Liberty 4 nodes juju deployment can ping floating ip but not internal
I have a 4 Physical nodes deployment based on hastexo's post https://www.hastexo.com/resources/hints-and-kinks/ubuntu-openstack-juju-4-nodes/ (https://www.hastexo.com/resources/hin...)
From any openstack node, I can ping the external router interface, access my instances from floating IPs but cannot ping the internal router interface or internal IPs from any node. Is it the normal behaviour ?
On the VMs itself, after ssh using floating ip, i can ping both internal and external + Internet access is OK.
I did no manual post-configuration except network creation as described in the Liberty for Ubuntu documentation : http://docs.openstack.org/liberty/networking-guide/scenario-classic-ovs.html#verify-service-operation (http://docs.openstack.org/liberty/net...)
Here is how I created Networks
#create external network and subnet
neutron net-create external --shared --router:external=True \
--provider:physical_network external --provider:network_type flat
neutron subnet-create external --name ext-subnet \
--allocation-pool start=192.168.1.230,end=192.168.1.250 \
--disable-dhcp \
--gateway 192.168.1.1 192.168.1.0/24
#create tenant network and subnet
neutron net-create internal --provider:network_type vxlan
neutron subnet-create internal --name internal-subnet \
--gateway 10.0.1.1 10.0.1.0/24
--dns-nameservers 8.8.4.4 8.8.8.8
# add router
neutron router-create ext-router
neutron router-interface-add ext-router internal-subnet
neutron router-gateway-set ext-router external
# create floating ip neutron floatingip-create external
here is the ovs-vsctl show
output
sudo: unable to resolve host compute-i5
bb4fe11a-022e-41f3-b8ad-07cd338c1dad
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port "qvo716db988-23"
tag: 3
Interface "qvo716db988-23"
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port int-br-data
Interface int-br-data
type: patch
options: {peer=phy-br-data}
Bridge br-ex
Port br-ex
Interface br-ex
type: internal
Bridge br-data
Port phy-br-data
Interface phy-br-data
type: patch
options: {peer=int-br-data}
Port br-data
Interface br-data
type: internal
Bridge br-tun
fail_mode: secure
Port br-tun
Interface br-tun
type: internal
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port "vxlan-0a00000b"
Interface "vxlan-0a00000b"
type: vxlan
options: {df_default="true", in_key=flow, local_ip="10.0.0.12", out_key=flow, remote_ip="10.0.0.11"}
ovs_version: "2.4.0"
Here are the routes I see on the compute node (strange that no br is used?) :
ubuntu@compute-i5:~$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 juju-br0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 juju-br0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
And the juju config i used for install
juju-gui:
# openstack-origin: 'cloud:trusty-liberty'
keystone:
openstack-origin: 'cloud:trusty-liberty'
admin-password: 'my very secret password'
nova-cloud-controller:
ha-bindinterface: eth1
openstack-origin: 'cloud:trusty-liberty'
network-manager: Neutron
neutron-gateway:
openstack-origin: 'cloud:trusty-liberty'
ha-bindinterface: eth1
ext-port: eth2
bridge-mappings: 'external:br-ex'
os-data-network: 192.168.133.0/24
instance-mtu: 1400
neutron-api:
openstack-origin: 'cloud:trusty-liberty'
ha-bindinterface: eth1
network-device-mtu: 1400
# Always make sure you enable security groups
neutron-security-groups: true
overlay-network-type: vxlan
rabbitmq-server:
ha-bindinterface: eth1
# Cinder is deployed in two parts: one for the API and scheduler
# (which ...