(,22)       

20 3         22  1     dl_vlan=1                                                   strip_vlan,load:0x62->NXM_NX_TUN_ID[],output:vxlan-0a01112a
21 0         22  1     dl_vlan=3                                                   strip_vlan,load:0x1f->NXM_NX_TUN_ID[],output:vxlan-0a01112a
22 0         22  1     dl_vlan=4                                                   strip_vlan,load:0xc->NXM_NX_TUN_ID[],output:vxlan-0a01112a
23 810830    22  0     *                                                           drop                
EasyOVS> 

[root@compute2 ~]# ovs-dpctl dump-flows |grep 0x62
recirc_id(0),dp_hash(0),skb_priority(0),tunnel(tun_id=0x62,src=10.1.17.31,dst=10.1.17.43,ttl=64,tp_src=52266,tp_dst=4789,flags(+key)),in_port(2),skb_mark(0),ct_state(-new-est-rel-rpl-inv-trk-snat-dnat),ct_zone(0),ct_mark(0),ct_label(0),eth(src=fa:16:3e:5d:f2:38,dst=ff:ff:ff:ff:ff:ff),eth_type(0x0806),arp(sip=192.0.2.3,tip=192.0.2.1,op=1/0xff,sha=fa:16:3e:5d:f2:38,tha=00:00:00:00:00:00), packets:0, bytes:0, used:never, actions:drop

[root@compute2 ~]# ovs-appctl ofproto/trace br-tun in_port=3,tun_id=98,dl_src=fa:16:3e:5d:f2:38,dl_dst=00:00:00:00:00:00 -generate
Flow: tun_id=0x62,in_port=3,vlan_tci=0x0000,dl_src=fa:16:3e:5d:f2:38,dl_dst=00:00:00:00:00 ...
(more)
edit retag flag offensive close merge delete

Comments

This doesn't make sense:

I can create subnet 192.0.2.x on compute1

Subnets are created on networks, not compute nodes. Also: Why did you put the router on compute 2? Why not on the controller? Or is it a distributed router?

Before sharing the OVS details, share the neutron, L3 and ML2 config.

Bernd Bausch gravatar imageBernd Bausch ( 2018-11-02 07:27:55 -0600 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2018-11-02 11:56:29 -0600

novainfinite gravatar image

the router is on controller. ip netns should show 3 ports. do you have ping of router gateway? in your controller,do you have ping router gateway? what is your neutron linux bridge agent log?

i have this problem before. there is firewall in datacenter that block my packet. you can ask the admin to see your packet.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2018-11-02 05:40:43 -0600

Seen: 19 times

Last updated: Nov 02 '18