Ask Your Question
0

Icehouse multi-node neutron router not able to ping external gateway or outside of OVS bridge

asked 2014-10-20 11:27:24 -0500

Jet gravatar image

updated 2014-10-23 11:03:50 -0500

I'm following the OpenStack guide Installation Guide for Red Hat Enterprise Linux - icehouse for icehouse with multiple nodes. I am trying to get this working on VMs running on VMWare and configuring it for VXLAN instead of GRE. With that said I'm to the point in the guide where I'm trying to setup the network node and verifying that it works i.e. Installation Guide for Red Hat Enterprise Linux - icehouse verify connectivity. The router gets created on the network node but isn't able to ping anything outside of that network node. I have 3 servers

  • Controller
    • eth0 -> server IP (external)
    • eth1 -> management network
  • Network node
    • br-ex -> server IP (external)
      • eth0 -> ovs port on external network
    • eth1 -> manament network
    • eth2 -> data (instance tunnels)
  • Compute node
    • eth0 -> server IP (external)
    • eth1 -> managment network
    • eth2 -> data (instance tunnels)

I've moved the eth0 IP to the br-ex bridge and the neutron router gets created but it can only ping the IP of the network node and nothing outside that node. It seems like the OVS bridge isn't passing the traffic to the physical NIC.

29a81188-a1f3-459f-b1ee-c6a913d40b03
    Bridge br-int
        Port br-int
            Interface br-int
                type: internal
        Port "tapfe3920f7-b6"
            tag: 1
            Interface "tapfe3920f7-b6"
                type: internal
        Port "qr-f9fb9aef-90"
            tag: 1
            Interface "qr-f9fb9aef-90"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
    Bridge br-tun
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-c0a8010f"
            Interface "vxlan-c0a8010f"
                type: vxlan
                options: {in_key=flow, local_ip="192.168.1.13", out_key=flow, remote_ip="192.168.1.15"}
        Port "vxlan-c0a80110"
            Interface "vxlan-c0a80110"
                type: vxlan
                options: {in_key=flow, local_ip="192.168.1.13", out_key=flow, remote_ip="192.168.1.16"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "qg-32881dcd-45"
            Interface "qg-32881dcd-45"
                type: internal
        Port "eth0"
            Interface "eth0"
    ovs_version: "1.11.0"

Here is what is in my /etc/neutron directory

# cd /etc/neutron/; ll
total 60
-rw-r-----. 1 root neutron  3634 Oct 14 14:18 dhcp_agent.ini
-rw-r-----. 1 root neutron   109 Jun  7 17:38 fwaas_driver.ini
-rw-r-----. 1 root neutron  3231 Oct 14 15:47 l3_agent.ini
-rw-r-----. 1 root neutron  1400 Jun  7 17:38 lbaas_agent.ini
-rw-r-----. 1 root neutron  1400 Oct 14 15:46 metadata_agent.ini
-rw-r-----. 1 root neutron 18359 Oct 14 15:12 neutron.conf
lrwxrwxrwx. 1 root neutron    24 Oct 14 15:47 plugin.ini -> plugins/ml2/ml2_conf.ini
drwxr-xr-x. 4 root neutron  4096 Oct 14 13:53 plugins
-rw-r-----. 1 root neutron  6148 Jun  7 17:38 policy.json
-rw-r--r--. 1 root neutron    78 Jun 13 07:41 release
-rw-r--r--. 1 root neutron  1216 Jun  7 17:38 rootwrap.conf

and my /etc/neutron/plugin.ini

# egrep -v "^[[:space:]]*$|^#" /etc/neutron/plugin.ini
[ml2]
type_drivers = vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch
[ml2_type_flat]
[ml2_type_vlan]
[ml2_type_gre]
[ml2_type_vxlan]
vni_ranges = 10:2000
vxlan_group = 239.1.1.2
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True
[OVS]
local_ip = 192.168.1.13
enable_tunneling = True
tunnel_bridge = br-tun
integration_bridge = br-int
[agent]
polling_interval = 2 ...
(more)
edit retag flag offensive close merge delete

Comments

Regarding /etc/neutron/plugin.ini && ovs-vsctl show you may view http://bderzhavets.blogspot.com/2014/... . Your ML2&OVS&VXLAN setup doesn't look good for me.

dbaxps gravatar imagedbaxps ( 2014-10-20 11:56:44 -0500 )edit

Just one link
lrwxrwxrwx. 1 root root 37 Jul 29 16:14 plugin.ini -> /etc/neutron/plugins/ml2/ml2_conf.ini
with correct ml2_conf.ini is required. ovs-vsctl show doesn't show br-int && br-tun && vxlan tunnel

dbaxps gravatar imagedbaxps ( 2014-10-20 12:04:56 -0500 )edit

I looked at that link and made some slight modifications but have the same results (also modified my post with those changes). Also I only showed the br-ex from ovs-vsctl show because I'm focused on why the router isn't able to ping anything on that network outside of the network node.

Jet gravatar imageJet ( 2014-10-20 12:25:26 -0500 )edit

could this be because it is running on VMware VMs?

Jet gravatar imageJet ( 2014-10-22 14:06:07 -0500 )edit

No, I don't think so.

dbaxps gravatar imagedbaxps ( 2014-10-22 17:21:03 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
1

answered 2014-10-23 10:44:45 -0500

Jet gravatar image

ok I merged the /etc/neutron/plungins/openvswitch/ovs_neutron_plugin.ini into the /etc/neutron/plugin.ini that is a soft link and also fixed up the /etc/init.d/neutron-openvswitch-agent script. I restarted everything but still qrouter isn't able to ping anything on the external network.

edit flag offensive delete link more
0

answered 2014-10-23 09:57:13 -0500

dbaxps gravatar image

updated 2014-10-23 10:37:20 -0500

Forced to use answer field due to formatting leak in comments:- Files above /etc/neutron/plugin.ini && /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini are not configured properly.

1. /etc/neutron/plugin.ini should be soft link to /etc/neutron/plugins/ml2/ml2_conf.ini
lrwxrwxrwx. 1 root root       37 Jul 29 16:14 plugin.ini -> /etc/neutron/plugins/ml2/ml2_conf.ini 


[root@icehouse1 ~(keystone_admin)]# cat /etc/neutron/plugin.ini
[ml2]
type_drivers = vxlan
tenant_network_types = vxlan
mechanism_drivers =openvswitch
[ml2_type_flat]
[ml2_type_vlan]
[ml2_type_gre]
[ml2_type_vxlan]
vni_ranges =1001:2000
vxlan_group =239.1.1.2
[OVS]
local_ip=192.168.0.127
enable_tunneling=True
integration_bridge=br-int
tunnel_bridge=br-tun
[securitygroup]
enable_security_group = True
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[agent]
polling_interval=2

Directory /etc/neutron ( network node )

[root@icehouse1 neutron(keystone_admin)]# ls -l
total 88
-rw-r--r--. 1 root root      193 Oct  6 16:22 api-paste.ini
-rw-r-----. 1 root neutron  3853 Oct  6 16:21 dhcp_agent.ini
-rw-r-----. 1 root neutron   208 Oct  6 16:22 fwaas_driver.ini
-rw-r-----. 1 root neutron  3431 Oct  6 16:21 l3_agent.ini
-rw-r-----. 1 root neutron  1400 Oct  3 03:25 lbaas_agent.ini
-rw-r-----. 1 root neutron  1863 Oct  6 16:22 metadata_agent.ini
-rw-r-----. 1 root neutron 19187 Oct  6 16:22 neutron.conf
-rw-r-----. 1 root neutron 17512 Oct  3 16:04 neutron.conf.rpmnew
lrwxrwxrwx. 1 root root       37 Oct  6 16:39 plugin.ini -> /etc/neutron/plugins/ml2/ml2_conf.ini
-rw-r--r--. 1 root root      452 Oct  6 16:37 plugin.orig
drwxr-xr-x. 4 root root       34 Oct  3 16:04 plugins
-rw-r-----. 1 root neutron  5858 Oct  3 03:25 policy.json
-rw-r--r--. 1 root root       85 Oct  3 16:04 release
-rw-r--r--. 1 root root     1216 Oct  3 03:25 rootwrap.conf

2.Routing table clearly shows that that access to metadata has not been properly built . Sample

 [root@icehouse1 nova(keystone_admin)]# route -n

    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 br-ex
    169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 enp2s0
    169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 enp5s1
    169.254.0.0     0.0.0.0         255.255.0.0     U     1019   0        0 br-ex
    192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 enp5s1
    192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-ex
    192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
edit flag offensive delete link more

Comments

ok I'm confused because my configs are basically the same as you have listed excpet for /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini didn't have enable_security_group = True. I've made them the same as what you list and restarted everything but still have the issue.

Jet gravatar imageJet ( 2014-10-23 10:14:50 -0500 )edit

Also the issue is that the qrouter isn't able to ping anything on the network. So the metadata may also be an issue but it would seem that is different then the issue of not being able to ping the physical gateway from the qrouter.

Jet gravatar imageJet ( 2014-10-23 10:16:35 -0500 )edit

My config doesn't have file /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini it has /etc/neutron/plugins/ml2/ml2_conf.ini. /etc/neutron/plugin.ini is solft link to /etc/neutron/plugins/ml2/ml2_conf.ini

dbaxps gravatar imagedbaxps ( 2014-10-23 10:35:20 -0500 )edit

Yes, metadata access is a different issue

dbaxps gravatar imagedbaxps ( 2014-10-23 10:40:49 -0500 )edit

Please update question with output

# cd /etc/neutron 
# ls -l
dbaxps gravatar imagedbaxps ( 2014-10-23 10:50:33 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2014-10-20 11:27:24 -0500

Seen: 761 times

Last updated: Oct 23 '14