Ask Your Question
0

Not able to reach instance through floating IP - Kilo

asked 2015-07-01 12:59:04 -0600

rvarghese gravatar image

Hello,

I created a 3 node setup with neutron node in Kilo, but facing an issue with the instance floating IP reachability Instance can ping the qrouter interface and instance is reachable through namespace. Security groups are configured to allow all traffic.

One thing I noticed is the qg-c3e2cbcf-5a interface is created in br-int. Compared with a juno setup and I could see that interface was showing in br-ex.

Tried a port mirroring and see if the traffic is reaching br-int, but it is not.

Please see the OVS configuration

[root@network ~]# ovs-vsctl show
f9d088fd-ef7a-4dff-820d-35e6796a96ae
    Bridge br-int
        fail_mode: secure
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qr-7055d1c9-0e"
            tag: 2
            Interface "qr-7055d1c9-0e"
                type: internal
        Port "tape9bbd694-98"
            tag: 2
            Interface "tape9bbd694-98"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "snooper0"
            Interface "snooper0"
        Port "qg-c3e2cbcf-5a"
            tag: 1
            Interface "qg-c3e2cbcf-5a"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port "gre-0a0a6466"
            Interface "gre-0a0a6466"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="10.10.100.101", out_key=flow, remote_ip="10.10.100.102"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    ovs_version: "2.3.1"

Name space details

[root@network ~]# ip netns list
qdhcp-6641ac5a-8983-43ca-bd59-9d3849c1821c
qrouter-ce3605dd-5381-41c3-a595-4cfe0e8d1f14
[root@network ~]# ip netns exec qrouter-ce3605dd-5381-41c3-a595-4cfe0e8d1f14 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
9: qr-7055d1c9-0e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:cb:e8:cb brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.1/24 brd 172.16.0.255 scope global qr-7055d1c9-0e
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fecb:e8cb/64 scope link 
       valid_lft forever preferred_lft forever
10: qg-c3e2cbcf-5a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:02:f5:4a brd ff:ff:ff:ff:ff:ff
    inet 100.100.100.3/24 brd 100.100.100.255 scope global qg-c3e2cbcf-5a
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe02:f54a/64 scope link 
       valid_lft forever preferred_lft forever
root@network ~]# ip netns exec qrouter-ce3605dd-5381-41c3-a595-4cfe0e8d1f14 iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-c3e2cbcf-5a ! -o qg-c3e2cbcf-5a -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -o qg-c3e2cbcf-5a -j SNAT --to-source 100.100.100.3
-A neutron-l3-agent-snat -m mark ! --mark 0x2 -m ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-07-06 11:57:29 -0600

rvarghese gravatar image

updated 2015-07-06 11:59:42 -0600

Issue resolved by setting the br-ex for the external_network_bridge and repopulating the database.

[root@network ~]# grep -v ^# /etc/neutron/l3_agent.ini | grep -v ^$
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge = br-ex
router_delete_namespaces = True
verbose = True
edit flag offensive delete link more

Comments

how did you repopulate the database? why command did you used?

Haifa Al Nasseri gravatar imageHaifa Al Nasseri ( 2016-04-13 11:57:44 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2015-07-01 12:59:04 -0600

Seen: 1,610 times

Last updated: Jul 06 '15