Ask Your Question
0

VMs on compute node unable to use network

asked 2016-08-09 05:06:17 -0500

apdibbo gravatar image

updated 2016-08-10 04:05:28 -0500

Hi, I am having an issue with neutron on my compute nodes. I am using mitaka on SL7 with linux bridge networking.

I had previously been having this problem https://ask.openstack.org/en/question/94395/linux-bridge-rtnetlink-exists/ (https://ask.openstack.org/en/question...) which I have resolved. Now my VMs on my flat public network are unable to get dhcp or if set with a static ip cannot ping anything. The same is true for VMs on a private network.

The DHCP agent and other agents on the network node are reachable from the compute node and other locations on the network.

I have statically assigned an ip address to a VM on the compute node and am unable to ping the compute node, the gateway or anything else on the network.

Below are config files: linuxbridge_agent.ini

[agent]
prevent_arp_spoofing=false

[linux_bridge]
bridge_mappings=public:br0
physical_interface_mappings=public:br0

[securitygroup]
enable_security_group=True
firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

[vxlan]
enable_vxlan=True
l2_population=True
local_ip=130.246.223.142

output of brctl show

bridge name     bridge id               STP enabled     interfaces
br0             8000.a0369f32db38       no              p1p1
brq5a97f9b0-0f          8000.fecaad283f39       no              tap46a6bf63-f8
                                                        tap4f8b5d7a-9d

output of ifconfig

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 130.246.223.142  netmask 255.255.248.0  broadcast 130.246.223.255
        inet6 fe80::a236:9fff:fe32:db38  prefixlen 64  scopeid 0x20<link>
        ether a0:36:9f:32:db:38  txqueuelen 0  (Ethernet)
        RX packets 3026204  bytes 1402700536 (1.3 GiB)
        RX errors 0  dropped 4274  overruns 0  frame 0
        TX packets 248857  bytes 876764427 (836.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

brq5a97f9b0-0f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::6cdc:78ff:fee7:ccbb  prefixlen 64  scopeid 0x20<link>
        ether fe:ca:ad:28:3f:39  txqueuelen 0  (Ethernet)
        RX packets 261  bytes 11132 (10.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 16  bytes 1376 (1.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 137153  bytes 7279941 (6.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 137153  bytes 7279941 (6.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

p1p1: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        ether a0:36:9f:32:db:38  txqueuelen 1000  (Ethernet)
        RX packets 4106724  bytes 1621228855 (1.5 GiB)
        RX errors 0  dropped 291  overruns 0  frame 0
        TX packets 807762  bytes 913750540 (871.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tap46a6bf63-f8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fcca:adff:fe28:3f39  prefixlen 64  scopeid 0x20<link>
        ether fe:ca:ad:28:3f:39  txqueuelen 500  (Ethernet)
        RX packets 9  bytes 1458 (1.4 KiB)
        RX ...
(more)
edit retag flag offensive close merge delete
add a comment

2 answers

Sort by ยป oldest newest most voted
0

answered 2016-10-18 17:52:46 -0500

aegiacometti gravatar image

Perform a tcpdump on bridge and tap interface of your VM, just to see if you can follow the packet. Try to trace DHCP request/reply or ARP whoas and reply, as it goes troughout the interfaces.

Since you have VMs for compute, you might have the ports in promiscuos mode, and this can generate dupplicated packets, confusing wich port to use at the bridge.

You can test this using brctl showmacs command, at some point you will see the tap MAC associated to the wrong port number, or flapping from port to port in time.

edit flag offensive delete link more
add a comment
0

answered 2016-08-09 16:46:31 -0500

emil999 gravatar image

Please check the iptables -L -vn !

Do you have no sec group ?

edit flag offensive delete link more

Comments

I have added the output of iptables -L -vn to the OP

I have a security group set up which allows all traffic at the moment

apdibbo gravatar imageapdibbo ( 2016-08-10 04:06:12 -0500 )edit

Is the controller a vm in VMware cluster?

emil999 gravatar imageemil999 ( 2016-08-11 10:18:38 -0500 )edit

No the controllers are VMs in a HyperV cluster. The Network nodes are VMs running in KVM at the moment. I have confirmed that the appropriate agents are reachable from the compute node

apdibbo gravatar imageapdibbo ( 2016-08-11 11:21:44 -0500 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-08-09 05:06:17 -0500

Seen: 289 times

Last updated: Aug 10 '16

Related questions

Prevent vm creation directly to provider network

[RDO] Can not install Mitaka setting LinuxBridge as L2 agent

Neutron - Linux Bridge Agent - pri Network not accessible

Neutron uses wrong os-auth-url

Using in-house IPAM with OpenStack

about l3 agent

how networking works in openstack?

Recover data in mitaka after reboot

New added extension URL returns 404

ovs_neutron_agent MessagingTimeout