Ask Your Question
3

Neutron: Linux Bridge and VLANs

asked 2015-01-30 07:22:35 -0500

mathias gravatar image

updated 2015-01-30 11:57:32 -0500

Hi, I am trying to set up Neutron with Linux Bridges and VLANs for segmentation. It is all running in the same box, so all files are valid for all neutron services. Here my configuration:

/etc/neutron/neutron.conf

[DEFAULT]
verbose = True
debug = True
lock_path = $state_path/lock
bind_host = 0.0.0.0
bind_port = 9696
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
allow_overlapping_ips = False
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://127.0.0.1:8774/v2
nova_region_name = regionOne
nova_admin_username = nova
nova_admin_tenant_id = a59b52e659aa482b92eb74e95394a1 a59b52e659aa482b92eb74e95394a17aa
nova_admin_password = OpenStack123
rabbit_host=localhost
rabbit_port=5672
rabbit_userid=openstack
rabbit_password=OpenStack123
[matchmaker_redis]
[matchmaker_ring]
[quotas]
[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
[keystone_authtoken]
auth_host = 127.0.0.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = OpenStack123
[database]
connection = mysql://neutron:OpenStack123@127.0.0.1/neutron
[service_providers]
service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default

/etc/neutron/l3_agent.ini

[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
use_namespaces = True 
external_network_bridge =

/etc/neutron/dhcp_agent.ini

[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True

/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan
tenant_network_types = vlan
mechanism_drivers = linuxbridge
[ml2_type_flat]
flat_networks = physnet1
[ml2_type_vlan]
network_vlan_ranges = physnet1,physnet2:100:200
[ml2_type_gre]
[ml2_type_vxlan]
[ovs]
[linuxbridge]
physical_interface_mapping = physnet1:eth0,physnet2:br-transport
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = False
[database]
sql_connection = mysql://neutron:OpenStack123@127.0.0.1/neutron

I create my provider network like this:

neutron net-create public01 --provider:network_type=flat --provider:physical_network=physnet1 --router:external True
neutron subnet-create --name public01_subnet --gateway 192.168.1.1 public01 192.168.1.0/24 --disable-dhcp --allocation-pool start=192.168.1.240,end=192.168.1.250

Then I create a router:

neutron router create router01

When I set the gateway for the router using

neutron router-gateway-set router01 public01

I get no explicit error message from the client, but

1) It's not working: I cannot ping the IP on the external network 2) I see some messages in the logs that caught my attention:

2015-01-30 13:31:24.840 5263 WARNING neutron.agent.securitygroups_rpc [req-ccb8c730-c3cc-4e91-a3dc-05f0a4bc672e None] Driver configuration doesn't match with enable_security_group
2015-01-30 13:31:21.672 5092 WARNING neutron.plugins.ml2.managers [req-cc768eb4-0743-4da3-98ef-63bd6e26847f None] Failed to bind port fde9b12c-1b5d-4ae1-98bb-e687faf655dd on host cloud
2015-01-30 13:31:21.694 5092 WARNING neutron.plugins.ml2.plugin [req-cc768eb4-0743-4da3-98ef-63bd6e26847f None] In _notify_port_updated(), no bound segment for port fde9b12c-1b5d-4ae1-98bb-e687faf655dd on network 3ed8024b-1649-4ed0-b931-71566ee8b3cc
2015-01-30 13:31:24.877 5092 WARNING neutron.plugins.ml2.rpc [req-ccb8c730-c3cc-4e91-a3dc-05f0a4bc672e None] Device tapfde9b12c-1b requested by agent lb00012e4dd15f on network 3ed8024b-1649-4ed0-b931-71566ee8b3cc not bound, vif_type: binding_failed

server.log: http://pastebin.com/wBYiFAbr l3_agent.log: http://pastebin.com/93fcKUtt linuxbridge_agent.log: http://pastebin.com/3D4pEUYK

Anybody knows what's wrong?

edit retag flag offensive close merge delete

Comments

hmm - there might be a bug here - I don't think it should have allowed you to create a type flat network with physnet2 as physnet2 is designated for type vlan. If you want to create a flat network you will need to use physnet1.

darragh-oreilly gravatar imagedarragh-oreilly ( 2015-01-30 10:48:02 -0500 )edit

Your right - I double checked and it must have been a copy paste mistake. The flat network is physnet1! Iam going to edit this above.

mathias gravatar imagemathias ( 2015-01-30 11:57:12 -0500 )edit

The linuxbridge agent did not pick up any interface mappings. I think you need to change [linuxbridge] to [linux_bridge] in ml2_conf.ini

darragh-oreilly gravatar imagedarragh-oreilly ( 2015-01-30 12:25:09 -0500 )edit
1

Didnt do it either. I pasted my current ml2_config.init here: http://pastebin.com/DkAuBuqY and current logs here: http://pastebin.com/VBFBBdMK

mathias gravatar imagemathias ( 2015-01-30 15:45:59 -0500 )edit

I thought some info on the systems network configuration might be of use: http://pastebin.com/CiFf4YCB

mathias gravatar imagemathias ( 2015-01-31 00:46:27 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
2

answered 2015-01-31 03:05:01 -0500

mathias gravatar image

Solution: Linux named my NIC p4p1 instead of eth0. Changed that in ml2_conf.ini and worked.

edit flag offensive delete link more
0

answered 2015-08-04 03:23:10 -0500

ainur-shakirov-tt gravatar image

Matias, thank you for linuxbridge configuration!

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-01-30 07:22:35 -0500

Seen: 4,142 times

Last updated: Jan 31 '15