Ask Your Question
0

neutron router gateway can't be ping through except on neutron network node or nova instance

asked 2015-06-17 04:59:47 -0600

whg gravatar image

updated 2015-06-17 08:14:21 -0600

i installed openstack kilo on unbutn guest VM with 1 controller+1network +2 compute by following ubuntu kilo install guide.

all is ok before go to create the external flat network ,its subnet and a router ,Attached the router to the external network by setting it as the gateway.

the tenant router gateway IP can only be ping through from neutron network node and nova VM instance

the router gateway ip is 16.157.128.85 root@network:~# ifconfig


br-ex     Link encap:Ethernet  HWaddr 00:50:56:88:6a:8f
          inet addr:16.157.134.188  Bcast:16.157.135.255  Mask:255.255.248.0
          inet6 addr: fe80::e890:2eff:fe95:c5c8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:356635 errors:0 dropped:2906 overruns:0 frame:0
          TX packets:2611 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:34246121 (34.2 MB)  TX bytes:384580 (384.5 KB)

eth0 Link encap:Ethernet HWaddr 00:50:56:88:6a:8f inet6 addr: fe80::250:56ff:fe88:6a8f/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:356615 errors:0 dropped:4 overruns:0 frame:0 TX packets:2898 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:34244821 (34.2 MB) TX bytes:394146 (394.1 KB)

eth1 Link encap:Ethernet HWaddr 00:50:56:88:2c:1e inet addr:10.0.0.21 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fe88:2c1e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:373992 errors:0 dropped:2909 overruns:0 frame:0 TX packets:28631 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:35539613 (35.5 MB) TX bytes:4942004 (4.9 MB)

eth2 Link encap:Ethernet HWaddr 00:50:56:88:1b:70 inet addr:10.0.1.21 Bcast:10.0.1.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:fe88:1b70/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:354716 errors:0 dropped:2908 overruns:0 frame:0 TX packets:253 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:34085050 (34.0 MB) TX bytes:26583 (26.5 KB)

1: /etc/neutron/neutron.conf

 
 [DEFAULT]
verbose = True
rpc_backend = rabbit
auth_strategy = keystone
core_plugin = ml2
service_plugins = router,lbaas
allow_overlapping_ips = True
core_plugin = ml2
[matchmaker_redis]
[matchmaker_ring]
[quotas]
[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = admin
[database]
[nova]
[oslo_concurrency]
lock_path = $state_path/lock
[oslo_policy]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = admin

2: /etc/neutron/plugins/ml2/ml2_conf.ini

 
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_flat]
flat_networks = external
[ml2_type_vlan]
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[ml2_type_vxlan]
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron ...
(more)
edit retag flag offensive close merge delete

4 answers

Sort by ยป oldest newest most voted
0

answered 2015-06-17 20:59:19 -0600

whg gravatar image

i have the same problem as https://ask.openstack.org/en/question... ,

edit flag offensive delete link more

Comments

the workaround is that setting the exteral network bridge explicitly in /etc/neutron/l3_agent.ini

/etc/neutron/l3_agent.ini


[DEFAULT]
external_network_bridge = <ovs-extenal-bridge>

whg gravatar imagewhg ( 2015-06-17 21:43:33 -0600 )edit

I have the same issue as your first try, and I also modified the l3_agent.ini file as your workaround, but seemed not working for me. Now only network node can ping the VM floating IP and neutron router gateway , the controller/compute node could not ping via the public IP. Any thoughts, Thanks!

unitiger gravatar imageunitiger ( 2015-07-27 22:05:40 -0600 )edit
1

answered 2016-03-24 11:53:52 -0600

dbaxps gravatar image

updated 2016-03-24 12:31:24 -0600

It was written above :-

Now only network node can ping the VM floating IP and neutron router gateway , the controller/compute node could not ping via the public IP. Any thoughts

THAT IS NORMAL. SEE PICTURE BELLOW

image description

It is classic 3 Node deployment on RDO Liberty . No matter is it bridged or non-bridged ( external network provider got involved , external neutron flow goes through br-int ) by default external network is available only from Network Node.

Would you plugin into Controller one more NIC and set it to belong top External net. You would get access to your VMs via FIPs from Controller.

Start with the following comment in l3_agent.ini

# When external_network_bridge is set, each L3 agent can be associated
# with no more than one external network. This value should be set to the UUID
# of that external network. To allow L3 agent support multiple external
# networks, both the external_network_bridge and gateway_external_network_id
# must be left empty.

Setting "external_network_bridge = " to an empty value in /etc/neutron/l3-agent.ini enables the use of external provider networks. In this case external network flow will go through br-int, otherwise normal bridged external networking via br-ex Details here :-
http://dbaxps.blogspot.com/2015/10/mu...
When non-bridged external networking come into play neutron-openvswitch-agent ,running on Network Node, places external interfaces of corresponding neutron routers into corresponding OVS bridges ( in particular case br-eth3,br-eth4,br-ex) see link above :-
image description
Any of br-eth3,br-eth4,br-ex don't have IP and work via br-int as described in the last link posted.

edit flag offensive delete link more
0

answered 2016-06-22 09:21:40 -0600

Eric Rakotonirina gravatar image

updated 2016-06-23 01:15:16 -0600

hello,

i have a pretty same problem on my 3 nodes test lab.

I can ping the floating IP from network node and ssh to my instance:

log:

[root@node3-network home]# ssh -i fedora-keys.pem 192.168.18.205 -l fedora The authenticity of host '192.168.18.205 (192.168.18.205)' can't be established. RSA key fingerprint is 26:b4:31:3e:4e:df:ef:31:0c:77:3a:fe:b1:73:64:87. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.18.205' (RSA) to the list of known hosts. [fedora@fedora ~]$

I'm very confused now, searching for a trick. I'm sure that i've missed something on conf... but i cannot ping the instance from outside.

My full conf: Controller: 192.168.18.51 compute:192.168.18.52 network: 192.168.18.53

External network: 192.168.18.0/24 (FLAT)

Any help please.

Eric

edit flag offensive delete link more

Comments

hello,

i've found the pbm: it was on the esxi side, enabling promicious mode on the switch/or the portgroup enable the external acces.

hope it will help other trying to do some lab on ESXi VMs.

Cheers :)

Eric Rakotonirina gravatar imageEric Rakotonirina ( 2016-06-23 01:54:01 -0600 )edit
0

answered 2016-03-24 11:30:32 -0600

Haifa Al Nasseri gravatar image

I have the same issue and changed the file /etc/neutron/l3_agent.ini as suggested above but didn't solve it for me, anyone managed to solve it?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2015-06-17 04:59:47 -0600

Seen: 3,507 times

Last updated: Jun 23 '16