Not able to reach instance through floating IP - Kilo

asked 2015-07-01 12:59:04 -0500

rvarghese gravatar image


I created a 3 node setup with neutron node in Kilo, but facing an issue with the instance floating IP reachability Instance can ping the qrouter interface and instance is reachable through namespace. Security groups are configured to allow all traffic.

One thing I noticed is the qg-c3e2cbcf-5a interface is created in br-int. Compared with a juno setup and I could see that interface was showing in br-ex.

Tried a port mirroring and see if the traffic is reaching br-int, but it is not.

Please see the OVS configuration

[root@network ~]# ovs-vsctl show
    Bridge br-int
        fail_mode: secure
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qr-7055d1c9-0e"
            tag: 2
            Interface "qr-7055d1c9-0e"
                type: internal
        Port "tape9bbd694-98"
            tag: 2
            Interface "tape9bbd694-98"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "snooper0"
            Interface "snooper0"
        Port "qg-c3e2cbcf-5a"
            tag: 1
            Interface "qg-c3e2cbcf-5a"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port "gre-0a0a6466"
            Interface "gre-0a0a6466"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="", out_key=flow, remote_ip=""}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    ovs_version: "2.3.1"

Name space details

[root@network ~]# ip netns list
[root@network ~]# ip netns exec qrouter-ce3605dd-5381-41c3-a595-4cfe0e8d1f14 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
9: qr-7055d1c9-0e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:cb:e8:cb brd ff:ff:ff:ff:ff:ff
    inet brd scope global qr-7055d1c9-0e
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fecb:e8cb/64 scope link 
       valid_lft forever preferred_lft forever
10: qg-c3e2cbcf-5a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:02:f5:4a brd ff:ff:ff:ff:ff:ff
    inet brd scope global qg-c3e2cbcf-5a
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe02:f54a/64 scope link 
       valid_lft forever preferred_lft forever
root@network ~]# ip netns exec qrouter-ce3605dd-5381-41c3-a595-4cfe0e8d1f14 iptables -S -t nat
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-c3e2cbcf-5a ! -o qg-c3e2cbcf-5a -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -o qg-c3e2cbcf-5a -j SNAT --to-source
-A neutron-l3-agent-snat -m mark ! --mark 0x2 -m ...
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2015-07-06 11:57:29 -0500

rvarghese gravatar image

updated 2015-07-06 11:59:42 -0500

Issue resolved by setting the br-ex for the external_network_bridge and repopulating the database.

[root@network ~]# grep -v ^# /etc/neutron/l3_agent.ini | grep -v ^$
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge = br-ex
router_delete_namespaces = True
verbose = True
edit flag offensive delete link more


how did you repopulate the database? why command did you used?

Haifa Al Nasseri gravatar imageHaifa Al Nasseri ( 2016-04-13 11:57:44 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools


Asked: 2015-07-01 12:59:04 -0500

Seen: 1,643 times

Last updated: Jul 06 '15