second external network doesn't work with neutron dvr! [closed]

asked 2015-04-02 06:13:47 -0600

capsali gravatar image

updated 2015-05-25 07:06:44 -0600


I have an openstack installation on 7 servers: 2 controller/network nodes in HA, 3 compute nodes and 2 storage nodes. For block and ephemeral storage i use ceph as backend.

Neutron is set up in dvr mode on computes and dvr_snat on controllers. Provider network is vlan from 100 to 199.

Let's say i have 2 external networks with the following subnets with vlan tag 100 and with vlan tag 101.

i create the first external network from dashboard under physnet1 with vlantag 100, create the subnet without dhcp. I create a router and an internal network. Associate a port to the internal network and set gateway to the external network. Everything works as expected. The gateway port ( is created on the controller that provisions snat to the vm's.

Next i boot 3 instances, one on every compute node. I associate a floating ip on the first instance, when i click add fip it gives me and i associate it to the instance.

Another port is created as network:floatingip_agent_gateway ( that i belive is the fip dvr creates for routing purposes. Add another fip gives me Associate it to the vm running on compute2, is created aswell as port network:floatingip_agent_gateway .

The same goes for compute3, as intance fip and as network:floatingip_agent_gateway . The next fips get released in order.

I create the second external network on physnet1 with vlan tag 101 and the subnet. I create another router, router2, and create a port on internal network2 and set gateway to external network2.

The gateway port gets created( and i can ping it. I create another 3 instances on every compute node. Add a fip and associate it with the first instance.

It get's associated but i dont get a network:floatingip_agent_gateway port. I can't ping it.

The error i get at l3_agent.log on the compute node is :

2015-04-02 13:54:30.913 4302 ERROR neutron.agent.linux.utils [-]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-1a4b9fb4-85bf-4788-a5db-2adbe586635e', 'ip', 'addr', 'show', 'rfp-1a4b9fb4-8']
Exit code: 1
Stdout: ''
Stderr: 'Device "rfp-1a4b9fb4-8" does not exist.\n'
2015-04-02 13:55:45.981 4302 ERROR neutron.agent.linux.utils [-]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-1a4b9fb4-85bf-4788-a5db-2adbe586635e', 'ip', 'addr', 'show', 'rfp-1a4b9fb4-8']
Exit code: 1
Stdout: ''
Stderr: 'Device "rfp-1a4b9fb4-8" does not exist.\n'
2015-04-02 13:55:47.026 4302 ERROR neutron.agent.linux.utils [-]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'qrouter-1a4b9fb4-85bf-4788-a5db-2adbe586635e', 'ip', 'addr', 'show', 'rfp-1a4b9fb4-8']
Exit code: 1
Stdout: ''
Stderr: 'Device "rfp-1a4b9fb4-8" does not exist.\n'
2015-04-02 13:56:39.011 4302 ERROR neutron.agent.linux.utils [-]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ip', 'netns', 'exec', 'fip-3cdb714e-0964-4e0b-bf4f-18822222d2b4', 'ip', '-4 ...
edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by capsali
close date 2015-05-25 07:07:08.785138

1 answer

Sort by ยป oldest newest most voted

answered 2015-04-07 08:26:25 -0600

Charles Benon gravatar image

Hi Capsali,

With Neutron (not sure for DVR), I needed to use a second l3 file:

handle_internal_only_routers = False
gateway_external_network_id = <ID>
external_network_bridge = br-mgmt

ID can be collected by neutron net-list (first column)

Command would be:

/usr/bin/python /usr/bin/neutron-l3-agent --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/l3_agent-2.ini --config-file=/etc/neutron/fwaas_driver.ini --log-file=/var/log/neutron/l3-agent.log

edit flag offensive delete link more



Since Icehouse it's possible to use a single l3_agent to manage multiple external networks.

No need for second agent. This is a DVR related issue since i had no trouble in legacy neutron.

capsali gravatar imagecapsali ( 2015-04-07 08:55:42 -0600 )edit

Good to know. Your configuration looks good, could you provide: neutron net-list; neutron subnet-list ;neutron router-port-list ;neutron router-list ;neutron floatingip-list

Charles Benon gravatar imageCharles Benon ( 2015-04-07 11:38:03 -0600 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-04-02 06:13:47 -0600

Seen: 790 times

Last updated: May 25 '15