Ask Your Question
0

instance cant access internet

asked 2016-04-08 21:40:04 -0600

tuanle gravatar image

updated 2016-04-12 04:19:16 -0600

Hi every one. I just installed Openstack Kilo RDO AllInOne on Centos 7 with packstack(my Centos is virtual machine run from HyperV). I have problem with network. My network:

Centos: 10.x.x.242/26 (physical network with internet)
Private network: 192.168.1.1/24
Public network: 10.x.x.192/26 gateway: 10.x.x.194 (same physical network)

I have been floating IP 10.x.x.252/26 for instance but it couldn't ping to 8.8.8.8. Please help me, thank you.

ifconfig

br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.10.242  netmask 255.255.255.192  broadcast 10.10.10.255
        inet6 fe80::287c:9ff:fe8b:8148  prefixlen 64  scopeid 0x20<link>
        ether 00:15:5d:01:d2:50  txqueuelen 0  (Ethernet)
        RX packets 1398622  bytes 459006970 (437.7 MiB)
        RX errors 0  dropped 29239  overruns 0  frame 0
        TX packets 4703  bytes 2402519 (2.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::215:5dff:fe01:d250  prefixlen 64  scopeid 0x20<link>
        ether 00:15:5d:01:d2:50  txqueuelen 1000  (Ethernet)
        RX packets 1780208  bytes 588426855 (561.1 MiB)
        RX errors 0  dropped 19  overruns 0  frame 0
        TX packets 7072  bytes 3349197 (3.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 1205885  bytes 183873672 (175.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1205885  bytes 183873672 (175.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbra3453419-9a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::8cd0:bcff:fe3f:478b  prefixlen 64  scopeid 0x20<link>
        ether de:0c:47:77:e4:31  txqueuelen 0  (Ethernet)
        RX packets 37  bytes 2934 (2.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbrdd3af894-64: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::3858:dcff:fe4d:ac7e  prefixlen 64  scopeid 0x20<link>
        ether 8a:35:b1:2a:9b:11  txqueuelen 0  (Ethernet)
        RX packets 25  bytes 2070 (2.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvba3453419-9a: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet6 fe80::dc0c:47ff:fe77:e431  prefixlen 64  scopeid 0x20<link>
        ether de:0c:47:77:e4:31  txqueuelen 1000  (Ethernet)
        RX packets 98  bytes 10045 (9.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 124  bytes 12042 (11.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0 ...
(more)
edit retag flag offensive close merge delete

Comments

Did you add proper Security groups for the Instance ?

Bipin gravatar imageBipin ( 2016-04-09 23:28:07 -0600 )edit

Yes, I opened icmp and ssh for instance

tuanle gravatar imagetuanle ( 2016-04-09 23:55:39 -0600 )edit

Hi, if it is possible try keeping the subnet as 16 for all your network.

pjb gravatar imagepjb ( 2016-04-11 01:23:46 -0600 )edit

Thank you. I have edited all network subnet as 26, it no change. From instance can ping to router external IP, I try traceroute and it stuck at floating IP. Can't ssh instance from 10.x.x.192/26, too.

tuanle gravatar imagetuanle ( 2016-04-11 02:02:09 -0600 )edit
add a comment

4 answers

Sort by ยป oldest newest most voted
1

answered 2016-04-11 11:58:46 -0600

dbaxps gravatar image

updated 2016-04-12 05:17:42 -0600

UPDATE 04/12/21016 13:06 MSK
Please, run

Your `ovs-vsctl show` is missing qg-xxxxx interface , outgoing interface of qrouter namespace.
It might be a core issue.
Run :-
ip netns
Select qrouter-<router-id> namespace
# ip netns exec qrouter-<router-id> ifconfig
Please post  otput of last command

See https://www.rdoproject.org/networking...
END UPDATE

Add as update 1 to question

 # cat  /etc/neutron/l3_agent.ini | grep -v ^# |grep -v ^$
 # cat  /etc/neutron/plugins/ml2/ml2_conf.ini | grep -v ^# |grep -v ^$
 # cat  /etc/neutron/plugins/ml2/ovs_neutron_plugin.ini | grep -v ^# |grep -v ^$

Say your external network is 10.10.10.252/26.<br>

Under /etc/sysconfig/network-scripts create

#cat ifcfg-br-ex
DEVICE="br-ex"
BOOTPROTO="static"
IPADDR="10.10.10.197" <==  any IP  belongs to external net ( just different from gateway )
NETMASK="255.255.255.192"
DNS1="8.8.8.8"
BROADCAST="10.10.10.255"
GATEWAY="10.10.10.194"
NM_CONTROLLED="no"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="yes"
IPV6INIT=no
ONBOOT="yes"
TYPE="OVSIntPort"
OVS_BRIDGE=br-ex
DEVICETYPE="ovs"

Next

# cat ifcfg-eth0
DEVICE="eth0"
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE=br-ex
NM_CONTROLLED=no
IPV6INIT=no

Then run script

   #!/bin/bash -x
    chkconfig network on
    systemctl stop NetworkManager
    systemctl disable NetworkManager
    service network restart

Reboot node
edit flag offensive delete link more

Comments

Thank you. I did follow you, but still can't ssh to instance.

tuanle gravatar imagetuanle ( 2016-04-11 21:41:27 -0600 )edit

Can you ping instance ? Verify security rules

dbaxps gravatar imagedbaxps ( 2016-04-12 00:37:30 -0600 )edit

Instance can't out or in. I created a security rules accept ssh & icmp from outside.

tuanle gravatar imagetuanle ( 2016-04-12 02:41:53 -0600 )edit

Please, add ifconfig , I just remember br0 bridge in your previous posting . From where did it come ?

dbaxps gravatar imagedbaxps ( 2016-04-12 02:54:02 -0600 )edit

I removed br0 and replaced by br-ex. I update ifconfig in question post

tuanle gravatar imagetuanle ( 2016-04-12 04:16:29 -0600 )edit
see more comments
0

answered 2016-10-18 17:57:17 -0600

aegiacometti gravatar image

Perform a tcpdump on bridge and tap interface of your VM, just to see if you can follow the packet. Try to trace DHCP request/reply or ARP whoas and reply, as it goes troughout the interfaces.

Since you have VMs for compute, you might have the ports in promiscuos mode, and this can generate dupplicated packets, confusing wich port to use at the bridge.

You can test this using brctl showmacs command, at some point you will see the tap MAC associated to the wrong port number, or flapping from port to port in time.

In VMWare, i has to assign only one port to the VSwitch.

edit flag offensive delete link more
add a comment
0

answered 2016-04-10 20:45:03 -0600

tuanle gravatar image

updated 2016-04-12 20:02:54 -0600

UPDATE 3

ip netns exec qrouter-2369706e-cd7e-4114-b3eb-095378950676 ifconfig

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qr-b5b46007-ee: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::f816:3eff:fe4a:8080  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:4a:80:80  txqueuelen 0  (Ethernet)
        RX packets 130  bytes 12426 (12.1 KiB)
        RX errors 0  dropped 1  overruns 0  frame 0
        TX packets 77  bytes 7833 (7.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

UPDATE 2

neutron agent-list

+--------------------------------------+--------------------+-----------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host                  | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+-----------------------+-------+----------------+---------------------------+
| 5b1ad7f6-114d-4f46-971f-6d280b22436f | Open vSwitch agent | localhost.localdomain | :-)   | True           | neutron-openvswitch-agent |
| 7bba2ced-72e2-4714-9ff8-fa518f47535b | DHCP agent         | localhost.localdomain | :-)   | True           | neutron-dhcp-agent        |
| 7fd6e7e9-aecc-46ec-b9e1-39e9bfa22538 | L3 agent           | localhost.localdomain | :-)   | True           | neutron-l3-agent          |
| cc297d41-0124-4b3b-95bf-2ed17d588baa | Metadata agent     | localhost.localdomain | :-)   | True           | neutron-metadata-agent    |
+--------------------------------------+--------------------+-----------------------+-------+----------------+---------------------------+

ovs-vsctl show

61350ac7-bfa7-4360-aa95-f8babd4fb986
    Bridge br-tun
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "eth0"
            Interface "eth0"
    Bridge br-int
        fail_mode: secure
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qr-b5b46007-ee"
            tag: 1
            Interface "qr-b5b46007-ee"
                type: internal
        Port "qvoa3453419-9a"
            tag: 1
            Interface "qvoa3453419-9a"
        Port "tapc00eaccd-d6"
            tag: 1
            Interface "tapc00eaccd-d6"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "qvodd3af894-64"
            tag: 1
            Interface "qvodd3af894-64"
    ovs_version: "2.3.1"

END--UPDATE 2

cat /etc/neutron/l3_agent.ini | grep -v ^# |grep -v ^$

[DEFAULT]
debug = False
interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True
handle_internal_only_routers = True
external_network_bridge = br-ex
metadata_port = 9697
send_arp_for_ha = 3
periodic_interval = 40
periodic_fuzzy_delay = 5
enable_metadata_proxy = True
router_delete_namespaces = False
agent_mode = legacy

cat /etc/neutron/plugins/ml2/ml2_conf.ini | grep -v ^# |grep -v ^$

[ml2]
type_drivers = vxlan,flat
tenant_network_types = vxlan
mechanism_drivers =openvswitch
[ml2_type_flat]
flat_networks = *
[ml2_type_vlan]
[ml2_type_gre]
[ml2_type_vxlan]
vni_ranges =1:100
vxlan_group =224.0.0.1
[securitygroup]
enable_security_group = True

cat /etc/neutron/plugins/ml2/ovs_neutron_plugin.ini | grep -v ^# |grep -v ^$

cat: /etc/neutron/plugins/ml2/ovs_neutron_plugin.ini: No such file or directory
edit flag offensive delete link more

Comments

Hi Tuanlie, I had similar problem with my set-up. I was able to ping from one instance to other but unable to ssh. Reducing the the MTU value for the interface of the instance solved my problem. Give it a try.

pjb gravatar imagepjb ( 2016-04-13 00:50:22 -0600 )edit
add a comment
0

answered 2016-04-12 16:39:52 -0600

kranthi.guttikonda9@gmail.com gravatar image

As per my understanding there is no VxLAN tunnel formed between endpoints (neutron and compute) with ports. Something like below

Port "vxlan-c0a80202" Interface "vxlan-c0a80202" type: vxlan options: {df_default="true", in_key=flow, local_ip="192.168.2.1", out_key=flow, remote_ip="192.168.2.2"} Port "vxlan-c0a80203" Interface "vxlan-c0a80203" type: vxlan options: {df_default="true", in_key=flow, local_ip="192.168.2.1", out_key=flow, remote_ip="192.168.2.3"}

Please double check ml2_conf.ini

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-04-08 21:40:04 -0600

Seen: 307 times

Last updated: Apr 12 '16

Related questions

VM's not getting outside

externel network not shared can be used

How to implement dhcp, wds and ad servers in openstack ( internal -external network relations)

Problems with launching instances on compute node

Doesn't Swift use storage the same way Cinder does?

Failed to bind port on host

how to check network speed of the link in openstack instance

assign network to availability zone or host (nova-network)

error : network_type_value 'flat' not supported while creating a new external network

Neutron net-create: Unable to create the network. No tenant network is available for allocation.