instance cant access internet

network

asked 2016-04-08 21:40:04 -0500

tuanle
1 ●1 ●2 ●3

updated 2016-04-12 04:19:16 -0500

Hi every one. I just installed Openstack Kilo RDO AllInOne on Centos 7 with packstack(my Centos is virtual machine run from HyperV). I have problem with network. My network:

Centos: 10.x.x.242/26 (physical network with internet)
Private network: 192.168.1.1/24
Public network: 10.x.x.192/26 gateway: 10.x.x.194 (same physical network)

I have been floating IP 10.x.x.252/26 for instance but it couldn't ping to 8.8.8.8. Please help me, thank you.

ifconfig

br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.10.242  netmask 255.255.255.192  broadcast 10.10.10.255
        inet6 fe80::287c:9ff:fe8b:8148  prefixlen 64  scopeid 0x20<link>
        ether 00:15:5d:01:d2:50  txqueuelen 0  (Ethernet)
        RX packets 1398622  bytes 459006970 (437.7 MiB)
        RX errors 0  dropped 29239  overruns 0  frame 0
        TX packets 4703  bytes 2402519 (2.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::215:5dff:fe01:d250  prefixlen 64  scopeid 0x20<link>
        ether 00:15:5d:01:d2:50  txqueuelen 1000  (Ethernet)
        RX packets 1780208  bytes 588426855 (561.1 MiB)
        RX errors 0  dropped 19  overruns 0  frame 0
        TX packets 7072  bytes 3349197 (3.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 1205885  bytes 183873672 (175.3 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1205885  bytes 183873672 (175.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbra3453419-9a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::8cd0:bcff:fe3f:478b  prefixlen 64  scopeid 0x20<link>
        ether de:0c:47:77:e4:31  txqueuelen 0  (Ethernet)
        RX packets 37  bytes 2934 (2.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbrdd3af894-64: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::3858:dcff:fe4d:ac7e  prefixlen 64  scopeid 0x20<link>
        ether 8a:35:b1:2a:9b:11  txqueuelen 0  (Ethernet)
        RX packets 25  bytes 2070 (2.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvba3453419-9a: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet6 fe80::dc0c:47ff:fe77:e431  prefixlen 64  scopeid 0x20<link>
        ether de:0c:47:77:e4:31  txqueuelen 1000  (Ethernet)
        RX packets 98  bytes 10045 (9.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 124  bytes 12042 (11.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0 ...

(more)

edit retag flag offensive close merge delete

Comments

Did you add proper Security groups for the Instance ?

Bipin ( 2016-04-09 23:28:07 -0500 )edit

Yes, I opened icmp and ssh for instance

tuanle ( 2016-04-09 23:55:39 -0500 )edit

Hi, if it is possible try keeping the subnet as 16 for all your network.

pjb ( 2016-04-11 01:23:46 -0500 )edit

Thank you. I have edited all network subnet as 26, it no change. From instance can ping to router external IP, I try traceroute and it stuck at floating IP. Can't ssh instance from 10.x.x.192/26, too.

tuanle ( 2016-04-11 02:02:09 -0500 )edit

add a comment

4 answers

Sort by » oldest newest most voted

answered 2016-04-11 11:58:46 -0500

dbaxps

10778 ●57 ●112 ●224 http://bderzhavets.blo...

updated 2016-04-12 05:17:42 -0500

UPDATE 04/12/21016 13:06 MSK
Please, run

Your `ovs-vsctl show` is missing qg-xxxxx interface , outgoing interface of qrouter namespace.
It might be a core issue.
Run :-
ip netns
Select qrouter-<router-id> namespace
# ip netns exec qrouter-<router-id> ifconfig
Please post  otput of last command

See https://www.rdoproject.org/networking...
END UPDATE

Add as update 1 to question

 # cat  /etc/neutron/l3_agent.ini | grep -v ^# |grep -v ^$
 # cat  /etc/neutron/plugins/ml2/ml2_conf.ini | grep -v ^# |grep -v ^$
 # cat  /etc/neutron/plugins/ml2/ovs_neutron_plugin.ini | grep -v ^# |grep -v ^$

Say your external network is 10.10.10.252/26.<br>

Under /etc/sysconfig/network-scripts create

#cat ifcfg-br-ex
DEVICE="br-ex"
BOOTPROTO="static"
IPADDR="10.10.10.197" <==  any IP  belongs to external net ( just different from gateway )
NETMASK="255.255.255.192"
DNS1="8.8.8.8"
BROADCAST="10.10.10.255"
GATEWAY="10.10.10.194"
NM_CONTROLLED="no"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="yes"
IPV6INIT=no
ONBOOT="yes"
TYPE="OVSIntPort"
OVS_BRIDGE=br-ex
DEVICETYPE="ovs"

# cat ifcfg-eth0
DEVICE="eth0"
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE=br-ex
NM_CONTROLLED=no
IPV6INIT=no

Then run script

   #!/bin/bash -x
    chkconfig network on
    systemctl stop NetworkManager
    systemctl disable NetworkManager
    service network restart

Reboot node

edit flag offensive delete link

Comments

Thank you. I did follow you, but still can't ssh to instance.

tuanle ( 2016-04-11 21:41:27 -0500 )edit

Can you ping instance ? Verify security rules

dbaxps ( 2016-04-12 00:37:30 -0500 )edit

Instance can't out or in. I created a security rules accept ssh & icmp from outside.

tuanle ( 2016-04-12 02:41:53 -0500 )edit

Please, add ifconfig , I just remember br0 bridge in your previous posting . From where did it come ?

dbaxps ( 2016-04-12 02:54:02 -0500 )edit

I removed br0 and replaced by br-ex. I update ifconfig in question post

tuanle ( 2016-04-12 04:16:29 -0500 )edit

see more comments

answered 2016-10-18 17:57:17 -0500

aegiacometti

66 ●1 ●2 ●5

Perform a tcpdump on bridge and tap interface of your VM, just to see if you can follow the packet. Try to trace DHCP request/reply or ARP whoas and reply, as it goes troughout the interfaces.

Since you have VMs for compute, you might have the ports in promiscuos mode, and this can generate dupplicated packets, confusing wich port to use at the bridge.

You can test this using brctl showmacs command, at some point you will see the tap MAC associated to the wrong port number, or flapping from port to port in time.

In VMWare, i has to assign only one port to the VSwitch.

edit flag offensive delete link

add a comment

answered 2016-04-10 20:45:03 -0500

tuanle
1 ●1 ●2 ●3

updated 2016-04-12 20:02:54 -0500

UPDATE 3

ip netns exec qrouter-2369706e-cd7e-4114-b3eb-095378950676 ifconfig

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qr-b5b46007-ee: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::f816:3eff:fe4a:8080  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:4a:80:80  txqueuelen 0  (Ethernet)
        RX packets 130  bytes 12426 (12.1 KiB)
        RX errors 0  dropped 1  overruns 0  frame 0
        TX packets 77  bytes 7833 (7.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

UPDATE 2

neutron agent-list

+--------------------------------------+--------------------+-----------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host                  | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+-----------------------+-------+----------------+---------------------------+
| 5b1ad7f6-114d-4f46-971f-6d280b22436f | Open vSwitch agent | localhost.localdomain | :-)   | True           | neutron-openvswitch-agent |
| 7bba2ced-72e2-4714-9ff8-fa518f47535b | DHCP agent         | localhost.localdomain | :-)   | True           | neutron-dhcp-agent        |
| 7fd6e7e9-aecc-46ec-b9e1-39e9bfa22538 | L3 agent           | localhost.localdomain | :-)   | True           | neutron-l3-agent          |
| cc297d41-0124-4b3b-95bf-2ed17d588baa | Metadata agent     | localhost.localdomain | :-)   | True           | neutron-metadata-agent    |
+--------------------------------------+--------------------+-----------------------+-------+----------------+---------------------------+

ovs-vsctl show

61350ac7-bfa7-4360-aa95-f8babd4fb986
    Bridge br-tun
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "eth0"
            Interface "eth0"
    Bridge br-int
        fail_mode: secure
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qr-b5b46007-ee"
            tag: 1
            Interface "qr-b5b46007-ee"
                type: internal
        Port "qvoa3453419-9a"
            tag: 1
            Interface "qvoa3453419-9a"
        Port "tapc00eaccd-d6"
            tag: 1
            Interface "tapc00eaccd-d6"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "qvodd3af894-64"
            tag: 1
            Interface "qvodd3af894-64"
    ovs_version: "2.3.1"

END--UPDATE 2

cat /etc/neutron/l3_agent.ini | grep -v ^# |grep -v ^$

[DEFAULT]
debug = False
interface_driver =neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True
handle_internal_only_routers = True
external_network_bridge = br-ex
metadata_port = 9697
send_arp_for_ha = 3
periodic_interval = 40
periodic_fuzzy_delay = 5
enable_metadata_proxy = True
router_delete_namespaces = False
agent_mode = legacy

cat /etc/neutron/plugins/ml2/ml2_conf.ini | grep -v ^# |grep -v ^$

[ml2]
type_drivers = vxlan,flat
tenant_network_types = vxlan
mechanism_drivers =openvswitch
[ml2_type_flat]
flat_networks = *
[ml2_type_vlan]
[ml2_type_gre]
[ml2_type_vxlan]
vni_ranges =1:100
vxlan_group =224.0.0.1
[securitygroup]
enable_security_group = True

cat /etc/neutron/plugins/ml2/ovs_neutron_plugin.ini | grep -v ^# |grep -v ^$

cat: /etc/neutron/plugins/ml2/ovs_neutron_plugin.ini: No such file or directory

edit flag offensive delete link

Comments

Hi Tuanlie, I had similar problem with my set-up. I was able to ping from one instance to other but unable to ssh. Reducing the the MTU value for the interface of the instance solved my problem. Give it a try.

pjb ( 2016-04-13 00:50:22 -0500 )edit

add a comment

answered 2016-04-12 16:39:52 -0500

kranthi.guttikonda9@gmail.com
31 ●1 ●2

As per my understanding there is no VxLAN tunnel formed between endpoints (neutron and compute) with ports. Something like below

Port "vxlan-c0a80202" Interface "vxlan-c0a80202" type: vxlan options: {df_default="true", in_key=flow, local_ip="192.168.2.1", out_key=flow, remote_ip="192.168.2.2"} Port "vxlan-c0a80203" Interface "vxlan-c0a80203" type: vxlan options: {df_default="true", in_key=flow, local_ip="192.168.2.1", out_key=flow, remote_ip="192.168.2.3"}

Please double check ml2_conf.ini

edit flag offensive delete link

add a comment

instance cant access internet

Comments

4 answers

Comments

Comments

Your Answer

Get to know Ask OpenStack

Question Tools

Stats

Related questions

Feedback About This Page

OpenStack

Community

Documentation

Branding & Legal

instance cant access internet edit

Comments

4 answers

Comments

Comments

Your Answer

Get to know Ask OpenStack

Question Tools

Stats

Related questions

Feedback About This Page

OpenStack

Community

Documentation

Branding & Legal

instance cant access internet