Ask Your Question
0

Floating IP Configuration in Quantum + openvswitch

asked 2012-10-16 17:27:19 -0500

vivekraghuwanshi gravatar image

I need some help in configuration of quantum floating ips.

I am able to ping and ssh my instances via their internal ips (172.24.1.x)

But not able to access them via floating ips .

I am using gre type network, and using all in one box, once its up i am adding some more compute node in the cluster.

find below the results.

root@us000901:~# quantum floatingip-list +--------------------------------------+------------------+---------------------+--------------------------------------+ | id | fixed_ip_address | floating_ip_address | port_id | +--------------------------------------+------------------+---------------------+--------------------------------------+ | 2381aa6c-2690-4a52-b558-4c553e1f1bd9 | 172.24.1.3 | 10.83.192.132 | 97697210-fd93-43a1-bdb3-d096f51c137e | | 241482f1-41ca-49d6-8d72-ff46d6bd6ec5 | | 10.83.192.134 | | | 6ca0e952-bf83-4602-b46a-a5e95ef64266 | | 10.83.192.135 | | | f3f9e910-a3dd-4872-a977-8835cf0f95b3 | | 10.83.192.133 | | +--------------------------------------+------------------+---------------------+--------------------------------------+

root@us000901:~# quantum router-list +--------------------------------------+-----------------+--------------------------------------------------------+ | id | name | external_gateway_info | +--------------------------------------+-----------------+--------------------------------------------------------+ | 935a00d9-1426-40d7-8304-d33d83c350dc | provider-router | {"network_id": "162030bb-ab1a-4346-87cb-b3182619d959"} | +--------------------------------------+-----------------+--------------------------------------------------------+

root@us000901:~# quantum net-list +--------------------------------------+-----------+--------------------------------------+ | id | name | subnets | +--------------------------------------+-----------+--------------------------------------+ | 162030bb-ab1a-4346-87cb-b3182619d959 | ext_net | fa9dc9b5-03cd-4090-ae44-484fe968d825 | | 35918ece-1847-4213-a283-8968136c45eb | admin-net | 9404d2c0-d495-4db2-a661-3ab93958337d | +--------------------------------------+-----------+--------------------------------------+

root@us000901:~# quantum subnet-list +--------------------------------------+------+------------------+----------------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+------+------------------+----------------------------------------------------+ | 9404d2c0-d495-4db2-a661-3ab93958337d | | 172.24.1.0/24 | {"start": "172.24.1.2", "end": "172.24.1.254"} | | fa9dc9b5-03cd-4090-ae44-484fe968d825 | | 10.83.192.128/25 | {"start": "10.83.192.131", "end": "10.83.192.250"} | +--------------------------------------+------+------------------+----------------------------------------------------+

root@us000901:~# ovs-vsctl show e2339720-8c6b-4329-8ac1-26fb93007447 Bridge br-int Port br-int Interface br-int type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port "qvo97697210-fd" tag: 2 Interface "qvo97697210-fd" Port "tap5cb36f0c-c7" tag: 2 Interface "tap5cb36f0c-c7" type: internal Bridge br-tun Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Bridge br-ex Port "eth3" Interface "eth3" Port br-ex Interface br-ex type: internal ovs_version: "1.4.0+build0" root@us000901:~#

root@us000901:~# cat /etc/network/interfaces

This file describes the network interfaces available on your system

and how to activate them. For more information, see interfaces(5).

The loopback network interface

auto lo iface lo inet loopback

The primary network interface

auto eth0 iface eth0 inet static address 10.83.192.1 netmask 255.255.255.0 network 10.83.192.0 broadcast 10.83.192.255 gateway 10.83.192.254 # dns-* options are implemented by the resolvconf package, if installed dns-nameservers 10.83.2.25 dns-search http://ap.tieto.com

VMs Networks with OVS in tunnel mode

auto eth1 iface eth1 inet static address 172.24.0.3 netmask 255.255.0.0

Public Bridge

auto eth3 iface eth3 inet manual up ifconfig $IFACE 0.0.0.0 up up ip link set $IFACE promisc on down ip link set $IFACE promisc off down ifconfig $IFACE down root@us000901:~#

I am also having one question can i use floating ip are of same network where i am using my node eth0.

edit retag flag offensive close merge delete
add a comment

10 answers

Sort by ยป oldest newest most voted
0

answered 2012-10-18 04:22:46 -0500

vivekraghuwanshi gravatar image

Thanks Aaron,

I am trying the proposed config changes and update teh thread accordingly.

edit flag offensive delete link more
add a comment
0

answered 2012-11-05 06:51:00 -0500

vivekraghuwanshi gravatar image

Hi All,

The issue is now fixed by vi /usr/share/pyshared/quantum/agent/linux/iptables_manager.py +272

s = [('/sbin/iptables', self.ipv4)]

If I change this to:

    s = [('iptables', self.ipv4)]

and then its fixed

now i am able to ping and ssh the instances

Thankyou all

edit flag offensive delete link more
add a comment
0

answered 2012-10-23 06:32:02 -0500

vivekraghuwanshi gravatar image

firewall_driver=nova.virt.firewall.NoopFirewallDriver Instanves booted without IP and in erroe state

libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtOpenVswitchDriver Results Instances Failed to spawn

edit flag offensive delete link more
add a comment
0

answered 2012-10-17 18:09:01 -0500

arosen gravatar image

You're probably getting blocked by nova security groups. If you change the following values in nova.conf it should work.

firewall_driver=nova.virt.firewall.NoopFirewallDriver libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtOpenVswitchDriver

edit flag offensive delete link more
add a comment
0

answered 2012-10-19 14:32:28 -0500

vivekraghuwanshi gravatar image

Not resolved via this

edit flag offensive delete link more
add a comment
0

answered 2012-10-17 04:06:13 -0500

vivekraghuwanshi gravatar image

root@us000901:~# quantum port-list -- --device_id 86a3ec45-f92f-4f30-b39e-fa2c5a2ec88e +--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+ | id | name | mac_address | fixed_ips | +--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+ | 97697210-fd93-43a1-bdb3-d096f51c137e | | fa:16:3e:5d:f8:79 | {"subnet_id": "9404d2c0-d495-4db2-a661-3ab93958337d", "ip_address": "172.24.1.3"} | +--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+ root@us000901:~# quantum floatingip-show 2381aa6c-2690-4a52-b558-4c553e1f1bd9 +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | fixed_ip_address | 172.24.1.3 | | floating_ip_address | 10.83.192.132 | | floating_network_id | 162030bb-ab1a-4346-87cb-b3182619d959 | | id | 2381aa6c-2690-4a52-b558-4c553e1f1bd9 | | port_id | 97697210-fd93-43a1-bdb3-d096f51c137e | | router_id | 935a00d9-1426-40d7-8304-d33d83c350dc | | tenant_id | 51c3b9e0f5e74e45be915497b9b9e53d | +---------------------+--------------------------------------+ root@us000901:~#

adding some more infotmation

edit flag offensive delete link more
add a comment
0

answered 2012-10-23 15:30:00 -0500

msymonds gravatar image

I have the same problem with floating IP's.

I am running one control node with quantum-server, L3 and openvswitch, and two compute nodes with nova-compute and openvswitch.

I am using namespaces. I am able to ping the private IP address from the namespace, but not the floating IP. I can see the (correctly NAT'd) traffic getting to the compute node on the bridge interface for the VM.

My default secgroup is:

[admin:admin] root@openstack-control:~# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | icmp | -1 | -1 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+

When loading both: firewall_driver=nova.virt.firewall.NoopFirewallDriver libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtOpenVswitchDriver

I can ping the VM on its public and floating IP.

edit flag offensive delete link more
add a comment
0

answered 2012-10-23 17:38:12 -0500

danwent gravatar image

I do not think what you're trying to do will work, as the routing table on your host will likely send packets to 10.83.192.0/24 out eth0, where as you need a route that sends traffic to 10.83.192.0/24 out the br-ex interface.

edit flag offensive delete link more
add a comment
0

answered 2012-10-24 11:09:08 -0500

msymonds gravatar image

I now have this working.

I had created the secgroup for the admin user but was booting machines for the demo user.

edit flag offensive delete link more
add a comment
0

answered 2012-11-05 06:52:05 -0500

vivekraghuwanshi gravatar image

Hi All,

The issue is now resolved

On Wed, Oct 24, 2012 at 4:41 PM, Matt question211395@answers.launchpad.netwrote:

Your question #211395 on quantum changed: https://answers.launchpad.net/quantum/+question/211395 (https://answers.launchpad.net/quantum...)

Matt posted a new comment: I now have this working.

I had created the secgroup for the admin user but was booting machines for the demo user.

You received this question notification because you asked the question.

ViVek Raghuwanshi Mobile -+91-09595950504

Skype - vivek_raghuwanshi

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2012-10-16 17:27:19 -0500

Seen: 155 times

Last updated: Nov 05 '12

Related questions

slow ping into gre tunnel

HA of Glance

define color palette in less files

Mystery subnet

Virus Scanning

How to disable a tenant in keystone(essex4)

Diablo-2 HTTP queries

Cinder-Volume fails to start after reboot

Neutron overlay network

Glance with postgres db gives connection refused error