Ask Your Question
1

Openstack - Xenserver 6.5 - Network Legacy - Flat DHCP- Not Working

asked 2015-03-05 14:12:40 -0500

Nereo gravatar image

updated 2015-09-03 10:42:06 -0500

Hello, I'm setting up OpenStack Juno, Xenserver and Ubuntu 14.04, I have two xenserver:

  • xen01 ( 3 network cards eth0->xenbr0-> public network/management, eth1 -> xenbr1->storage, eth2-xenbr2->private tenant)
  • xen02( 3 network cards eth0->xenbr0-> public network/management, eth1 -> xenbr1->storage, eth2-xenbr2->private tenant)

Each xenserver have installed an Ubuntu 14.04 running nova-compute, nova-metadata and nova-network, the names of the servers are:

  • xen01-agent, it has 3 network cards: eth0 -> xen01:xenbr0, eth1 -> xen01:xenbr1 and eth2 -> xen01:xenbr2
  • xen02-agent, it has 3 network cards: eth0 -> xen02:xenbr0, eth1 -> xen02:xenbr1 and eth2 -> xen02:xenbr2

I have configured promiscuous mode using ip link set promisc on and also I have followed the guide http://support.citrix.com/article/CTX... to configure it on xenserver.

xen01 is connected to xen02 using switch.

The nova configuration for each agent is:

/etc/nova/nova.conf

[DEFAULT]
verbose = True
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=False
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
enabled_apis=ec2,osapi_compute,metadata
rpc_backend = rabbit
rabbit_host = stprod-openstack
rabbit_password = <pass>
auth_strategy = keystone
my_ip = <IP>
network_api_class = nova.network.api.API
security_group_api = nova
firewall_driver = nova.virt.firewall.NoopFirewallDriver
network_manager = nova.network.manager.FlatDHCPManager
network_size = 254
fixed_range=172.24.17.0/24
floating_range=10.40.41.0/24
default_floating_pool = nova
auto_assign_floating_ip = True
allow_same_net_traffic = True
multi_host = True
send_arp_for_ha = True
share_dhcp_address = True
force_dhcp_release = True
flat_network_bridge = xenbr2
flat_interface = eth4
public_interface = eth0

vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 10.40.40.9
vncproxy_url = http://10.40.40.20:6080
novncproxy_base_url=http://10.40.40.20:6080/vnc_auto.html


[keystone_authtoken]
auth_uri = http://<name of controller>:5000/v2.0
identity_uri = http://<name of controller>:35357
admin_tenant_name = service
admin_user = nova
admin_password = <pass>
[glance]
host = <name of controller>

/etc/nova/nova-compute.conf

[DEFAULT]
debug=true
compute_driver = xenapi.XenAPIDriver
[xenserver]
connection_url = http://<ip>
connection_username = root
connection_password = <pass>
login_timeout = 60

All the services start without errors, I can boot instances in both xen01 and xen02, right now I have two instances one in each xenserver:

  • instance0000000b it is located in xen01 and it get the IP by DHCP and the configured IP is 172.24.17.8
  • instance0000005 it is located in xen02 and it get the IP by DHCP and the configured IP is 172.24.1.17.2

If I get a vnc console and login using my browser I can ping instance0000000b from instance0000005 and also I can ping instance0000005 from instance0000005

The output of "ip a" for the bridge xenbr2 in xen01-agent is:

xenbr2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 5e:2c:db:a9:97:41 brd ff:ff:ff:ff:ff:ff
    inet 172.24.17.1/24 brd 172.24.17.255 scope global xenbr2
       valid_lft forever preferred_lft forever
    inet6 fe80::fccc:35ff:fe79:4277/64 scope link 
       valid_lft forever preferred_lft forever

and the output output of "ip a" for the bridge xenbr2 in xen02-agent is:

xenbr2 ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-03-13 17:01:53 -0500

Nereo gravatar image

Hello, I found a work around, after take a look on the file /usr/lib/python2.7/dist-packages/nova/network/linux_net.py I found something call ebtables ( sorry this is new for me), after research how to use it, I realize it is similar to iptables, when I run ebtables --list on the nova-network, I got this output: root@openstack-nova-agent:~# ebtables --list Bridge table: filter

Bridge chain: INPUT, entries: 1, policy: ACCEPT -p ARP -i eth2 --arp-ip-dst 10.0.0.100 -j DROP

Bridge chain: FORWARD, entries: 2, policy: ACCEPT -p IPv4 -o eth2 --ip-proto udp --ip-dport 67:68 -j DROP -p IPv4 -i eth2 --ip-proto udp --ip-dport 67:68 -j DROP

Bridge chain: OUTPUT, entries: 1, policy: ACCEPT -p ARP -o eth2 --arp-ip-src 10.0.0.100 -j DROP

So, I just run ebtables --flush and everything started to work fine. I'm going to continue my research about this problem. Any help will be appreciated.

edit flag offensive delete link more

Comments

exactly what i needed, but every time an instance is created drop rules are automatically added

BuildGuru gravatar imageBuildGuru ( 2015-09-02 15:38:43 -0500 )edit

Hello, Check my question I added a comment with a solution at the end it says UPDATE

Nereo gravatar imageNereo ( 2015-09-03 10:43:18 -0500 )edit

The issue is that you are using Nova Network Legacy + --share-address T this means every compute node is going to have the same IP for DHCP Server and default gateway, to ensure this it uses ebtables to block ARP and avoid IP conflict but this affects the routing.

Nereo gravatar imageNereo ( 2015-09-03 10:55:49 -0500 )edit

You did an awesome job with the network setup there. But it should be not be necessary though. My work around is a deamon that keeps flushing ebtables. I am raising a bug in LaunchPad and will post the link here

BuildGuru gravatar imageBuildGuru ( 2015-09-03 16:06:19 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-03-05 14:12:40 -0500

Seen: 577 times

Last updated: Sep 03 '15