Ask Your Question
0

GRE Tunnel between compute and network node

asked 2015-07-11 07:53:04 -0500

busyboy gravatar image

hi,

I have completed 3 node KILO Setup

There is no communication between Network and Compute node over the GRE tunnel. I have followed the OpenStack NetWork Troubleshooting guide and seen that when the VM boots up, the DHCP broadcast is left within the Compute node only. I don't see anything on the br-tun on the network side.

This is how I have diagnosed the problem.

DHCP request started on Cirros VM.

dhcpc (v1.20.1) started
Sending discover...
Sending discover...
Sending discover...

mirrored the br-int interfaces on both network and compute nodes,

snoop on network side for br-tun ( receiving traffic from compute node for VMs )

root@network:~# tcpdump -i snooper0
tcpdump: WARNING: snooper0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on snooper0, link-type EN10MB (Ethernet), capture size 65535 bytes

output of tcpdump on compute node's br-int interface of br-tun

root@compute1:~# tcpdump -i snooper0
tcpdump: WARNING: snooper0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on snooper0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:26:15.550680 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:07:d7:46 (oui Unknown), length 290
17:27:15.611544 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:07:d7:46 (oui Unknown), length 290
17:34:13.317197 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from fa:16:3e:07:d7:46 (oui Unknown), length 290

NameSpaces on Network Node.

root@network:/var/log/neutron#                      ip netns
qdhcp-48631c31-1300-46a9-b4c8-93eb1c0cd959
qrouter-e017aa6e-6a09-42a6-adca-c23ef917fa57

snooping on dhcp namespace while dhcp discover

ip netns exec qdhcp-48631c31-1300-46a9-b4c8-93eb1c0cd959 tcpdump -i any

gives nothing

same for the qrouter name space on network node nothing appears

root@network:/var/log/neutron# ip netns exec qrouter-e017aa6e-6a09-42a6-adca-c23ef917fa57 tcpdump -l -n -e -i any

tcpdump on Compute Node shows DHCP broadcast

root@compute1:/var/log/neutron# tcpdump -i any  -n port 67 or port 68
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
17:46:13.386573 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fa:16:3e:07:d7:46, length 290
17:46:13.386605 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fa:16:3e:07:d7:46, length 290
17:46:13.386573 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fa:16:3e:07:d7:46, length 290
17:46:13.386609 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from fa:16:3e:07:d7:46, length 290
17:46:13.386729 ethertype IPv4, IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request ...
(more)
edit retag flag offensive close merge delete

Comments

I would turn on dnsmasq logging and see /var/log/neutron/dnsmasq.log

dbaxps gravatar imagedbaxps ( 2015-07-11 10:39:05 -0500 )edit

@dbaxps , please guide how do we do that. I'm just following the openstack documentation. And this should be done on compute or network node, as I understand, turning on debugging on network side is useless as I don't see anything on GRE tunnel between network and compute node. Phase suggest.

busyboy gravatar imagebusyboy ( 2015-07-11 12:08:59 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
1

answered 2015-07-11 12:55:52 -0500

dbaxps gravatar image

updated 2015-07-11 13:03:41 -0500

Using answer field as comment
Update on Network Node

[root@fedora22server neutron(keystone_admin)]# cat dhcp_agent.ini | grep -v ^# | grep -v ^$
[DEFAULT]
debug = False
resync_interval = 30
interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True
enable_isolated_metadata = False
enable_metadata_network = False
dhcp_domain = openstacklocal
dnsmasq_config_file =/etc/neutron/dnsmasq-neutron.conf <====
dhcp_delete_namespaces = False
state_path=/var/lib/neutron
root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf

[root@fedora22server neutron(keystone_admin)]# cat dnsmasq-neutron.conf
log-facility = /var/log/neutron/dnsmasq-neutron.log
log-dhcp
dhcp-option-force=26,1400

systemctl restart neutron-dhcp-agent.service

edit flag offensive delete link more
0

answered 2015-07-13 01:13:51 -0500

busyboy gravatar image

updated 2015-08-21 05:05:52 -0500

recreating the GRE tunnel between two nodes is accomplished using .

/usr/bin/ovs-vsctl --timeout=10 --oneline --format=json -- --may-exist add-port br-tun gre-0a000115 -- set Interface gre-0a000115 type=gre options:df_default=true options:remote_ip=10.0.1.21 options:local_ip=10.0.1.31 options:in_key=flow options:out_key=flow

so if your GRE tunnel between network node and compute node is gone, just replace the ip addresses and that's it.

@dbaxps

nothing is showing up in logs ..

root@network:/var/log/neutron# tail -f dnsmasq-neutron.log 
Jul 13 11:06:59 dnsmasq[32083]: started, version 2.68 cachesize 150
Jul 13 11:06:59 dnsmasq[32083]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth
Jul 13 11:06:59 dnsmasq[32083]: warning: no upstream servers configured
Jul 13 11:06:59 dnsmasq-dhcp[32083]: DHCP, static leases only on 192.168.1.0, lease time 1d
Jul 13 11:06:59 dnsmasq-dhcp[32083]: DHCP, sockets bound exclusively to interface tapb07f688c-e5
Jul 13 11:06:59 dnsmasq[32083]: read /var/lib/neutron/dhcp/48631c31-1300-46a9-b4c8-93eb1c0cd959/addn_hosts - 3 addresses
Jul 13 11:06:59 dnsmasq-dhcp[32083]: read /var/lib/neutron/dhcp/48631c31-1300-46a9-b4c8-93eb1c0cd959/host
Jul 13 11:06:59 dnsmasq-dhcp[32083]: read /var/lib/neutron/dhcp/48631c31-1300-46a9-b4c8-93eb1c0cd959/opts
   ..........................................

I think this becuase traffic doesn't reach the network at all from VMs.

I'm looking for any possibility to re-create the GRE tunnel between Network and Compute node. BTW, is it necessary that the GRE tunnel IP should be same across both Network and the Compute node. . this is different in my case.

edit flag offensive delete link more

Comments

See https://www.hastexo.com/system/files/...
Regarding GRE tunnel troubleshooting.

dbaxps gravatar imagedbaxps ( 2015-07-13 01:39:20 -0500 )edit

GRE tunnel has endpoints , this endpoints should have different IPs from same sub-net, created specifically for this purpose.

dbaxps gravatar imagedbaxps ( 2015-07-13 01:46:13 -0500 )edit

What was MTU value on your VMs before update ?

dbaxps gravatar imagedbaxps ( 2015-07-13 01:55:37 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-07-11 07:53:04 -0500

Seen: 1,743 times

Last updated: Aug 21 '15