Ask Your Question
0

juno 3 node configuration external network not working

asked 2014-12-03 15:20:43 -0500

Mirco gravatar image

updated 2014-12-03 15:34:58 -0500

dbaxps gravatar image

Hi, I have installed an ubuntu juno version with three separate node configuration, controller, network, compute1 Everything is working but the external network. everything seems ok, i can add the floating ip to the server (Cirros) and from inside the server I can ping the floating ip assigned. I cannot ping any external ip from the server and I cannot ping of course the ip of the server from outside. It looks like a routing problem,

From the definition I have assigned a router to the subnet (gw 10.60.1.1 from 10.60.85.100 to 10.60.85.110 mask 10.60.0.0/16) but looking from the dashboard I see that the network:router_gateway is assigned to the first ip of the range of the floating ips.

I have tried to redefine several times with different configuration but nothing seems to work I have reviews also all the settings.

From the network node I can see:

root@network:~# ip netns exec qrouter-c301e1b2-f985-43fd-a6a8-0fbf7c221ecd ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
16: qr-8c36733f-27: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/ether fa:16:3e:02:e7:85 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global qr-8c36733f-27
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe02:e785/64 scope link
       valid_lft forever preferred_lft forever
21: qg-02d1751e-37: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/ether fa:16:3e:2b:90:87 brd ff:ff:ff:ff:ff:ff
    inet 10.60.85.100/16 brd 10.60.255.255 scope global qg-02d1751e-37
       valid_lft forever preferred_lft forever
    inet 10.60.85.101/32 brd 10.60.85.101 scope global qg-02d1751e-37
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe2b:9087/64 scope link
       valid_lft forever preferred_lft forever
root@network:~# ip netns exec qrouter-c301e1b2-f985-43fd-a6a8-0fbf7c221ecd ip route
default via 10.60.1.1 dev qg-02d1751e-37
10.60.0.0/16 dev qg-02d1751e-37  proto kernel  scope link  src 10.60.85.100
192.168.1.0/24 dev qr-8c36733f-27  proto kernel  scope link  src 192.168.1.1
root@network:~#

root@network:~# ip netns exec qrouter-c301e1b2-f985-43fd-a6a8-0fbf7c221ecd iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
neutron-l3-agent-PREROUTING  all  --  anywhere             anywhere

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
neutron-l3-agent-OUTPUT  all  --  anywhere             anywhere

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
neutron-l3-agent-POSTROUTING  all  --  anywhere             anywhere
neutron-postrouting-bottom  all  --  anywhere             anywhere

Chain neutron-l3-agent-OUTPUT (1 references)
target     prot opt source               destination
DNAT       all  --  anywhere             10.60.85.101         to:192.168.1.5

Chain neutron-l3-agent-POSTROUTING (1 references)
target     prot opt source               destination
ACCEPT     all ...
(more)
edit retag flag offensive close merge delete

Comments

Please, add to question :-

$ ovs-vsctl show
$ ifconfig
$ route -n

on Network Node

dbaxps gravatar imagedbaxps ( 2014-12-03 15:30:11 -0500 )edit

Please, format the text ( fourth button with numbers ). Your posting is very hard to read and understand, when you just paste text.

dbaxps gravatar imagedbaxps ( 2014-12-03 15:37:25 -0500 )edit

edited as suggested

Mirco gravatar imageMirco ( 2014-12-03 16:43:51 -0500 )edit

I have changed the network configuration and layout, reboot all the nodes but without any different results

Mirco gravatar imageMirco ( 2014-12-03 23:58:04 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
1

answered 2014-12-03 16:26:15 -0500

Mirco gravatar image

updated 2014-12-04 14:23:15 -0500

 root@controller:~# ps -ef | grep 1339
    nova      1339     1  0 06:41 ?        00:04:59 /usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf
    nova      2077  1339  0 06:41 ?        00:00:00 /usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf
    nova      2078  1339  0 06:41 ?        00:00:00 /usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf
    nova      2080  1339  0 06:41 ?        00:00:00 /usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf
    nova      2082  1339  0 06:41 ?        00:00:00 /usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf
    nova      2166  1339  0 06:41 ?        00:00:05 /usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf
    nova      2171  1339  0 06:41 ?        00:00:06 /usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf
    nova      2173  1339  0 06:41 ?        00:00:05 /usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf
    nova      2177  1339  0 06:41 ?        00:00:06 /usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf
    nova      2219  1339  0 06:41 ?        00:00:00 /usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf
    nova      2220  1339  0 06:41 ?        00:00:00 /usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf
    nova      2221  1339  0 06:41 ?        00:00:00 /usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf
    nova      2222  1339  0 06:41 ?        00:00:00 /usr/bin/python /usr/bin/nova-api --config-file=/etc/nova/nova.conf
    root     13981  3019  0 21:16 pts/1    00:00:00 grep --color=auto 1339



# The primary network interface
auto eth0
iface eth0 inet manual
  up ip link set dev $IFACE up
  up ifconfig $IFACE promisc
  down ip link set dev $IFACE down

root@controller:~# netstat -lntp | grep 8775
tcp        0      0 0.0.0.0:8775            0.0.0.0:*               LISTEN      1339/python

root@controller:~# neutron agent-list
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+
| id                                   | agent_type         | host     | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+
| 32f58296-5128-48e4-876e-3a847b5a27ba | Open vSwitch agent | network  | :-)   | True           | neutron-openvswitch-agent |
| 3a0b1f9a-6f09-49fc-a97d-dbae05c04666 | L3 agent           | network  | :-)   | True           | neutron-l3-agent          |
| b4e2d31a-1e2d-41f6-b3f9-3c7ad4d7c67b | Metadata agent     | network  | :-)   | True           | neutron-metadata-agent    |
| cc0599a0-27ad-4364-909e-f9a17ba0c269 | DHCP agent         | network  | :-)   | True           | neutron-dhcp-agent        |
| e540cfdb-a237-4594-abc7-1c130a56926b | Open vSwitch agent | compute1 | :-)   | True           | neutron-openvswitch-agent |
+--------------------------------------+--------------------+----------+-------+----------------+---------------------------+

root@network:~# ps -ef | grep 2685
root      2685     1  0 06:45 ?        00:00:00 /usr/bin/python /usr/bin/neutron-ns-metadata-proxy --pid_file=/var/lib/neutron/external/pids/c301e1b2-f985-43fd-a6a8-0fbf7c221ecd.pid --metadata_proxy_socket=/var/lib/neutron/metadata_proxy --router_id=c301e1b2-f985-43fd-a6a8-0fbf7c221ecd --state_path=/var/lib/neutron --metadata_port=9697 --debug --verbose --log-file=neutron-ns-metadata-proxy-c301e1b2-f985-43fd-a6a8-0fbf7c221ecd.log --log-dir=/var/log/neutron
root     18821  3260  0 09:39 pts/1    00:00:00 grep --color=auto 2685
root@network:~# ip netns exec qrouter-c301e1b2-f985-43fd-a6a8-0fbf7c221ecd iptables  -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-OUTPUT -d 10.60.85.101/32 -j DNAT --to-destination 192 ...
(more)
edit flag offensive delete link more

Comments

I would expect br-ex as OVS bridge to have an IP on external subnet.Please, run:

$  netstat -lntp | grep 8775
$  ip netns exec qrouter-c301e1b2-f985-43fd-a6a8-0fbf7c221ecd netstat -antp
$  neutron router-list
$  neutron router-port-list your-router-name

Post as UPDATE2

dbaxps gravatar imagedbaxps ( 2014-12-04 00:14:05 -0500 )edit

Updated at the top. what is strange to me i that adding the subnet to the router it get as gateway 10.60.85.100 that is the first free ip of the range, I have set 10.60.1.1 as gateway as you can see from the last command. Thanks a lot for your help

Mirco gravatar imageMirco ( 2014-12-04 01:42:30 -0500 )edit

Once again br-ex as OVS external bridge bridge should have IP, which had it's OVS port eth0.
Please rerun on Controller :-

netstat -lntp | grep 8775

On Network node :

ps -ef | grep 2685
dbaxps gravatar imagedbaxps ( 2014-12-04 02:10:14 -0500 )edit

Please run on Network node :

ip netns exec qrouter-c301e1b2-f985-43fd-a6a8-0fbf7c221ecd iptables  -S -t nat
dbaxps gravatar imagedbaxps ( 2014-12-04 02:12:37 -0500 )edit

Please run on Conroller as admin:

$ neutron agent-list
dbaxps gravatar imagedbaxps ( 2014-12-04 02:13:52 -0500 )edit
0

answered 2014-12-13 13:01:22 -0500

Tung Nguyen gravatar image

updated 2014-12-13 13:02:23 -0500

Hi All,

I have same problem. my ifconfig here:

[root@network ~]# ifconfig
br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.21  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::250:56ff:fe96:4220  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:96:42:20  txqueuelen 0  (Ethernet)
        RX packets 11060  bytes 1673429 (1.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 25  bytes 3834 (3.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.10.21  netmask 255.255.255.0  broadcast 10.10.10.255
        inet6 fe80::250:56ff:fe96:18df  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:96:18:df  txqueuelen 1000  (Ethernet)
        RX packets 13267  bytes 1305549 (1.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6891  bytes 1412079 (1.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.11.21  netmask 255.255.255.0  broadcast 10.10.11.255
        inet6 fe80::250:56ff:fe96:5bdd  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:96:5b:dd  txqueuelen 1000  (Ethernet)
        RX packets 8470  bytes 864066 (843.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 31  bytes 4520 (4.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth2: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet6 fe80::250:56ff:fe96:4220  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:96:42:20  txqueuelen 1000  (Ethernet)
        RX packets 13657  bytes 1863793 (1.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 95  bytes 6620 (6.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
edit flag offensive delete link more

Comments

Please, add to your post ovs-vsctl show on Network Node.

dbaxps gravatar imagedbaxps ( 2014-12-14 00:12:17 -0500 )edit

@Tung Nguyen , please, post a separate question, not answer-comment to already existing.

dbaxps gravatar imagedbaxps ( 2014-12-14 00:14:44 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-12-03 15:08:07 -0500

Seen: 829 times

Last updated: Dec 13 '14