[Desperately asking for help] Instances cannot ping to the internet and cannot use SSH

asked 2019-08-29 12:02:47 -0500

Harry996 gravatar image

updated 2019-08-29 19:11:28 -0500

Hello everyone, I spent a whole day just tried to ping the internet from the instances that I created. But there was no luck!

The list below is all configuration for each node. I don't know what part I did wrongly which I could not ping to the internet and couldn't ssh to the instances as well. Please Help me, I will be very appreciated!

  1. This is Network Topology of my setup https://i.ibb.co/XsL26J3/Screenshot-f...
  2. The interfaces are always down https://i.ibb.co/vds5tqW/Screenshot-f...
  3. ml2_conf.ini on controller node

    root@controller:~# grep -o '^[^#]*'
    /etc/neutron/plugins/ml2/ml2_conf.ini 
    [DEFAULT]
    [l2pop]
    [ml2]
    type_drivers = flat,vlan,vxlan
    tenant_network_types = vxlan  
    extension_drivers = port_security  
    mechanism_drivers = opendaylight_v2
    [ml2_odl]
    enable_dhcp_service = False  
    port_binding_controller = pseudo-agentdb-binding  
    password = admin  
    username = admin  
    url = http://10.10.10.100:8181/controller/nb/v2/neutron  
    [ml2_type_flat]
    flat_networks = *
    [ml2_type_geneve]
    [ml2_type_gre]
    [ml2_type_vlan]
    [ml2_type_vxlan]
    vni_ranges =1:1000
    [securitygroup]
    enable_ipset = true
    firewall_driver = neutron.agent.not.a.real.FirewallDriver
    
  4. openstack network agent list

controller@controller:~$ openstack network agent list

+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------------+
| ID                                   | Agent Type     | Host       | Availability Zone | Alive | State | Binary                       |
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------------+
| 0ddccc98-5d64-4235-9fed-ed90016fe4fd | DHCP agent     | compute2   | nova              | :-)   | UP    | neutron-dhcp-agent           |
| 12da6f0a-3b6c-476d-a49a-ab7ddf4b5b3c | ODL L2         | controller | None              | :-)   | UP    | neutron-odlagent-portbinding |
| 1ec6b8d2-ca34-40c8-8105-8fe868577535 | ODL L3         | network    | None              | :-)   | UP    | neutron-odlagent-portbinding |
| 2e8fdc4f-5647-4b8e-94af-83f3dcbfb790 | ODL L2         | compute1   | None              | :-)   | UP    | neutron-odlagent-portbinding |
| 36901483-0c5f-47ca-a8b1-16326c95944d | Metadata agent | network    | None              | :-)   | UP    | neutron-metadata-agent       |
| 3ee285dd-dfd1-491a-8e51-e616574607ce | Metadata agent | compute3   | None              | :-)   | UP    | neutron-metadata-agent       |
| 5ac2dbc4-ed92-40d3-8854-e3544a497535 | Metadata agent | controller | None              | :-)   | UP    | neutron-metadata-agent       |
| 674dfbdb-8f37-40ff-bc59-98da0db72f40 | DHCP agent     | compute3   | nova              | :-)   | UP    | neutron-dhcp-agent           |
| 813413b4-1752-474b-bdf9-96a234935e70 | DHCP agent     | network    | nova              | :-)   | UP    | neutron-dhcp-agent           |
| 895318f5-2d5b-4e04-bbfe-9dd0195ab92e | Metadata agent | compute1   | None              | :-)   | UP    | neutron-metadata-agent       |
| 8ca187fa-654d-4251-a52d-748293f29e56 | ODL L3         | controller | None              | :-)   | UP    | neutron-odlagent-portbinding |
| bca2843e-fc00-4efd-ba05-822b08c73ff2 | ODL L2         | compute2   | None              | :-)   | UP    | neutron-odlagent-portbinding |
| d3f189fd-3793-4f0e-acc5-f69310f0e08b | Metadata agent | compute2   | None              | :-)   | UP    | neutron-metadata-agent       |
| daaced5b-0066-47b4-95bf-52d299966b27 | ODL L2         | network    | None              | :-)   | UP    | neutron-odlagent-portbinding |
| e494efd1-4609-4e79-bc8b-ab1c42175077 | DHCP agent     | compute1   | nova              | :-)   | UP    | neutron-dhcp-agent           |
| ee5423ee-49bf-4021-8c05-1a8fb5c161c0 | ODL L2         | compute3   | None              | :-)   | UP    | neutron-odlagent-portbinding |
+--------------------------------------+----------------+------------+-------------------+-------+-------+------------------------------+

5 . ovs-vsctl show on controller node and compute node (same)

root@controller:~# ovs-vsctl show
39036e06-7866-4c47-b395-43b47c530ebe
    Manager "ptcp:6641:127.0.0.1"
    Manager "tcp:10.10.10.100:6640"
        is_connected: true
    Bridge br-int
        Controller "tcp:10.10.10.100:6653"
            is_connected: true
        fail_mode: secure
        Port br-ex
            Interface br-ex
                error: "could not open network device br-ex (No such device)"
        Port br-ex-patch
            Interface br-ex-patch
                type: patch
                options: {peer=br-ex-int-patch}
        Port br-int
            Interface br-int
                type: internal
        Port "tun693ebc93a18"
            Interface "tun693ebc93a18"
                type: vxlan
                options: {key=flow, local_ip="10.10.10.11", remote_ip="10.10.10.12"}
                bfd_status: {diagnostic="No Diagnostic", flap_count="1", forwarding="true", remote_diagnostic="Control Detection Time Expired", remote_state=up, state=up}
        Port "tun3c2754eee1d"
            Interface "tun3c2754eee1d"
                type: vxlan
                options: {key=flow, local_ip="10.10.10.11", remote_ip="10.10.10.14"}
                bfd_status: {diagnostic="No Diagnostic", flap_count="1", forwarding="true", remote_diagnostic="Control Detection Time Expired", remote_state=up, state=up}
        Port "tun84591bdc4c8"
            Interface "tun84591bdc4c8"
                type: vxlan
                options: {key=flow, local_ip="10.10.10.11",remote_ip="10.10.10.15"}
                bfd_status: {diagnostic="No Diagnostic",flap_count="1", forwarding="true",remote_diagnostic="Control Detection Time Expired", remote_state=up, state=up}
        Port "tun5a675391011"
            Interface "tun5a675391011"
                type: vxlan
                options: {key=flow, local_ip="10.10.10.11", remote_ip="10.10.10.13"}
                bfd_status: {diagnostic="No Diagnostic", flap_count="1", forwarding="true", remote_diagnostic="Control Detection ...
(more)
edit retag flag offensive close merge delete

Comments

While I have no experience with Opendaylight, one detail looks wrong: The provider network has the address range of the VM traffic network, but in my opinion it should be the "public" network that connects to the internet, i.e. 192.

You say instances can't use SSH. Can they connect to each other?

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-29 17:13:45 -0500 )edit

yes, Instances can connect to each other. I changed the "public" network as 192. using NAT Network in virutalbox. But I still cannot ping to the internet. the interfaces are always down. Also, IDK I create flat network in provider network is correct or not, or it should be local or vxlan?

Harry996 gravatar imageHarry996 ( 2019-08-29 21:20:15 -0500 )edit

Flat is correct. Local is for test networks that are not connected outside. Not sure how Vxlan works for external networks.

If the interfaces are down, perhaps you see ERROR or WARNING messages in the various Neutron logs?

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-29 22:02:53 -0500 )edit

Another detail that's strange. I thought that Virtualbox NAT uses 10.0.2.x addresses for the VMs, not addresses from the 192 range. Is 192 correct?

Can you connect from a controller to floating IPs of instances?

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-29 22:07:07 -0500 )edit

Another detail. Again, I don't know about Opendaylight, but when you use bare Openvswitch as a mech driver, you need

ovs-vsctl add-port br-ex eth2

on the NW node (https://docs.openstack.org/neutron/la..., step 5).

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-29 22:12:20 -0500 )edit