Neutron - Linux Bridge Agent - pri Network not accessible

asked 2015-11-17 01:09:10 -0500

Clarence gravatar image

Symptom: An instance created on the public provider network was not accessible from Internet

Environment:

  • CentOS: 7.1
  • OpenStack: Liberty
  • Networking: Neutron with linuxbridge_agent

Infrastructure:

  • Controller (also act as the network node)

    • Network interfaces:
    • em2 : static ip 202.181.203.20 (it's for Internet connection)
      • this is using one of the public IP provided by ISP
    • em1 : static ip 192.168.0.12 (management network)
    • p1p1: un-numbered (public interface for Neutron Linuxbridge)
  • Compute

    • Network interfaces:
    • em2: un-numbered (public interface for Neutron Linuxbridge)
    • em1: 192.168.0.11 (management network)
  • Network address

    • 16 ip addresses provided by ISP
    • 202.181.203.18 - 202.181.203.30
    • Gateway: 202.181.203.17

Configuration:

  • Controller and network node

    • neutron.conf

    [DEFAULT]

    ...

    core_plugin = ml2

    service_plugins =

    • ml2_conf.ini

    [ml2]

    ...

    type_drivers = flat,vlan

    tenant_network_types =

    mechanism_drivers = linuxbridge

    extension_drivers = port_security

    • linuxbridge_agent.ini

    [linux_bridge]

    ...

    physical_interface_mappings = public:p1p1

    [vxlan]

    enable_vxlan = False

  • Compute node

    • linuxbridge_agent.ini

    [linux_bridge]

    ...

    physical_interface_mappings = public:em2

    [vxlan]

    enable_vxlan = False

Command to create provider network:

  • neutron net-create public-net --shared --router:external --provider:physical_network public --provider:network_type flat
  • neutron subnet-create public-net 202.181.203.16/28 --name public-subnet --allocation-pool start=202.181.203.21,end=202.181.203.30 --gateway 202.181.203.17 --dns-nameserver 202.181.224.3

Boot an instance "cirros":

  • nova boot --flavor m1.tiny --image cirros --nic net-id=[network-id] --security-group default --key-name skywidesoft-key demo-instance1
    • a public address 202.181.203.22 was assigned
  • output from nova list

+--------------------------------------+----------------+--------+------------+-------------+---------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+----------------+--------+------------+-------------+---------------------------+ | c1bf98e4-2c6f-46be-9251-10e24362bf0c | demo-instance1 | ACTIVE | - | Running | public-net=202.181.203.22 | +--------------------------------------+----------------+--------+------------+-------------+---------------------------+

However, I am not able to ping the instance from external servers.

More Information:

ip addr

2: em1: <broadcast,multicast,up,lower_up> mtu 1500 qdisc mq state UP qlen 1000 link/ether 44:a8:42:1e:7c:8f brd ff:ff:ff:ff:ff:ff inet 192.168.0.12/24 brd 192.168.0.255 scope global em1 valid_lft forever preferred_lft forever inet6 fe80::46a8:42ff:fe1e:7c8f/64 scope link valid_lft forever preferred_lft forever

3: em2: <broadcast,multicast,up,lower_up> mtu 1500 qdisc mq state UP qlen 1000 link/ether 44:a8:42:1e:7c:90 brd ff:ff:ff:ff:ff:ff inet 202.181.203.20/28 brd 202.181.203.31 scope global em2 valid_lft forever preferred_lft forever inet6 fe80::46a8:42ff:fe1e:7c90/64 scope link valid_lft forever preferred_lft forever

4: p1p1: <broadcast,multicast,up,lower_up> mtu 1500 qdisc mq master brq414be1f4-8c state UP qlen 1000 link/ether 00:0a:f7:7f:39:16 brd ff:ff:ff:ff:ff:ff inet6 fe80::20a:f7ff:fe7f:3916/64 scope link valid_lft forever preferred_lft forever

5: p1p2: <broadcast,multicast,up,lower_up> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:0a:f7:7f:39:17 brd ff:ff:ff:ff:ff:ff inet6 fe80::20a:f7ff:fe7f:3917/64 scope link valid_lft forever preferred_lft forever

6: docker0: <no-carrier,broadcast,multicast,up> mtu 1500 qdisc noqueue state DOWN link/ether 02:42:38:b9:45:21 brd ff:ff:ff:ff:ff:ff inet ... (more)

edit retag flag offensive close merge delete

Comments

The correct title is Neutron - Linux Bridge Agent - Provider Network not accessible

Clarence gravatar imageClarence ( 2015-11-18 21:50:49 -0500 )edit