Ask Your Question
0

Unable to ping private network interface on router or any instances attached to router

asked 2016-05-19 19:28:23 -0600

campee gravatar image

updated 2016-05-19 22:49:55 -0600

I've set up Neutron public and tenant networking according to the Ubuntu Liberty install guide. I'm having trouble getting tenant networks workingI have created a public and private network and assigned a subnet to each of them. I can create an instance on the public network and everything works. When I create an instance on the private network and assign an IP to it, I can't communicate with it. Also, I can't ping the 'public' side of the router attached to the private subnet and when I VNC to the instance running on the private network, it can only ping as far as its gateway on the private network, nothing past that works.

I've created two networks in Neutron:

$ neutron subnet-list
+--------------------------------------+---------+----------------+--------------------------------------------------+
| id                                   | name    | cidr           | allocation_pools                                 |
+--------------------------------------+---------+----------------+--------------------------------------------------+
| 5ae8659a-525f-4173-b413-e3934428e840 | public  | 172.18.0.0/22  | {"start": "172.18.1.195", "end": "172.18.1.230"} |
| 41805d59-3b7d-4a5f-8cc7-9f795368ea58 | private | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"} |
+--------------------------------------+---------+----------------+--------------------------------------------------+

Here are the details of each:

$ neutron subnet-show private

+-------------------+--------------------------------------------------+
| Field             | Value                                            |
+-------------------+--------------------------------------------------+
| allocation_pools  | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr              | 192.168.1.0/24                                   |
| dns_nameservers   | 8.8.8.8                                          |
| enable_dhcp       | True                                             |
| gateway_ip        | 192.168.1.1                                      |
| host_routes       |                                                  |
| id                | 41805d59-3b7d-4a5f-8cc7-9f795368ea58             |
| ip_version        | 4                                                |
| ipv6_address_mode |                                                  |
| ipv6_ra_mode      |                                                  |
| name              | private                                          |
| network_id        | 42067c22-3499-4d92-adc2-017f4085ce9a             |
| subnetpool_id     |                                                  |
| tenant_id         | 5648ab9f768f4fc0afc541371dacf2f9                 |
+-------------------+--------------------------------------------------+

$ neutron subnet-show public

+-------------------+--------------------------------------------------+
| Field             | Value                                            |
+-------------------+--------------------------------------------------+
| allocation_pools  | {"start": "172.18.1.195", "end": "172.18.1.230"} |
| cidr              | 172.18.0.0/22                                    |
| dns_nameservers   | 172.18.1.5                                       |
| enable_dhcp       | True                                             |
| gateway_ip        | 172.18.0.1                                       |
| host_routes       |                                                  |
| id                | 5ae8659a-525f-4173-b413-e3934428e840             |
| ip_version        | 4                                                |
| ipv6_address_mode |                                                  |
| ipv6_ra_mode      |                                                  |
| name              | public                                           |
| network_id        | 11a30862-96f0-40d3-a826-f42924d10086             |
| subnetpool_id     |                                                  |
| tenant_id         | cf7bd0047cec46c9a51675aef6add576                 |
+-------------------+--------------------------------------------------+

My neutron system and my compute node have two network interfaces, one for public networks (eth1) and the other for management/private networks (eth0):

On the NEUTRON/CONTROL system:

$ ifconfig eth0

eth0  Link encap:Ethernet  HWaddr 00:50:56:a3:41:ec  
          inet addr:172.18.1.80  Bcast:172.18.3.255  Mask:255.255.252.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1319835 errors:0 dropped:12079 overruns:0 frame:0
          TX packets:622529 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1804763786 (1.8 GB)  TX bytes:764407696 (764.4 MB)

$ ifconfig eth1

eth1   Link encap:Ethernet  HWaddr 00:50:56:a3:2e:df  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1462139 errors:9204 dropped:18341 overruns:0 frame:0
          TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:121271062 (121.2 MB)  TX bytes:6141 (6.1 KB)

/etc/nova/nova.conf:

  [neutron]
  url = http://openstack-control1:9696
  auth_url = http://openstack-control1:35357
  auth_plugin = password
  project_domain_id = default
  user_domain_id = default
  region_name = RegionOne
  project_name = service
  username = neutron
  password = XXXXXX

/etc/neutron/plugins/ml2/linuxbridge_agent.ini:

  [linux_bridge]
  physical_interface_mappings = public:eth1
  [vxlan]
  enable_vxlan = True
  local_ip = 172.18.1.80
  l2_population = True
  [agent]
  prevent_arp_spoofing = True
  [securitygroup]
  enable_security_group = True
  firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

/etc/neutron/l3_agent.ini:

  [DEFAULT]
  interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
  external_network_bridge ...
(more)
edit retag flag offensive close merge delete

Comments

if i understood correctly u are not able to ping to the router from outside(neutron or compute) node. can u detach and recreate the interface to router. Also try to capture the packets using tcpdump in your bridge and its interfaces.

cooldharma06 gravatar imagecooldharma06 ( 2016-05-19 23:55:07 -0600 )edit
add a comment

3 answers

Sort by ยป oldest newest most voted
0

answered 2016-05-20 01:46:29 -0600

BM Shukla gravatar image

I am also facing the exactly same problem. My base OS is Cent OS with Liberty.

BM Shukla (bms@iitk.ac.in)

edit flag offensive delete link more

Comments

Do you happen to be running your Neutron machine as a VM in VMware?

campee gravatar imagecampee ( 2016-05-24 20:27:54 -0600 )edit

No. It is a normal server system.

BM Shukla gravatar imageBM Shukla ( 2016-05-25 02:26:57 -0600 )edit
add a comment
0

answered 2016-05-20 08:57:09 -0600

todotani gravatar image

Could you provide command response of "neutron net-list" and "neutron net-show your_external_network, such as (in my case is Mitaka and external_network name is "ext-net"). 

root@nuc1 ~(admin)# neutron net-list
+--------------------------------------+----------+-----------------------------------------------------+
| id                                   | name     | subnets                                             |
+--------------------------------------+----------+-----------------------------------------------------+
| 391b9818-0527-4cb5-90fd-808385611317 | ext-net  | 659aba27-6163-4fa0-abbe-6b05a3d8bbda 192.168.0.0/24 |
| d811d627-efe7-48e7-b0ae-092868a68884 | private2 | 5f24a0c5-bcfa-4b47-af50-501426bec9dd 10.0.1.0/24    |
| 4e43414b-b2ea-4336-b960-d5af31e3bcb4 | private1 | bf62fddf-dcf9-42ff-8d54-fdd0666be7f9 10.0.0.0/24    |
+--------------------------------------+----------+-----------------------------------------------------+

root@nuc1 ~(admin)# neutron net-show ext-net
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2016-05-09T11:15:35                  |
| description               |                                      |
| id                        | 391b9818-0527-4cb5-90fd-808385611317 |
| ipv4_address_scope        |                                      |
| ipv6_address_scope        |                                      |
| is_default                | False                                |
| mtu                       | 1500                                 |
| name                      | ext-net                              |
| port_security_enabled     | True                                 |
| provider:network_type     | flat                                 |
| provider:physical_network | external                             |
| provider:segmentation_id  |                                      |
| router:external           | True                                 |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | 659aba27-6163-4fa0-abbe-6b05a3d8bbda |
| tags                      |                                      |
| tenant_id                 | 65bbe5e9c8504fd4b3da39339dc51350     |
| updated_at                | 2016-05-15T06:45:33                  |
+---------------------------+--------------------------------------+

"physical_interface_mappings" in /etc/neutron/plugins/ml2/linuxbridge_agent.ini should be;
physical_interface_mappings = provider:physical_network : interface_name
e.g. physical_interface_mappings = external: eth0

Because eth1 is unnumberd, you also need to specify eth0 (numbed interface) in physical_interface_mappings.

Additionally, set ;

[ml2_type_flat]
flat_networks = external   # ==> provider:physical_network name

in /etc/neutron/plugins/ml2/ml2_conf.ini

After config files restart neutron processes (or reboot controller and compute node), then crate external network with command;

neutron net-create public-net \
        --router:external \
        --provider:network_type flat \
        --provider:physical_network external \
        --shared

neutron subnet-create public-net --name public-subnet \
      --allocation-pool start=172.18.1.195,end=172.18.1.230 \
      --disable-dhcp --gateway 172.18.0.1  172.10.0.0/22

neutron router-create  ext-router

neutron router-gateway-set ext-router public-net

Befor to create public-net with the above command it is better to delete all network and router, then re-create public network, router and set router gateway

edit flag offensive delete link more

Comments

Here is the output you requested:

http://pastebin.com/9SjeTEax

What do you think that the 'physical_interface_mappings' line should look like? Like this?

physical_interface_mappings = public:eth1, private:eth0 (is this supposed to be comma-separated?)

campee gravatar imagecampee ( 2016-05-20 10:35:01 -0600 )edit

You need to set property "--provider:physical_network" for public network and this property is specified in "physical_interface_mappings". I also would say to specify eth0 instaed eth1.
With the configuration I mentioned, I can ping to router external IP address.

todotani gravatar imagetodotani ( 2016-05-20 15:45:12 -0600 )edit
add a comment
0

answered 2016-05-21 23:23:25 -0600

VincentW gravatar image

updated 2016-05-21 23:24:43 -0600

There is no problem of your configuration according to the installation guide.

The only additional thing is that you need to add one physic linux bridge and add the unnumbered interface to it.

then add below assignment to /etc/neutron/plugins/ml2/linuxbridge_agent.ini

bridge_mappings = provider:br-ext

Hope it works for you

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-05-19 19:28:23 -0600

Seen: 2,387 times

Last updated: May 21 '16

Related questions

Can't ping or ssh vms from anywhere

instance hostname not getting resolved locally ?

Error: Installing Neutron in Openstack Liberty

linux bridge physical interface mapping

New compute node addition - VMs not launching with new compute node

Packet flow in linux-bridge environment

[Neutron Error] CreateVM, Failed to bind port

unable to connect to controller:9696/extensions

unable to ping router

bdf based pci-passthrough (non SRIOV) in Liberty