Ask Your Question
0

Unable to ping private network interface on router or any instances attached to router

asked 2016-05-19 19:28:23 -0500

campee gravatar image

updated 2016-05-19 22:49:55 -0500

I've set up Neutron public and tenant networking according to the Ubuntu Liberty install guide. I'm having trouble getting tenant networks workingI have created a public and private network and assigned a subnet to each of them. I can create an instance on the public network and everything works. When I create an instance on the private network and assign an IP to it, I can't communicate with it. Also, I can't ping the 'public' side of the router attached to the private subnet and when I VNC to the instance running on the private network, it can only ping as far as its gateway on the private network, nothing past that works.

I've created two networks in Neutron:

$ neutron subnet-list
+--------------------------------------+---------+----------------+--------------------------------------------------+
| id                                   | name    | cidr           | allocation_pools                                 |
+--------------------------------------+---------+----------------+--------------------------------------------------+
| 5ae8659a-525f-4173-b413-e3934428e840 | public  | 172.18.0.0/22  | {"start": "172.18.1.195", "end": "172.18.1.230"} |
| 41805d59-3b7d-4a5f-8cc7-9f795368ea58 | private | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"} |
+--------------------------------------+---------+----------------+--------------------------------------------------+

Here are the details of each:

$ neutron subnet-show private

+-------------------+--------------------------------------------------+
| Field             | Value                                            |
+-------------------+--------------------------------------------------+
| allocation_pools  | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr              | 192.168.1.0/24                                   |
| dns_nameservers   | 8.8.8.8                                          |
| enable_dhcp       | True                                             |
| gateway_ip        | 192.168.1.1                                      |
| host_routes       |                                                  |
| id                | 41805d59-3b7d-4a5f-8cc7-9f795368ea58             |
| ip_version        | 4                                                |
| ipv6_address_mode |                                                  |
| ipv6_ra_mode      |                                                  |
| name              | private                                          |
| network_id        | 42067c22-3499-4d92-adc2-017f4085ce9a             |
| subnetpool_id     |                                                  |
| tenant_id         | 5648ab9f768f4fc0afc541371dacf2f9                 |
+-------------------+--------------------------------------------------+

$ neutron subnet-show public

+-------------------+--------------------------------------------------+
| Field             | Value                                            |
+-------------------+--------------------------------------------------+
| allocation_pools  | {"start": "172.18.1.195", "end": "172.18.1.230"} |
| cidr              | 172.18.0.0/22                                    |
| dns_nameservers   | 172.18.1.5                                       |
| enable_dhcp       | True                                             |
| gateway_ip        | 172.18.0.1                                       |
| host_routes       |                                                  |
| id                | 5ae8659a-525f-4173-b413-e3934428e840             |
| ip_version        | 4                                                |
| ipv6_address_mode |                                                  |
| ipv6_ra_mode      |                                                  |
| name              | public                                           |
| network_id        | 11a30862-96f0-40d3-a826-f42924d10086             |
| subnetpool_id     |                                                  |
| tenant_id         | cf7bd0047cec46c9a51675aef6add576                 |
+-------------------+--------------------------------------------------+

My neutron system and my compute node have two network interfaces, one for public networks (eth1) and the other for management/private networks (eth0):

On the NEUTRON/CONTROL system:

$ ifconfig eth0

eth0  Link encap:Ethernet  HWaddr 00:50:56:a3:41:ec  
          inet addr:172.18.1.80  Bcast:172.18.3.255  Mask:255.255.252.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1319835 errors:0 dropped:12079 overruns:0 frame:0
          TX packets:622529 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1804763786 (1.8 GB)  TX bytes:764407696 (764.4 MB)

$ ifconfig eth1

eth1   Link encap:Ethernet  HWaddr 00:50:56:a3:2e:df  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1462139 errors:9204 dropped:18341 overruns:0 frame:0
          TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:121271062 (121.2 MB)  TX bytes:6141 (6.1 KB)

/etc/nova/nova.conf:

  [neutron]
  url = http://openstack-control1:9696
  auth_url = http://openstack-control1:35357
  auth_plugin = password
  project_domain_id = default
  user_domain_id = default
  region_name = RegionOne
  project_name = service
  username = neutron
  password = XXXXXX

/etc/neutron/plugins/ml2/linuxbridge_agent.ini:

  [linux_bridge]
  physical_interface_mappings = public:eth1
  [vxlan]
  enable_vxlan = True
  local_ip = 172.18.1.80
  l2_population = True
  [agent]
  prevent_arp_spoofing = True
  [securitygroup]
  enable_security_group = True
  firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

/etc/neutron/l3_agent.ini:

  [DEFAULT]
  interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
  external_network_bridge ...
(more)
edit retag flag offensive close merge delete

Comments

if i understood correctly u are not able to ping to the router from outside(neutron or compute) node. can u detach and recreate the interface to router. Also try to capture the packets using tcpdump in your bridge and its interfaces.

cooldharma06 gravatar imagecooldharma06 ( 2016-05-19 23:55:07 -0500 )edit

3 answers

Sort by ยป oldest newest most voted
0

answered 2016-05-20 01:46:29 -0500

BM Shukla gravatar image

I am also facing the exactly same problem. My base OS is Cent OS with Liberty.

BM Shukla (bms@iitk.ac.in)

edit flag offensive delete link more

Comments

Do you happen to be running your Neutron machine as a VM in VMware?

campee gravatar imagecampee ( 2016-05-24 20:27:54 -0500 )edit

No. It is a normal server system.

BM Shukla gravatar imageBM Shukla ( 2016-05-25 02:26:57 -0500 )edit
0

answered 2016-05-20 08:57:09 -0500

todotani gravatar image

Could you provide command response of "neutron net-list" and "neutron net-show your_external_network, such as (in my case is Mitaka and external_network name is "ext-net").

root@nuc1 ~(admin)# neutron net-list
+--------------------------------------+----------+-----------------------------------------------------+
| id                                   | name     | subnets                                             |
+--------------------------------------+----------+-----------------------------------------------------+
| 391b9818-0527-4cb5-90fd-808385611317 | ext-net  | 659aba27-6163-4fa0-abbe-6b05a3d8bbda 192.168.0.0/24 |
| d811d627-efe7-48e7-b0ae-092868a68884 | private2 | 5f24a0c5-bcfa-4b47-af50-501426bec9dd 10.0.1.0/24    |
| 4e43414b-b2ea-4336-b960-d5af31e3bcb4 | private1 | bf62fddf-dcf9-42ff-8d54-fdd0666be7f9 10.0.0.0/24    |
+--------------------------------------+----------+-----------------------------------------------------+

root@nuc1 ~(admin)# neutron net-show ext-net
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2016-05-09T11:15:35                  |
| description               |                                      |
| id                        | 391b9818-0527-4cb5-90fd-808385611317 |
| ipv4_address_scope        |                                      |
| ipv6_address_scope        |                                      |
| is_default                | False                                |
| mtu                       | 1500                                 |
| name                      | ext-net                              |
| port_security_enabled     | True                                 |
| provider:network_type     | flat                                 |
| provider:physical_network | external                             |
| provider:segmentation_id  |                                      |
| router:external           | True                                 |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | 659aba27-6163-4fa0-abbe-6b05a3d8bbda |
| tags                      |                                      |
| tenant_id                 | 65bbe5e9c8504fd4b3da39339dc51350     |
| updated_at                | 2016-05-15T06:45:33                  |
+---------------------------+--------------------------------------+

"physical_interface_mappings" in /etc/neutron/plugins/ml2/linuxbridge_agent.ini should be;
physical_interface_mappings = provider:physical_network : interface_name
e.g. physical_interface_mappings = external: eth0

Because eth1 is unnumberd, you also need to specify eth0 (numbed interface) in physical_interface_mappings.

Additionally, set ;

[ml2_type_flat]
flat_networks = external   # ==> provider:physical_network name

in /etc/neutron/plugins/ml2/ml2_conf.ini

After config files restart neutron processes (or reboot controller and compute node), then crate external network with command;

neutron net-create public-net \
        --router:external \
        --provider:network_type flat \
        --provider:physical_network external \
        --shared

neutron subnet-create public-net --name public-subnet \
      --allocation-pool start=172.18.1.195,end=172.18.1.230 \
      --disable-dhcp --gateway 172.18.0.1  172.10.0.0/22

neutron router-create  ext-router

neutron router-gateway-set ext-router public-net

Befor to create public-net with the above command it is better to delete all network and router, then re-create public network, router and set router gateway

edit flag offensive delete link more

Comments

Here is the output you requested:

http://pastebin.com/9SjeTEax

What do you think that the 'physical_interface_mappings' line should look like? Like this?

physical_interface_mappings = public:eth1, private:eth0 (is this supposed to be comma-separated?)

campee gravatar imagecampee ( 2016-05-20 10:35:01 -0500 )edit

You need to set property "--provider:physical_network" for public network and this property is specified in "physical_interface_mappings". I also would say to specify eth0 instaed eth1.
With the configuration I mentioned, I can ping to router external IP address.

todotani gravatar imagetodotani ( 2016-05-20 15:45:12 -0500 )edit
0

answered 2016-05-21 23:23:25 -0500

VincentW gravatar image

updated 2016-05-21 23:24:43 -0500

There is no problem of your configuration according to the installation guide.

The only additional thing is that you need to add one physic linux bridge and add the unnumbered interface to it.

then add below assignment to /etc/neutron/plugins/ml2/linuxbridge_agent.ini

bridge_mappings = provider:br-ext

Hope it works for you

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-05-19 19:28:23 -0500

Seen: 2,053 times

Last updated: May 21 '16