Ask Your Question

Instance fails to spawn with nic on provider network - binding:vif_type binding_failed

asked 2015-04-25 18:06:51 -0500

charlie gravatar image

updated 2015-04-26 08:01:58 -0500

Plenty of similar questions arround, one seems to have the exact problem but was closed without actualy solving it: (

The conclusion of the above seemed to be "I can live with assigning floating IPs". Whell, I would like to be able to create instances with an interface on the provider network only.

My problem is this: 4 nodes Juno, two provider networks (vlan type) and vxlan type tenant network(s). What works:

  • I can create instances with nic(s) in tenant networks
  • I can add floating IPs from either or both provider networks (from the subnets attached to them to be precise)

What fails: - Creating an instance with a nic in either of the provider networks. The atempt results in an instance like this:

| 0bf8fcc7-3534-41c0-8b9d-98fef037bccc | testOntenant2 | ERROR  | - | NOSTATE   | pdmz= |

The port of the (failed) instance looks like this:

| Field                 | Value                                                                    |
| admin_state_up        | True                                                                     |
| allowed_address_pairs |                                                                          |
| binding:host_id       | ostack-comp4                                                             |
| binding:profile       | {}                                                                       |
| binding:vif_details   | {}                                                                       |
| binding:vif_type      | binding_failed                                                           |
| binding:vnic_type     | normal                                                                   |
| device_id             | 0bf8fcc7-3534-41c0-8b9d-98fef037bccc                                     |
| device_owner          | compute:nova                                                             |
| extra_dhcp_opts       |                                                                          |
| fixed_ips             | {"subnet_id": "da60ada1-873e...dffe8056853", "ip_address": ""} |
| id                    | 55efd2a8-5ea7-4a8d-91c5-cb65a209fd61                                     |
| mac_address           | fa:16:3e:56:17:4b                                                        |
| name                  |                                                                          |
| network_id            | 9cd0566c-7e12-413d-b515-328c479c59af                                     |
| security_groups       | 12f73c35-ac93-40f3-a65e-d11d0e589652                                     |
| status                | DOWN                                                                     |
| tenant_id             | fdb4ca1402d941af884ba0cd7f68a761                                         |

and the "not so relevant" logs are:

neutron-server: WARNING neutron.plugins.ml2.managers [req-3c446ec8-ba45-4ba5-b1a6-d40fe21cccb4 None] Failed to bind port 55efd2a8-5ea7-4a8d-91c5-cb65a209fd61 on host ostack-comp4

TRACE nova.compute.manager [instance: 0bf8fcc7-3534-41c0-8b9d-98fef037bccc] NovaException: Unexpected vif_type=binding_failed

Update 1:

I've added the br-ex to all compute nodes:

    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "enp10s4f1"
            trunks: [206, 300]
            Interface "enp10s4f1"

And the openvswitch agent is (also) loading the ml2 configuration:

type_drivers = flat,vlan,gre,vxlan
tenant_network_types = vxlan
mechanism_drivers =openvswitch
network_vlan_ranges = provnet:206:206,provnet:300:300
bridge_mappings = provnet:br-ex
vni_ranges =10:100
vxlan_group =
enable_security_group = True

Update 2:

Following Sam's advice I've added the bridge mapping into [ovs] section on all nodes. That solved the problem of binding. The instance spawned on a compute node, a port got created on br-int on that node, patches got created to br-ex on the same node and openflow rules translate to the correct vlan tag on the provider network:

]# ovs-vsctl show
    Bridge br-int
        fail_mode: secure
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port br-int
            Interface br-int
                type: internal
        Port "qvoc9c60160-45"
            tag: 1
            Interface "qvoc9c60160-45"
    Bridge br-tun
            .... cut out for ...
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
        Port "enp10s4f1"
            trunks: [206, 300]
            Interface "enp10s4f1"
    ovs_version: "2.1.3"

At this point I will mark the question resolved as the answer was to provide layer 2 conectivity on compute nodes and use propper secrtion for the mapping. However, at the moment I still face problems and I would appreciate some pointers:

  • openstack doesn't provide IP information to the instance created in this way. (dhcp service ...
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-04-26 00:53:00 -0500

SamYaple gravatar image

Did you setup your compute nodes with an external bridge? The guide does not tell you to do this, but the guide also doesn't tell you to launch an instance on the "provider" network. If you are trying to launch an instance on a "provider" network, the compute nodes must have a way to talk layer 2 to that network.

Setup br-ex with an appropriate ethernet port and update your ml2_conf.ini on each compute node (just like you did on the network node).

edit flag offensive delete link more


I did create br-ex on all (compute) nodes and I'm loading ml2_conf.ini on each openvswitch-agent. I'm updating the original post with this info. I didn't create a "patch" to br-int on the compute nodes (shoud I?), otherwise it's the same as on the network node.

charlie gravatar imagecharlie ( 2015-04-26 01:44:24 -0500 )edit

bridge_mappings belongs in the [ovs] section

Please review this guide for a working setup with a flat network

SamYaple gravatar imageSamYaple ( 2015-04-26 06:04:50 -0500 )edit

Thank you Sam! That fixed the error that prevented the instance to spawn. I have now an instance running on a compute node, with the port in br-int and patches to br-ex as-well-as openflow rules created automaticaly. I'm updating the original question with the progress. L.E.: Network not usable yet

charlie gravatar imagecharlie ( 2015-04-26 07:32:06 -0500 )edit

Is this a change from Openstack juno? I was able to provision nodes on the provider network without doing anything other than follow the standard installation instructions, for juno.

Paul gravatar imagePaul ( 2015-10-17 00:29:22 -0500 )edit

I know this is an old thread, but Sam's answer is the closest thing to a clue I have been able to find on the topic of "bringing up a VM on a provider network". Most all that I read is nonsensical. Any elaboration would be appreciated.

tiger gravatar imagetiger ( 2017-07-26 09:11:53 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2015-04-25 18:06:51 -0500

Seen: 4,873 times

Last updated: Apr 26 '15