Ask Your Question
0

Need help with neutron router

asked 2015-08-25 13:13:19 -0600

pauls132000 gravatar image

I have setup internal and external networks with neutron and connected them (I think) with a router with kilo, I have no connectivity between vms and the external net. The firewall appears to be wide open. The correct posts seem to be assigned. The vms can reach each other on the internal network. I mirrored an interface with ovs and did a tcpcump on pings from the vm and the external net. it looks like the external port is missing something.

Internal:
18:02:34.065694 IP 172.16.64.16 > 172.16.64.1: ICMP echo request, id 23297, seq 0, length 64
18:02:34.065784 IP 172.16.64.1 > 172.16.64.16: ICMP echo reply, id 23297, seq 0, length 64
18:02:35.065633 IP 172.16.64.16 > 172.16.64.1: ICMP echo request, id 23297, seq 1, length 64

Can hit external gateway:

18:00:45.744489 IP 172.16.64.16 > 10.17.0.1: ICMP echo request, id 23041, seq 0, length 64
18:00:45.745263 IP 10.17.0.1 > 172.16.64.16: ICMP echo reply, id 23041, seq 0, length 64
18:00:46.744484 IP 172.16.64.16 > 10.17.0.1: ICMP echo request, id 23041, seq 1, length 64
18:00:46.744956 IP 10.17.0.1 > 172.16.64.16: ICMP echo reply, id 23041, seq 1, length 64

But rom external nothing:

tcpdump -i snooper0
listening on snooper0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:43:56.150193 IP n004 > 172.16.64.16: ICMP echo request, id 46403, seq 1, length 64
17:43:57.149449 IP n004 > 172.16.64.16: ICMP echo request, id 46403, seq 2, length 64
17:43:58.149452 IP n004 > 172.16.64.16: ICMP echo request, id 46403, seq 3, length 64

ovs-vsctl:

 ovs-vsctl show
573be45d-16ee-4aa8-a348-d253a0bc2800
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-0a11010e"
            Interface "vxlan-0a11010e"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.17.1.13", out_key=flow, remote_ip="10.17.1.14"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-0a110111"
            Interface "vxlan-0a110111"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.17.1.13", out_key=flow, remote_ip="10.17.1.17"}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "qg-cd06e66c-c9"
            Interface "qg-cd06e66c-c9"
                type: internal
        Port "bond0"
            Interface "eno2"
            Interface "eno1"
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-int
        fail_mode: secure
        Port "qr-ce0ee769-6f"
            tag: 1
            Interface "qr-ce0ee769-6f"
                type: internal
        Port "qvod38da273-bb"
            tag: 1
            Interface "qvod38da273-bb"
        Port "tap2e4598fe-f6"
            tag: 1
            Interface "tap2e4598fe-f6"
                type: internal
        Port "snooper0"
            Interface "snooper0"
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    ovs_version: "2.3.1"
edit retag flag offensive close merge delete

Comments

Potentially running into this bug: https://bugs.launchpad.net/neutron/+bug/1473199 (https://bugs.launchpad.net/neutron/+b...)

Error: Stderr: ovs-vsctl: no row "bond0" in table Interface

pauls132000 gravatar imagepauls132000 ( 2015-08-26 08:38:07 -0600 )edit

Meant to paste this bug: https://bugs.launchpad.net/neutron/+bug/1460494 (https://bugs.launchpad.net/neutron/+b...)

pauls132000 gravatar imagepauls132000 ( 2015-08-26 08:39:38 -0600 )edit

1 answer

Sort by ยป oldest newest most voted
2

answered 2015-08-28 13:33:42 -0600

pauls132000 gravatar image

The issue turned out to be that I had mis-matched netmasks on either side of the bridge: a /20 and the external and a /24 internal. Making the internal a /20 as well fixed it.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-08-25 13:13:19 -0600

Seen: 259 times

Last updated: Aug 28 '15