Ask Your Question
1

Basic networking questions - Single NIC [closed]

asked 2014-04-08 17:13:31 -0600

pjriot gravatar image

updated 2014-04-08 18:15:08 -0600

Hi folks, I have a couple of very basic questions here due to a lack of understanding around some core concepts I'm afraid.

I have a dual node setup consisting of a combined controller / network host and separate compute host each with a single NIC. Unfortunately I'm having trouble accessing running instances. Some background:

  • The network I'm on has no spare IP addresses so I cannot set up an external network with floating ip's.
  • I have an internal network set up (with an internal router), but cannot seem to access it from the compute / controller nodes. (should I be able to without the external net?)
  • 'nova list' shows an instance with an ip, but the instance itself can't see the network. (its a simple ubuntu cloudimg)
  • nova ssh instance reports: ERROR: No public addresses found for 'test2'. (test2 being the name of the instance)

One thing I'm particularly confused about is how a single nic setup should work. I have added two bridges, br-ex and br-int. I have moved the external ip from eth0 to br-ex, (as per http://openstack.redhat.com/forum/discussion/628/havana-neutron-does-br-ext-and-br-int-have-ips/p1 (http://openstack.redhat.com/forum/dis...) ) but I've done nothing with br-int. (I've done this on both the network and compute hosts) So I guess my questions are as follows:

  • Should I need an external network / router to access the vm's from the compute host?
  • Am I missing a few steps in order to make this work with a single NIC?

Any help / context / pointers would be much appreciated.

COMPUTE:
-bash-4.1$ sudo ovs-vsctl show
b546a82c-648a-4d07-b26b-1519e7f809ca
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "gre-2"
            Interface "gre-2"
                type: gre
                options: {in_key=flow, local_ip="10.163.136.68", out_key=flow, remote_ip="10.163.131.123"}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-ex
        Port "eth0"
            Interface "eth0"
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
        Port "qvo6663ea21-f2"
            Interface "qvo6663ea21-f2"

CONTROLLER:
-bash-4.1$ sudo ovs-vsctl show
f1080aa4-2508-464a-ac17-03b4f211dce3
    Bridge br-int
        Port "tapdbaded17-55"
            tag: 1
            Interface "tapdbaded17-55"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "tap56c37fd2-d0"
            tag: 1
            Interface "tap56c37fd2-d0"
        Port br-int
            Interface br-int
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "eth0"
            Interface "eth0"
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
        Port "gre-1"
            Interface "gre-1"
                type: gre
                options: {in_key=flow, local_ip="10.163.131.123", out_key=flow, remote_ip="10.163.136.68"}

-bash-4.1$ neutron router-show 2f44dfb8-f0ab-4b4d-9a74-13aa81940a95
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| admin_state_up        | True                                 |
| external_gateway_info |                                      |
| id                    | 2f44dfb8-f0ab-4b4d-9a74-13aa81940a95 |
| name                  | admin-internal-router                |
| routes                |                                      |
| status                | ACTIVE                               |
| tenant_id             | 3280618841f44ca0924977ab42ffde8b     |
+-----------------------+--------------------------------------+
-bash-4.1$ neutron net-show 798285f7-75aa-44cc-a86b-5aceaab5276f
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | 798285f7-75aa-44cc-a86b-5aceaab5276f |
| name                      | admin-internal-net                   |
| provider:network_type     | gre                                  |
| provider:physical_network |                                      |
| provider:segmentation_id  | 3                                    |
| router:external           | False                                |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   | e6b11e6a-9a03-4b02-a8e9-e07bfcc2aa8f |
| tenant_id                 | 3280618841f44ca0924977ab42ffde8b     |
+---------------------------+--------------------------------------+
-bash-4.1$ neutron subnet-show e6b11e6a-9a03-4b02-a8e9-e07bfcc2aa8f
+------------------+--------------------------------------------------+
| Field            | Value                                            |
+------------------+--------------------------------------------------+
| allocation_pools | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr             | 192 ...
(more)
edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by SamYaple
close date 2014-05-15 14:20:28.652886

add a comment

1 answer

Sort by ยป oldest newest most voted
5

answered 2014-04-25 11:06:47 -0600

larsks gravatar image

You first question...

Should I need an external network / router to access the vm's from the compute host?

...has an easy answer. Yes, you do still need an external network and a router if you want to access a nova instance from any of your hosts. A neutron network is segregated inside a network namespace and is typically not accessible from the host running your neutron services. You can see a list of namespaces like this:

# ip netns

Which on my system results in:

qrouter-acc6b46f-d040-490f-8d1f-7d6f9a0df8d9
qdhcp-9c20f065-0e20-49f0-9a29-1dd531f32092
qdhcp-3ff9b903-e921-4752-a26f-cba8f1433992

The qdhcp namespaces correspond to Neutron networks, and the qrouter namespace(s) correspond to routers. You can run a command inside a namespace like this:

# ip netns exec qdhcp-3ff9b903-e921-4752-a26f-cba8f1433992 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
[...]
44: tap786bdb61-98: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether fa:16:3e:54:99:be brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.3/24 brd 10.0.0.255 scope global tap786bdb61-98
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe54:99be/64 scope link 
       valid_lft forever preferred_lft forever

You can use this to access an instance from your network host without setting up an external network by doing something like:

# ip netns exec qdhcp-3ff9b903-e921-4752-a26f-cba8f1433992 ping 10.0.0.4

On my system, that will ping a running instance using it's internal network address.

Setting up an external network will allow you to access your instances without this sort of namespace manipulation. There are a few different ways of setting up external networks. For your purposes:

  • Make sure external_network_bridge is configured to something (like br-ex) in /etc/neutron/l3_agent.ini.

  • Create an external network:

    # neutron net-create external --router:external=true
# neutron subnet-create external 192.168.200.0/24

    Note that here I'm using 192.168.200.0/24 for the external network, but you can pick anything that doesn't conflict with other locally visible networks.

  • Create a router and set the gateway to your external network:

    # neutron router-create extrouter
# neutron router-gateway-set extrouter external

  • Attach your private subnets to the router:

    # neutron router-interface-add extrouter <SUBNETID>

  • Make sure br-ex has an ip address on the external network subnet:

    # ip a add 192.168.200.1/24 dev br-ex

At this point, you should be able to assign floating addresses to your instances and then be able to access them from your network host (where "network host" means "the host running the neutron l3 agent").

edit flag offensive delete link more

Comments

Thanks a lot for the help larsks. Apologies for the delay, my project had to be postponed for a while but once I got back into it and separated my combined controller/network node into separate hosts this answer proved very helpful in getting everything running. Thanks again.

pjriot gravatar imagepjriot ( 2014-05-15 13:58:36 -0600 )edit

One problem I did manage to figure out was that I could only ping / otherwise access instances from the network node. It turned out that this was because of the fact that my controller / network node were both running on VirtualBox and I hadn't configured the network adapter to be in promisc mode.

pjriot gravatar imagepjriot ( 2014-06-05 10:41:00 -0600 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-04-08 17:13:31 -0600

Seen: 1,089 times

Last updated: May 15 '14

Related questions

[Liberty w' RDO] floating IP addresses not working with Cisco ASA 5505

kolla aio external network with single NIC

Networking with openstack

How to workaround glance timeout? [closed]

neutron dhcp issues

no default gateway on neutron router

External network is not reachable from subnet

ip netns - iptables

Cross-Subnet Chain

Only VMs on private network not acquiring IP address