Instance traffic not returning on external networks

asked 2019-09-30 16:16:31 -0500

allisonw gravatar image

updated 2019-10-03 11:22:17 -0500

I have an all-in-one Queens Packstack (aware that it's almost out of support, but trying to match something existing for testing) install that I'm trying to get networking working on. I have an internal/tenant network that works fine, but I'm also trying to configure two external networks via OVS and neither are working at all - they cannot ping or communicate out over either external network in any way.

I'm only trying to do outbound traffic, not directly connect to any instance from outside, so it's my understanding that floating IPs are not needed. I've followed the instructions at access., as they seemed the clearest and were recommended to me. As per the setup/troubleshooting sections, I've confirmed:

  • The physical network name is used consistently throughout
  • The networks are external, with the VLAN network type (and this is also in the openvswitch config file), and the correct VLAN ID br-int and br-ex are connected via patch-peer
  • "Dump-flows" shows that packets are coming in via the expected port, and the OpenStack internal VLAN ID is being modified to the correct external VLAN IDs
  • My ifcfg-br-ex and ifcfg-<physicalport> files are setup as per the instructions. Also, external connectivity from the CentOS box (the outer container where PackStack is installed) is working properly
  • My physical port shows as UP in "ip a", and is marked with master ovs-system

The only thing that is off from the troubleshooting section is that the br-ex port is showing as state UNKNOWN in "ip a", though I've seen other references to this happening and still having normal operation. Not sure what to do about it, either way...

Thought it might be firewall related, but added accept all rules in iptables as a test and still no luck. Does anyone have any other ideas about where I could look or what I could try? Been bashing my head against this for quite some time and I'm pretty out of ideas at this point. Thanks!

ETA: I've now reduced the complexity of my physical networking to match another box that I know works (I don't have access to it directly, sadly). I now have only a single physical interface, trunked, with the native vlan matching the vlan of the outer CentOS box. I deleted all networks and created just one. Still the same problem. I can see the requests on the qbr interface, then on br-ex (where it's now translated to my external vlan id), then the physical int. I can see the reply come back on the physical, then on br-ex, but it's not making it to the qbr.

edit retag flag offensive close merge delete


Also wanted to add - NetworkManager is disabled, as is firewalld.

allisonw gravatar imageallisonw ( 2019-09-30 17:43:54 -0500 )edit

Figured out how best to trace the traffic flow. I can see that my requests are coming into the outer box via the qvo interface, then to the br-int, then to br-ex, then to the physical int and out to the gw. The replies are coming back from the gateway, then to br-ex, but then stopping before br-int.

allisonw gravatar imageallisonw ( 2019-10-02 12:09:57 -0500 )edit

(Previous comment moved here from post) As a follow up, I got someone to look at a working box, and they see this same behaviour. So, weird, but not the pointer to the issue. Turns out though that their trunk port has a native vlan, and mine doesn't, so I'm guessing that's the root of the issue.

allisonw gravatar imageallisonw ( 2019-10-02 12:11:32 -0500 )edit

Not the root, as it turns out. Matched my physical networking to theirs, and still same problem. Edited the post to reflect.

allisonw gravatar imageallisonw ( 2019-10-03 11:22:43 -0500 )edit