Ask Your Question
1

Havana Neutron Networking - can't escape namespace

asked 2013-11-26 07:50:46 -0500

dan_a gravatar image

updated 2014-01-22 15:12:47 -0500

Evgeny gravatar image

I'm setting up a test cluster with RDO and using Neutron with the openvswitch plugin and GRE tunnels. I have created a private network and subnet, a public network and public subnet (which is also shared with my Openstack infrastructure) and a router connecting the two.

From a running instance I can ping both the inside (private IP) and the outside (public IP) of the router, but cannot ping any of the other public IPs in the subnet. The machines in the Openstack infrastructure can ping each other but not the router, and if I attach a floating IP to the running instance they cannot ping that either.

As far as I can tell, the GRE tunnels are working as the router runs on a networker node separate to the compute node running the instance. On the networker node I can see a number of namespaces and in a "qrouter" namespace I can ping the instance's IP. There doesn't appear to be a proper connection from the "qrouter" namespace to the default namespace though.

What should I be doing to get my instances to talk to the outside world?

Possibly useful information:

[root@networker1 neutron]# neutron net-list
+--------------------------------------+-----------+--------------------------------------------------------+
| id                                   | name      | subnets                                                |
+--------------------------------------+-----------+--------------------------------------------------------+
| 4d787148-cde7-43c1-a576-a124ae24edc5 | Cloudnet2 | d75a929d-c610-42d4-b1af-4817a640ea8f 172.16.2.0/24     |
| a1a34853-ddbf-4ccb-b233-389e6e5aa118 | Ext-Net   | b126e6ae-f42c-48b4-897f-c72ee6eb58c5 X.Y.Z.128/27      |
+--------------------------------------+-----------+--------------------------------------------------------+
[root@networker1 neutron]# neutron net-show Ext-Net
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | a1a34853-ddbf-4ccb-b233-389e6e5aa118 |
| name                      | Ext-Net                              |
| provider:network_type     | local                                |
| provider:physical_network |                                      |
| provider:segmentation_id  |                                      |
| router:external           | True                                 |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | b126e6ae-f42c-48b4-897f-c72ee6eb58c5 |
| tenant_id                 | 378fe6d88a074a80ab33ad398944b75b     |
+---------------------------+--------------------------------------+
[root@networker1 neutron]# neutron subnet-show b126e6ae-f42c-48b4-897f-c72ee6eb58c5
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| allocation_pools | {"start": "X.Y.Z.140", "end": "X.Y.Z.155"}           |
| cidr             | X.Y.Z.128/27                                         |
| dns_nameservers  |                                                      |
| enable_dhcp      | False                                                |
| gateway_ip       | X.Y.Z.129                                            |
| host_routes      |                                                      |
| id               | b126e6ae-f42c-48b4-897f-c72ee6eb58c5                 |
| ip_version       | 4                                                    |
| name             | Public                                               |
| network_id       | a1a34853-ddbf-4ccb-b233-389e6e5aa118                 |
| tenant_id        | 24714c57284d487490eaad91bcf2cc4b                     |
+------------------+------------------------------------------------------+
[root@networker1 neutron]# neutron router-show Router
+-----------------------+-----------------------------------------------------------------------------+
| Field                 | Value                                                                       |
+-----------------------+-----------------------------------------------------------------------------+
| admin_state_up        | True                                                                        |
| external_gateway_info | {"network_id": "a1a34853-ddbf-4ccb-b233-389e6e5aa118", "enable_snat": true} |
| id                    | 149c78f0-5e05-44f6-a683-4d0d680cb947                                        |
| name                  | Router                                                                      |
| routes                |                                                                             |
| status                | ACTIVE                                                                      |
| tenant_id             | 24714c57284d487490eaad91bcf2cc4b                                            |
+-----------------------+-----------------------------------------------------------------------------+
[root@networker1 neutron]# neutron port-show 6cf39013-c5cc-4e99-b4be-51fe5816af6b
+-----------------------+---------------------------------------------------------------------------------------+
| Field                 | Value                                                                                 |
+-----------------------+---------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                  |
| allowed_address_pairs |                                                                                       |
| binding:capabilities  | {"port_filter": true}                                                                 |
| binding:host_id       | networker1.g2c.domicilium.com                                                         |
| binding:vif_type      | ovs                                                                                   |
| device_id             | 149c78f0-5e05-44f6-a683-4d0d680cb947                                                  |
| device_owner          | network:router_gateway                                                                |
| extra_dhcp_opts       |                                                                                       |
| fixed_ips             | {"subnet_id": "b126e6ae-f42c-48b4-897f-c72ee6eb58c5", "ip_address": "X.Y.Z.140"}      |
| id                    | 6cf39013-c5cc-4e99-b4be-51fe5816af6b                                                  |
| mac_address           | fa:16:3e:a9:b8:ab                                                                     |
| name                  |                                                                                       |
| network_id            | a1a34853-ddbf-4ccb-b233-389e6e5aa118                                                  |
| security_groups       |                                                                                       |
| status                | DOWN                                                                                  |
| tenant_id             |                                                                                       |
+-----------------------+---------------------------------------------------------------------------------------+

[root@networker1 neutron]# ip netns exec qrouter-149c78f0-5e05-44f6-a683-4d0d680cb947 ip address list
11: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
179: qr-925648b5-72: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether fa:16:3e:d1:df:ae brd ff:ff:ff:ff:ff:ff
    inet 172.16.2.1/24 brd 172.16.2.255 scope global qr-925648b5-72
    inet6 fe80::f816:3eff:fed1:dfae/64 scope link
       valid_lft forever preferred_lft forever
181: qg-6cf39013-c5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether fa ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2013-11-26 09:04:41 -0500

dan_a gravatar image

I ran tcpdump on interface tap6cf39013-c5, and that showed that ARP requests were going from my instance into the default namespace.

The problem turned out to be that udev was renaming "eth1" to "br-ex" which meant that eth1 couldn't be set into promiscuous mode. Fixing this (in /etc/udev/rules.d/70-persistent-net.rules) cured the problem.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-11-26 07:50:46 -0500

Seen: 788 times

Last updated: Nov 26 '13