Neutron: Linux Bridge and VLANs

asked 2015-01-30 07:22:35 -0500

mathias

updated 2015-01-30 11:57:32 -0500

Hi, I am trying to set up Neutron with Linux Bridges and VLANs for segmentation. It is all running in the same box, so all files are valid for all neutron services. Here my configuration:


verbose = True
debug = True
lock_path = $state_path/lock
bind_host =
bind_port = 9696
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
allow_overlapping_ips = False
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url =
nova_region_name = regionOne
nova_admin_username = nova
nova_admin_tenant_id = a59b52e659aa482b92eb74e95394a1 a59b52e659aa482b92eb74e95394a17aa
nova_admin_password = OpenStack123
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
auth_host =
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = neutron
admin_password = OpenStack123
connection = mysql://neutron:OpenStack123@


interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
use_namespaces = True 
external_network_bridge =


interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True


type_drivers = flat,vlan
tenant_network_types = vlan
mechanism_drivers = linuxbridge
flat_networks = physnet1
network_vlan_ranges = physnet1,physnet2:100:200
physical_interface_mapping = physnet1:eth0,physnet2:br-transport
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = False
sql_connection = mysql://neutron:OpenStack123@

I create my provider network like this:

neutron net-create public01 --provider:network_type=flat --provider:physical_network=physnet1 --router:external True
neutron subnet-create --name public01_subnet --gateway public01 --disable-dhcp --allocation-pool start=,end=

Then I create a router:

neutron router create router01

When I set the gateway for the router using

neutron router-gateway-set router01 public01

I get no explicit error message from the client, but

1) It's not working: I cannot ping the IP on the external network 2) I see some messages in the logs that caught my attention:

2015-01-30 13:31:24.840 5263 WARNING neutron.agent.securitygroups_rpc [req-ccb8c730-c3cc-4e91-a3dc-05f0a4bc672e None] Driver configuration doesn't match with enable_security_group
2015-01-30 13:31:21.672 5092 WARNING neutron.plugins.ml2.managers [req-cc768eb4-0743-4da3-98ef-63bd6e26847f None] Failed to bind port fde9b12c-1b5d-4ae1-98bb-e687faf655dd on host cloud
2015-01-30 13:31:21.694 5092 WARNING neutron.plugins.ml2.plugin [req-cc768eb4-0743-4da3-98ef-63bd6e26847f None] In _notify_port_updated(), no bound segment for port fde9b12c-1b5d-4ae1-98bb-e687faf655dd on network 3ed8024b-1649-4ed0-b931-71566ee8b3cc
2015-01-30 13:31:24.877 5092 WARNING neutron.plugins.ml2.rpc [req-ccb8c730-c3cc-4e91-a3dc-05f0a4bc672e None] Device tapfde9b12c-1b requested by agent lb00012e4dd15f on network 3ed8024b-1649-4ed0-b931-71566ee8b3cc not bound, vif_type: binding_failed

server.log: l3_agent.log: linuxbridge_agent.log:

Anybody knows what's wrong?

hmm - there might be a bug here - I don't think it should have allowed you to create a type flat network with physnet2 as physnet2 is designated for type vlan. If you want to create a flat network you will need to use physnet1.

darragh-oreilly ( 2015-01-30 10:48:02 -0500 )

Your right - I double checked and it must have been a copy paste mistake. The flat network is physnet1! Iam going to edit this above.

mathias ( 2015-01-30 11:57:12 -0500 )

The linuxbridge agent did not pick up any interface mappings. I think you need to change [linuxbridge] to [linux_bridge] in ml2_conf.ini

darragh-oreilly ( 2015-01-30 12:25:09 -0500 )

Didnt do it either. I pasted my current ml2_config.init here: and current logs here:

mathias ( 2015-01-30 15:45:59 -0500 )

I thought some info on the systems network configuration might be of use:

mathias ( 2015-01-31 00:46:27 -0500 )

answered 2015-01-31 03:05:01 -0500

mathias

Solution: Linux named my NIC p4p1 instead of eth0. Changed that in ml2_conf.ini and worked.

answered 2015-08-04 03:23:10 -0500

ainur-shakirov-tt

Matias, thank you for linuxbridge configuration!

