Ask Your Question
0

external network is not reachable from the router

asked 2016-01-15 10:27:24 -0500

Wohard gravatar image

Hey everyone.

I know that this issue is really common. I installed an RDO Liberty OpenStack on top of Cent-OS 7. but i have the problem of external connectivity I troubleshooted the chain then I figured out that the problem is in the bridge-physical interface.
I have created the br-ex interface config file and modified the eth0 one.
I added via "ip netns qrouter ........." a route to the default gateway.
I have passed over other answers but I feel really confused about the parameters between Liberty and Kilo version; some answers suggest to modify /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini which does not exists in the same path in my environment (I am afraid to do a miss).
my internal net has the address 10.0.1.0/24
my external net with the address 192.168.2.0/23
my gateway is 192.168.2.1
my allocation pool for OpenStack is 192.168.3.201 --> 192.168.3.208

here is the situation description : my instances can ping the router interfaces router cannot ping external addresses router cannot ping the gateway the host can ping external addresses I don't know how to troubleshoot the bridge problems.

here is the some outputs that can help:

[root@localhost ml2(keystone_admin)]# ovs-vsctl show
ca71317d-dc86-492c-9e4a-5b8f9003676d
    Bridge br-tun
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port "eth0"
            Interface "eth0"
    Bridge br-int
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port "tap14dee663-7d"
            tag: 1
            Interface "tap14dee663-7d"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qvo4577930b-f3"
            tag: 1
            Interface "qvo4577930b-f3"
        Port "tap67066610-4a"
            tag: 2
            Interface "tap67066610-4a"
                type: internal
        Port "qr-fc41fd61-c5"
            tag: 1
            Interface "qr-fc41fd61-c5"
                type: internal
        Port "qvo9cbce0cc-66"
            tag: 1
            Interface "qvo9cbce0cc-66"
        Port "qr-f0d96778-69"
            tag: 2
            Interface "qr-f0d96778-69"
                type: internal
    ovs_version: "2.4.0"


[root@localhost ml2(keystone_admin)]# neutron net-list
+--------------------------------------+---------+-----------------------------------------------------+
| id                                   | name    | subnets                                             |
+--------------------------------------+---------+-----------------------------------------------------+
| 08acb21d-2684-41be-9b01-4b1fecd900ed | Private | 7ae66d4e-55e4-449d-96c5-0562418392f0 10.0.1.0/24    |
| 3fe350d8-cd69-4eeb-a5cd-e220215b3675 | Public  | 8c917f64-8616-4fba-9ef4-44b9a5ad75e4 192.168.2.0/23 |
+--------------------------------------+---------+-----------------------------------------------------+


[root@localhost ml2(keystone_admin)]# neutron net-show 3fe350d8-cd69-4eeb-a5cd-e220215b3675
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | 3fe350d8-cd69-4eeb-a5cd-e220215b3675 |
| mtu                       | 0                                    |
| name                      | Public                               |
| provider:network_type     | vxlan                                |
| provider:physical_network |                                      |
| provider:segmentation_id  | 11                                   |
| router:external           | True                                 |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | 8c917f64-8616-4fba-9ef4-44b9a5ad75e4 |
| tenant_id                 | 412d8dbddc86404e8c6adf90647a4b9e     |
+---------------------------+--------------------------------------+


[root@localhost ml2(keystone_admin)]# ip netns exec qrouter-139ba1ac-c505-4fa6-949b-9f8f70a855aa ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 79  bytes 7896 (7.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 79  bytes 7896 (7.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qr-f0d96778-69: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.3.202  netmask 255.255.254.0  broadcast 192.168.3.255
        inet6 fe80::f816:3eff:fe71:c6a9  prefixlen 64  scopeid 0x20 ...
(more)
edit retag flag offensive close merge delete

Comments

If ip netns exec qrouter-139ba1ac-c505-4fa6-949b-9f8f70a855aa ifconfig doesn't have a typo up-here, then it doesn't look good for me, as well as ovs-vsctl show

dbaxps gravatar imagedbaxps ( 2016-01-16 03:35:44 -0500 )edit

Where you get this instruction "I added via "ip netns qrouter ........." a route to the default gateway" from ?

dbaxps gravatar imagedbaxps ( 2016-01-16 03:41:08 -0500 )edit

Thanks for your attention. I wanted to say that i have added a default route on the router using ip netns exec command.

Wohard gravatar imageWohard ( 2016-01-18 02:26:54 -0500 )edit

Your issue is addressed bellow. You better see this answer.

dbaxps gravatar imagedbaxps ( 2016-01-18 03:18:20 -0500 )edit

@dbaxps: I have updated the answers can u please have a look and help me diagnose this issue.

Wohard gravatar imageWohard ( 2016-01-19 07:34:06 -0500 )edit

3 answers

Sort by ยป oldest newest most voted
1

answered 2016-01-18 04:25:18 -0500

You shouldn't have to directly modify anything in the namespaces created by Neutron. What you should do is check whether you assigned a gateway to your router (over CLI or the dashboard), because as already pointed, there is no qg- interface which has the role of gateway.

Second, if I assume right, the "Public" network is the external one. In that case, I doubt you wanted to create it as a VXLAN network - this would be a rare setup. Try re-creating the network as "Flat", you can do that as the "admin" user. When prompted for "Physical interface", type in the value that is mapped to "br-ex" under the directive "bridge_mappings" in /etc/neutron/plugins/ml2/ml2_conf.ini .

edit flag offensive delete link more

Comments

Exactly i figured out that i have setting up a VxLAN .. that's why i have deleted everything and follow RDO. so i setup a flat one with the same mapping in the ml2/openvswitch_agent.ini. i will check also ml2_conf.ini hope to be fine.

Wohard gravatar imageWohard ( 2016-01-18 04:37:29 -0500 )edit

Creating public network as Flat solved my problem!

jcorkey gravatar imagejcorkey ( 2017-12-14 09:27:50 -0500 )edit
0

answered 2016-01-18 04:47:37 -0500

Wohard gravatar image

Here is the new outputs :

[root@localhost ~(keystone_admin)]# ovs-vsctl show
ca71317d-dc86-492c-9e4a-5b8f9003676d
    Bridge br-tun
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-int
        fail_mode: secure
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
        Port "qr-06837155-a2"
            tag: 1
            Interface "qr-06837155-a2"
                type: internal
        Port "tapa27acde4-0c"
            tag: 1
            Interface "tapa27acde4-0c"
                type: internal
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-ex
        Port "eth0"
            Interface "eth0"
        Port "qg-b6560e9e-f7"
            Interface "qg-b6560e9e-f7"
                type: internal
        Port br-ex
            Interface br-ex
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    ovs_version: "2.4.0"


[root@localhost ~(keystone_admin)]# neutron net-list
+--------------------------------------+---------+-----------------------------------------------------+
| id                                   | name    | subnets                                             |
+--------------------------------------+---------+-----------------------------------------------------+
| 49f5609a-beb4-44df-902d-133acfba0c10 | Private | e2f5ae4c-78ff-42fe-96ec-1d96dd0ad38a 10.0.1.0/24    |
| ca321fcc-ff9d-45e9-8704-78aa8e857711 | Public  | 2d8b5f0d-2ffb-4abc-bb32-54813f932354 192.168.2.0/23 |
+--------------------------------------+---------+-----------------------------------------------------+

[root@localhost ~(keystone_admin)]# neutron net-show ca321fcc-ff9d-45e9-8704-78aa8e857711
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | ca321fcc-ff9d-45e9-8704-78aa8e857711 |
| mtu                       | 0                                    |
| name                      | Public                               |
| provider:network_type     | flat                                 |
| provider:physical_network | physnet1                             |
| provider:segmentation_id  |                                      |
| router:external           | True                                 |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | 2d8b5f0d-2ffb-4abc-bb32-54813f932354 |
| tenant_id                 | 412d8dbddc86404e8c6adf90647a4b9e     |
+---------------------------+--------------------------------------+

[root@localhost ~(keystone_admin)]# ip netns exec qrouter-ea037ff8-9744-4416-b0be-067052d263cb ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qg-b6560e9e-f7: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.3.201  netmask 255.255.254.0  broadcast 192.168.3.255
        inet6 fe80::f816:3eff:fe52:11f6  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:52:11:f6  txqueuelen 0  (Ethernet)
        RX packets 3574  bytes 471281 (460.2 KiB)
        RX errors 0  dropped 7  overruns 0  frame 0
        TX packets 26  bytes 2292 (2.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qr-06837155-a2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.1.1  netmask 255.255.255.0  broadcast 10.0.1.255
        inet6 fe80::f816:3eff:febe:5322  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:be:53:22  txqueuelen 0  (Ethernet)
        RX packets 8  bytes 648 (648.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 10  bytes 864 (864.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
edit flag offensive delete link more
0

answered 2016-01-18 00:54:19 -0500

Your qrouter-namespace is missing qg-xxxxxx interface. OVS configuration posted in your question, just cannot work.
I would advise you follow RDO quickstart for RDO Liberty or Kilo ( check available repositories )
Neutron OVS agent (Liberty) is using /etc/neutron/plugins/ml2/openvswitch_agent.ini.

edit flag offensive delete link more

Comments

have changed router interface to external network and added a gateway via dashboard so the qg-xxxxx interface has been shown. i also changed the config files ( plugins/ml2/openvswitch_agent.ini [ovs] bridge_mappings physnet1:br-ex and also /etc/neutron/plugin.ini ml2 type_drivers vxlan,flat,vlan

Wohard gravatar imageWohard ( 2016-01-18 04:21:02 -0500 )edit

but unfortunately it does not work. So i decided to delete all the networks and router and follow the RDO documentation i added my networks and router with these previous changes in config files I also restard services network, neutron-openvswitch-agent, neutron-server. nut it does not work again

Wohard gravatar imageWohard ( 2016-01-18 04:24:52 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2016-01-15 10:27:24 -0500

Seen: 2,202 times

Last updated: Jan 18 '16