Ask Your Question
1

neutron public subnet wrong IP

asked 2014-11-20 03:55:07 -0500

neel-basu-z gravatar image

updated 2014-11-26 04:48:17 -0500

My external IP address is 172.16.21.11 with CIDR /23 with gateway 172.16.20.1. This is my actual network configuration as in ifcfg-em1. I've installed Openstack with RDO on Fedora 20. After Installation

# neutron router-list
+--------------------------------------+---------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| id                                   | name    | external_gateway_info                                                                                                                                                                    | distributed | ha    |
+--------------------------------------+---------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| 168fe615-95ea-4c72-824d-03a1b44921df | router1 | {"network_id": "d58bc7d6-3353-486e-af61-2179df64beb7", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "326cb3d9-936d-49a4-bf0a-506cfd006b14", "ip_address": "172.24.4.226"}]} | False       | False |
+--------------------------------------+---------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+

[root@localhost hcuser(keystone_admin)]# neutron subnet-list
+--------------------------------------+----------------+-----------------+--------------------------------------------------+
| id                                   | name           | cidr            | allocation_pools                                 |
+--------------------------------------+----------------+-----------------+--------------------------------------------------+
| d8601bb2-a0e5-43d7-b17c-1b9232a20ca5 | private_subnet | 10.0.0.0/24     | {"start": "10.0.0.2", "end": "10.0.0.254"}       |
| 326cb3d9-936d-49a4-bf0a-506cfd006b14 | public_subnet  | 172.24.4.224/28 | {"start": "172.24.4.226", "end": "172.24.4.238"} |
+--------------------------------------+----------------+-----------------+--------------------------------------------------+

I see in both places 172.24.4.X series is being used.

  1. From where this IP is comming ?
  2. As it says public. Is it supposed to be replaced by something on 172.16.21.11/23 ?
  3. How Can I fix it ?

-- EDIT --

After changing my subnet to 172.16.20.0/23

[root@localhost ~(keystone_admin)]# neutron router-list
+--------------------------------------+---------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| id | name | external_gateway_info | distributed | ha |
+--------------------------------------+---------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| 168fe615-95ea-4c72-824d-03a1b44921df | router1 | {"network_id": "fe3a3489-9114-4fb0-9a81-b12e125d4204", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "6b0599d5-5407-440d-89f8-51ca2daa6fff", "ip_address": "172.16.21.21"}]} | False | False |
+--------------------------------------+---------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+


[root@localhost ~(keystone_admin)]# neutron net-list
+--------------------------------------+---------+-----------------------------------------------------+
| id | name | subnets |
+--------------------------------------+---------+-----------------------------------------------------+
| 852f04cb-b478-4b08-ba25-77991a118497 | private | d8601bb2-a0e5-43d7-b17c-1b9232a20ca5 10.0.0.0/24 |
| fe3a3489-9114-4fb0-9a81-b12e125d4204 | public | 6b0599d5-5407-440d-89f8-51ca2daa6fff 172.16.20.0/23 |
+--------------------------------------+---------+-----------------------------------------------------+

[root@localhost ~(keystone_admin)]# neutron subnet-list
+--------------------------------------+----------------+----------------+---------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+----------------+----------------+---------------------------------------------------+
| d8601bb2-a0e5-43d7-b17c-1b9232a20ca5 | private_subnet | 10.0.0.0/24 | {"start": "10.0.0.2", "end": "10.0.0.254"} |
| 6b0599d5-5407-440d-89f8-51ca2daa6fff | public_subnet | 172.16.20.0/23 | {"start": "172.16.21.21", "end": "172.16.21.171"} |
+--------------------------------------+----------------+----------------+---------------------------------------------------+

But I cannot ping dhcp namespace from router namespace and vice verse

-- ping status from dhcp to router

[hcuser@localhost ~]$ sudo ip netns exec qdhcp-852f04cb-b478-4b08-ba25-77991a118497 ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
From 10.0.0.2 icmp_seq=1 Destination Host Unreachable
^C
--- 10.0.0.1 ping statistics ---
6 packets transmitted, 0 received, +5 errors, 100% packet loss, time 5001ms
pipe 4
[hcuser@localhost ~]$ sudo ip netns exec qdhcp-852f04cb-b478-4b08-ba25-77991a118497 ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.027 ms
^C
--- 10.0.0.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.027/0.027/0.028/0.005 ms

-- ping status from router to dhcp

[hcuser@localhost ~]$ sudo ip netns exec qdhcp-852f04cb-b478-4b08-ba25-77991a118497 ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
From 10.0.0.2 icmp_seq=1 Destination Host Unreachable
^C
--- 10.0.0.1 ping statistics ---
6 packets transmitted, 0 received, +5 errors, 100% packet loss, time 5001ms
pipe 4
[hcuser@localhost ~]$ sudo ip netns exec qdhcp-852f04cb-b478-4b08-ba25-77991a118497 ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0 ...
(more)
edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
2

answered 2014-11-20 05:25:38 -0500

dbaxps gravatar image

updated 2014-11-24 03:42:20 -0500

UPDATE as of 11/24/2014
VLAN tag 4095 has special meaning that the port is "dead"
From your ovs-vsctl show report

[hcuser@localhost ~]$ sudo ovs-vsctl show
62c30134-97e2-4723-b42c-9474eb333885
    Bridge br-int
        fail_mode: secure
        Port "tap231aae57-ee"
            tag: 1
            Interface "tap231aae57-ee"
        Port "tap0b36c82a-61"
            tag: 4095
            Interface "tap0b36c82a-61"

The last interface corresponds your private demo network

Via dashboard :-
Please create new demo_private1 network ( say 20.0.0.0/24), new router router2
Create interface to demo_private1 network at router2. 
Create gateway to public at router2.
Repost new `ovs-vsctl` show. 
If you will  still   experience problems please open new question

I would remove public_subnet and public network created by Neutron. Just clean up gateway to public in demo login. Then create new public network via admin account matching exactly your real network 172.16.20.0/23 with gateway matching real gateway 172.16.20.1 and with big enough allocation pool
New public network should have shared status if belongs admin tenant either belong tenant services.
Via CLI remove old public :

source keystonerc_demo
neutron router-gateway-clear router1
source keystonerc_admin
neutron subnet-delete public_subnet
neutron net-delete public

Create new public matching real

# source keystonerc_admin
# neutron net-create public --router:external=True  --shared
# neutron subnet-create public 172.16.20.0/23 --name sub_public --enable_dhcp False \
   --allocation_pool start=172.16.20.50,end=172.16.21.150  \
   --gateway 172.16.20.1

Relogin to demo and make router to have gateway to new public network.
Then make em1 OVS port of OVS bridge br-ex. Like this :-

[root@juno1 network-scripts(keystone_admin)]# cat ifcfg-br-ex
DEVICE="br-ex"
BOOTPROTO="static"
IPADDR="172.16.21.11"
NETMASK="255.255.254.0"
BROADCAST="172.16.21.255"
DNS1="8.8.8.8"
GATEWAY="172.16.20.1"
NM_CONTROLLED="no"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="yes"
IPV6INIT=no
ONBOOT="yes"
TYPE="OVSIntPort"
OVS_BRIDGE=br-ex
DEVICETYPE="ovs"

[root@juno1 network-scripts(keystone_admin)]# cat ifcfg-em1
DEVICE="em1"
# HWADDR=00:22:15:63:E4:E2
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE=br-ex
NM_CONTROLLED=no
IPV6INIT=no

Disable && Stop NetworkManager, enable service network && restart it.

edit flag offensive delete link more

Comments

NetworkManager is already disabled. I don't see any file named /etc/sysconfig/network-scripts/ifcfg-br-ex

neel-basu-z gravatar imageneel-basu-z ( 2014-11-20 05:31:21 -0500 )edit

Create it with vi.

dbaxps gravatar imagedbaxps ( 2014-11-20 05:34:31 -0500 )edit

can you show the commands to do the things you mentioned in your answer ?

neel-basu-z gravatar imageneel-basu-z ( 2014-11-20 05:51:39 -0500 )edit

I am trying to delete public_subnet but getting error

[root@localhost network-scripts(keystone_admin)]# neutron subnet-delete public_subnet
Conflict (HTTP 409) (Request-ID: req-50fae3c5-94cf-469d-8716-902a84597665)
neel-basu-z gravatar imageneel-basu-z ( 2014-11-20 05:55:01 -0500 )edit

First login to demo. There is router1. Clean it's external gateway via GUI. Then you will be able remove existing public_subnet, public net.

dbaxps gravatar imagedbaxps ( 2014-11-20 06:03:41 -0500 )edit
0

answered 2014-11-20 04:31:31 -0500

Charles Benon gravatar image

updated 2014-11-20 04:48:22 -0500

Could you make sure you associated both of the network to your router (one for the internal, the other for the external defined as gateway)?

For example:
http://docs.openstack.org/icehouse/in...
neutron router-interface-add demo-router demo-subnet (10.0.0.0/24 for you)
neutron router-gateway-set demo-router ext-net (172.24.4.224/28 for you - I would say it is done for you already)

If yes, from Horizon (or CLI if you are more comfortable - http://docs.openstack.org/admin-guide... ), you need to associate a floating IP (which will be allocated from your public pool) to your VM interface (using an IP into 10.0.0.0/24)

If you think everything is already setup on your environment, could you provide:
neutron floatingip-list

edit flag offensive delete link more

Comments

I am not experienced with openstack or neutron. and I cant understand your questions. Do you mean this 172.24.4.x is correct ?

Could you make sure you associated both of the network to your router (one for the internal, the other for the external defined as gateway)?

How Can I do that ?

neel-basu-z gravatar imageneel-basu-z ( 2014-11-20 04:40:44 -0500 )edit

Replace demo-router by router1, demo-subnet by private_subnet and ext-net by public_subnet.
For your public subnet, it depends of your environment (it has to match one of your subnet on the existing network or being routable from it).
Does it make sense ?

Charles Benon gravatar imageCharles Benon ( 2014-11-20 04:45:42 -0500 )edit

I've one NIC. and I am connecting to outside world with my IP 172.16.21.11/23 through gateway 172.16.20.1. There is no 172.24.x.x in my Lab. and anything other than 172.16.20.x and 172.16.21 is not managed by my physical infrastructure. But My public_subnet in neutron is 172.24.4.x is that correct ?

neel-basu-z gravatar imageneel-basu-z ( 2014-11-20 04:50:50 -0500 )edit

I expected/assumed the public_subnet and the router1 in neutron must be same as my physical network infrastructure (172.16.21.x in my case). Is my assumption correct ? or neutron creates its own subnet called public that has no relation with my physical network ? which one is correct ?

neel-basu-z gravatar imageneel-basu-z ( 2014-11-20 04:55:21 -0500 )edit

neutron floatingip-list returns nothing

neel-basu-z gravatar imageneel-basu-z ( 2014-11-20 04:58:10 -0500 )edit
0

answered 2014-11-20 10:03:27 -0500

samfrid gravatar image

RDO link providing an answer https://openstack.redhat.com/Neutron_...

NOTE: It is important to do the network restart before setting up the router gateway below, because a network restart takes destroys and recreates br-ex which causes the router's interface in the qrouter-* netns to be deleted, and it won't be recreated without clearing and re-setting the gateway.

# . keystonerc_admin
# neutron router-gateway-clear router1
# neutron subnet-delete public_subnet

You need to recreate the public subnet with an allocation range outside of your external DHCP range and set the gateway to the default gateway of the external network.

# neutron subnet-create --name public_subnet --enable_dhcp=False --allocation-pool=start=192.168.122.10,end=192.168.122.20 --gateway=192.168.122.1 public 192.168.122.0/24
# neutron router-gateway-set router1 public
edit flag offensive delete link more

Comments

I've recreated network, router and subnets. Please check the additional outputs on https://gist.github.com/anonymous/67d... . Now I see some ARP traffic on tcpdump. But still I cant ping the network on qdhcp namsespace from qrouter namespace and vice verse

neel-basu-z gravatar imageneel-basu-z ( 2014-11-21 04:14:16 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-11-20 03:55:07 -0500

Seen: 4,761 times

Last updated: Nov 26 '14