So I have a single node running as compute/controller/network (it has the l3 agent and ovs running as well neutron services). This node has 2 interfaces: bond0 (my management network) and bond1 (to be used with neutron, connected to a trunk port on the switch). Networks: two external networks, with segmentation_id matching the 2 vlans on the switch trunk port and one internal network with segmentation_id 2000 (that is not on the trunked switch port).

This is what my ovs-vsctl show:

e455390e-47dc-4eaf-836a-25a8649bca90
    Bridge br-int
        Port "qvo1d39ad4a-da"
            tag: 1
            Interface "qvo1d39ad4a-da"
        Port "tap1ce329b3-73"
            tag: 1
            Interface "tap1ce329b3-73"
        Port br-int
            Interface br-int
                type: internal
        Port "int-br-bond1"
            Interface "int-br-bond1"
        Port "qvo2a70ce88-66"
            tag: 1
            Interface "qvo2a70ce88-66"
        Port "qr-03f14684-46"
            tag: 1
            Interface "qr-03f14684-46"
                type: internal
    Bridge "br-bond1"
        Port "phy-br-bond1"
            Interface "phy-br-bond1"
        Port "br-bond1"
            Interface "br-bond1"
                type: internal
        Port "bond1"
            Interface "bond1"
        Port "qg-1c589153-f7"
            Interface "qg-1c589153-f7"
                type: internal
    Bridge br-tun
        Port br-tun
            Interface br-tun
                type: internal
    ovs_version: "1.10.2"

I can ping instances from other instances running, and also the dhcp and internal gateway. I can also ping the external IP associated with the router. What doesn't work is getting out or in the instances to/from external networks.

I can also use ip netns to check iptables, routes and addresses, and as far as I can see, it's all there. I can also ping instances IPs and the floating IPs associated with them from the qrouter namespace.

Using tcpdump on the bridge doesn't show anything, just arp requests. I tried to sniff for vlan tagging but it also doesn't work.

My brctl show doesn't show much, also, but I am not sure if it should.

Finally, there are some points where the documentation is pretty muddy:

1. what config should be the bridge interface be using? Promiscuous mode? Do I need an IP address on it (it's a trunked connection so it won't make a difference)
2. do I need to do something else to get vlan tagging working correctly?
3. do I need or not a br-ex? And if yes, what would I bridge on it (having 2 interfaces, like I have).

So, if anyone can shine a light, or point me to a place where I can see config files/command outputs from people that made it work, I would be grateful.

ovs plugin conf:

[OVS]
tenant_network_type = vlan
network_vlan_ranges = physnet1:15:16,physnet1:2000:2010
enable_tunneling = False
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = 127.0.0.1
bridge_mappings = physnet1:br-bond1

l3 plugin conf

[DEFAULT]
debug = True
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True
gateway_external_network_id = 703d6ade-d861-409b-a5f0-b4d2338cd016
handle_internal_only_routers = True
external_network_bridge = br-bond1
metadata_port = 9697
send_arp_for_ha = 3
periodic_interval = 40
periodic_fuzzy_delay = 5

Some command outputs:

# neutron agent-list
+--------------------------------------+--------------------+------------+-------+----------------+
| id                                   | agent_type         | host       | alive | admin_state_up |
+--------------------------------------+--------------------+------------+-------+----------------+
| 364e6f48-708e-4f19-95fc-4e7de073707f | L3 agent           | openstack1 | :-)   | True           |
| 52682cd3-1be7-40fd-9cdf-b315f1888df6 | Open vSwitch agent | openstack1 | :-)   | True           |
| 9c755f92-a4a0-48f9-a8ab-f873aa3d4e71 | DHCP agent         | openstack1 | :-)   | True           |
+--------------------------------------+--------------------+------------+-------+----------------+

# neutron router-port-list 5c3b78c3-e3e5-4a83-9ece-1407213d8cee
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                            |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| 03f14684-460a-4d43-9b9e-72dc181791dd |      | fa:16:3e:2e:84:5e | {"subnet_id": "b9fbd620-3130-45f6-8657-9c5441e8d43d", "ip_address": "192.168.200.1"} |
| 1c589153-f76b-4834-b7f0-5fa16583f049 |      | fa:16:3e:1f:c6:68 | {"subnet_id": "7789ae37-580f-4c6a-b2be-5d9eaebceba3", "ip_address": "10.64 ...