Ask Your Question
2

instance cannot ping external network

asked 2019-07-12 16:17:53 -0500

vpradhan gravatar image

Hi,

I deployed openstack using kolla (rocky). My controller and deploy machines are Ubuntu 18.04 VMs running on Proxmox. My neutron external network is a pfsense LAN. I have two compute nodes running Ubuntu 18.04 (on metal not VMs). I have two cirros instances on demo-net and they can ping each other and the demo-router. demo-* was automatically setup by running init-once. When I ping my gateway on the external network I can see the echo requests using tcpdump on vxlan_sys_4789 on the controller machine. Any help in figuring this out is appreciated.

Additional Info:

oscontrol@oscontrol:~$ docker exec openvswitch_vswitchd ovs-vsctl show
c86e2fb7-af1e-47b2-8a6b-c1c9ebb7053c
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-ex
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port br-ex
            Interface br-ex
                type: internal
        Port "ens18"
            Interface "ens18"
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "tap0ceeef01-b5"
            tag: 5
            Interface "tap0ceeef01-b5"
                type: internal
        Port "qr-92c98b74-c2"
            tag: 5
            Interface "qr-92c98b74-c2"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "qg-86e06ca5-d7"
            tag: 6
            Interface "qg-86e06ca5-d7"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
    Bridge br-tun
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-0a0a0adc"
            Interface "vxlan-0a0a0adc"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.10.10.210", out_key=flow, remote_ip="10.10.10.220"}
        Port br-tun
            Interface br-tun
                type: internal
oscontrol@oscontrol:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master ovs-system state DOWN group default qlen 1000
    link/ether 7a:cf:b6:3b:3d:1b brd ff:ff:ff:ff:ff:ff
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 4a:71:b6:1b:79:9f brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.210/24 brd 10.10.10.255 scope global ens19
       valid_lft forever preferred_lft forever
    inet 10.10.10.100/32 scope global ens19
       valid_lft forever preferred_lft forever
    inet6 fe80::4871:b6ff:fe1b:799f/64 scope link
       valid_lft forever preferred_lft forever
4: ens20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 72:c3:c4:26:66:b6 brd ff:ff:ff:ff:ff:ff
    inet 10.168.1.210/24 brd 10.168.1.255 scope global ens20
       valid_lft forever preferred_lft forever
    inet6 fe80::70c3:c4ff:fe26:66b6/64 scope link
       valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42 ...
(more)
edit retag flag offensive close merge delete

Comments

I'm not sure if this is relevant but ens18 on the controller is a ovs-bridge, which is bridges the pfsense LAN port.

vpradhan gravatar imagevpradhan ( 2019-07-12 17:00:37 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
1

answered 2019-07-18 10:41:25 -0500

vpradhan gravatar image

The problem was that ens18 (neutron_external_interface) was down. If using interfaces file, then setting it to manual will be enough. On Ubuntu 18.04 it uses a new software called netplan. There is a known bug that you cant keep the interface up without assigning an IP (https://bugs.launchpad.net/netplan/+b...).

You can use one of the workarounds in the link. I used dhcp6: yes, dhcp4: no. This brings up the interface and then br-ex works properly. But I guess this will only let you use ipv4 (which is okay).

edit flag offensive delete link more
1

answered 2019-07-16 23:15:12 -0500

Vinoth gravatar image
  • Make sure you have a special IP address configured for ens18 in nic configuration file.
  • Set MTU to 1450 for VM NIC.
edit flag offensive delete link more

Comments

Hi Vinoth, thanks for the answer. I figured out the problem when trying to assign a IP to the interface.. It worked for a minute and then died again. Then I tried to just bring the interface up without IP.

vpradhan gravatar imagevpradhan ( 2019-07-18 10:45:03 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2019-07-12 16:16:11 -0500

Seen: 74 times

Last updated: Jul 18