Ask Your Question

Revision history [back]

Hosting Openstack on an AWS EC2 instance. Openstack VMs unable to access internet!

Hi,

I'm currently looking to host OpenStack on an AWS instance. I have installed Openstack-Kilo (Single node setup) in Ubuntu 14.04(HVM Ec2 Instance) with OpenVswitch/GRE/Neutron networking and QEMU emulator for computing.

I can provision new VMs and ping the router Gateway from the VM. Also, can ping the VM's floating IP from the Controller.

But the problem is to access the internet from the VM. Notably pinging 8.8.8.8 from "ip netns exec router-xxxxx" also not reaching the gateway.

I have 2NICs attached to my EC2 instance and once mapped with br-ex OVS bridge.

Thanks in advance.

Vinoth

Hosting Openstack on an AWS EC2 instance. Openstack VMs unable to access internet!

Hi,

I'm currently looking to host OpenStack on an AWS instance. I have installed Openstack-Kilo (Single node setup) in Ubuntu 14.04(HVM Ec2 Instance) with OpenVswitch/GRE/Neutron networking and QEMU emulator for computing.

I can provision new VMs and ping the router Gateway from the VM. Also, can ping the VM's floating IP from the Controller.

But the problem is to access the internet from the VM. Notably pinging 8.8.8.8 from "ip netns exec router-xxxxx" also not reaching the gateway.

I have 2NICs attached to my EC2 instance and once mapped with br-ex OVS bridge.

I have listed the VPC/OVS-Br/Route information below:

**AWS VPC Details:**

VPC CIDR: 172.16.0.0/16
VPC Subnet CIDR: 172.16.0.0/16

**VPC Route Table:**
Destination         Target          Status      Propagated
172.16.0.0/16       local           Active      No
0.0.0.0/0       internet-GateWay    Active      No


**AWS Instance Details:**

VM_Name: Openstack_Kilo_Controller
NIC details:
Name        Private_IP          Public_IP
eth0        172.16.24.177       36.H.H.33
eth1        172.16.15.184       36.H.H.22
eth2        172.16.2.27

Thanks in advance.

Vinoth

Hosting Openstack on an AWS EC2 instance. Openstack VMs unable to access internet!

Hi,

I'm currently looking to host OpenStack on an AWS instance. I have installed Openstack-Kilo (Single node setup) in Ubuntu 14.04(HVM Ec2 Instance) with OpenVswitch/GRE/Neutron networking and QEMU emulator for computing.

I can provision new VMs and ping the router Gateway from the VM. Also, can ping the VM's floating IP from the Controller.

But the problem is to access the internet from the VM. Notably pinging 8.8.8.8 from "ip netns exec router-xxxxx" also not reaching the gateway.

I have 2NICs attached to my EC2 instance and once mapped with br-ex OVS bridge.

I have listed the VPC/OVS-Br/Route information below:

**AWS VPC Details:**

VPC CIDR: 172.16.0.0/16
VPC Subnet CIDR: 172.16.0.0/16

**VPC Route Table:**
Destination         Target          Status      Propagated
172.16.0.0/16       local           Active      No
0.0.0.0/0       internet-GateWay    Active      No


**AWS Instance Details:**

VM_Name: Openstack_Kilo_Controller
NIC details:
Name        Private_IP          Public_IP
eth0        172.16.24.177       36.H.H.33
eth1        172.16.15.184       36.H.H.22
eth2        172.16.2.27


**VM routing table information**:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use  Iface
default          172.16.0.1      0.0.0.0             UG    0      0        0      eth0
172.16.0.0          *               255.255.0.0        U     0      0        0      eth1
172.16.0.0          *               255.255.0.0        U     0      0        0      eth0
192.168.122.0       *             255.255.255.0    U     0      0        0      virbr0

Cat /etc/network/interface file:

#Management Network
auto eth0
iface eth0 inet static
address 172.16.24.177
netmask 255.255.0.0
gateway 172.16.0.1


# The external network interface
auto eth2
iface eth2 inet manual
        up ip link set dev $IFACE up
        down ip link set dev $IFACE down


#Tunnel network
auto eth1
iface eth1 inet static
address 172.16.15.184
netmask 255.255.0.0

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch

[ml2_type_flat]
flat_networks = external

[ml2_type_gre]
tunnel_id_ranges = 1:1000

[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
local_ip = 172.16.15.184
bridge_mappings = external:br-ex

[agent]
tunnel_types = gre

Thanks in advance.

Vinoth

Hosting Openstack on an AWS EC2 instance. Openstack VMs unable to access internet!

Hi,

I'm currently looking to host OpenStack on an AWS instance. I have installed Openstack-Kilo (Single node setup) in Ubuntu 14.04(HVM Ec2 Instance) with OpenVswitch/GRE/Neutron networking and QEMU emulator for computing.

I can provision new VMs and ping the router Gateway from the VM. Also, can ping the VM's floating IP from the Controller.

But the problem is to access the internet from the VM. Notably pinging 8.8.8.8 from "ip netns exec router-xxxxx" also not reaching the gateway.

I have 2NICs attached to my EC2 instance and once mapped with br-ex OVS bridge.

I have listed the VPC/OVS-Br/Route information below:

**AWS VPC Details:**

VPC CIDR: 172.16.0.0/16
VPC Subnet CIDR: 172.16.0.0/16

**VPC Route Table:**
Destination         Target          Status      Propagated
172.16.0.0/16       local           Active      No
0.0.0.0/0       internet-GateWay    Active      No


**AWS Instance Details:**

VM_Name: Openstack_Kilo_Controller
NIC details:
Name        Private_IP          Public_IP
eth0        172.16.24.177       36.H.H.33
eth1        172.16.15.184       36.H.H.22
eth2        172.16.2.27


**VM routing table information**:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use  Iface
default          172.16.0.1      0.0.0.0             UG    0      0        0      eth0
172.16.0.0          *               255.255.0.0        U     0      0        0      eth1
172.16.0.0          *               255.255.0.0        U     0      0        0      eth0
192.168.122.0       *             255.255.255.0    U     0      0        0      virbr0

Cat /etc/network/interface file:

#Management Network
auto eth0
iface eth0 inet static
address 172.16.24.177
netmask 255.255.0.0
gateway 172.16.0.1


# The external network interface
auto eth2
iface eth2 inet manual
        up ip link set dev $IFACE up
        down ip link set dev $IFACE down


#Tunnel network
auto eth1
iface eth1 inet static
address 172.16.15.184
netmask 255.255.0.0

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch

[ml2_type_flat]
flat_networks = external

[ml2_type_gre]
tunnel_id_ranges = 1:1000

[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
local_ip = 172.16.15.184
bridge_mappings = external:br-ex

[agent]
tunnel_types = gre

ovs-vsctl show output:

1e33e3bd-ee07-4ded-86da-49d34068f7a8
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port "gre-ac1018b1"
            Interface "gre-ac1018b1"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="172.16.15.184", out_key=flow, remote_ip="172.16.24.177"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port "eth2"
            Interface "eth2"
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        fail_mode: secure
        Port "tap8569777d-82"
            tag: 2
            Interface "tap8569777d-82"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qvoe9e264e9-54"
            tag: 2
            Interface "qvoe9e264e9-54"
        Port "qg-480a122c-ff"
            tag: 1
            Interface "qg-480a122c-ff"
                type: internal
        Port "tapb8fffcec-e7"
            tag: 1
            Interface "tapb8fffcec-e7"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "qr-74fca313-98"
            tag: 2
            Interface "qr-74fca313-98"
                type: internal
    ovs_version: "2.3.2"

Thanks in advance.

Vinoth

Hosting Openstack on an AWS EC2 instance. Openstack VMs unable to access internet!

Hi,

I'm currently looking to host OpenStack on an AWS instance. I have installed Openstack-Kilo (Single node setup) in Ubuntu 14.04(HVM Ec2 Instance) with OpenVswitch/GRE/Neutron networking and QEMU emulator for computing.

I can provision new VMs and ping the router Gateway from the VM. Also, can ping the VM's floating IP from the Controller.

But the problem is to access the internet from the VM. Notably pinging 8.8.8.8 from "ip netns exec router-xxxxx" also not reaching the gateway.

I have 2NICs attached to my EC2 instance and once mapped with br-ex OVS bridge.

I have listed the VPC/OVS-Br/Route information below:

**AWS VPC Details:**

VPC CIDR: 172.16.0.0/16
VPC Subnet CIDR: 172.16.0.0/16

**VPC Route Table:**
Destination         Target          Status      Propagated
172.16.0.0/16       local           Active      No
0.0.0.0/0       internet-GateWay    Active      No


**AWS Instance Details:**

VM_Name: Openstack_Kilo_Controller
NIC details:
Name        Private_IP          Public_IP
eth0        172.16.24.177       36.H.H.33
eth1        172.16.15.184       36.H.H.22
eth2        172.16.2.27


**VM routing table information**:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use  Iface
default          172.16.0.1      0.0.0.0             UG    0      0        0      eth0
172.16.0.0          *               255.255.0.0        U     0      0        0      eth1
172.16.0.0          *               255.255.0.0        U     0      0        0      eth0
192.168.122.0       *             255.255.255.0    U     0      0        0      virbr0

Cat /etc/network/interface file:

#Management Network
auto eth0
iface eth0 inet static
address 172.16.24.177
netmask 255.255.0.0
gateway 172.16.0.1


# The external network interface
auto eth2
iface eth2 inet manual
        up ip link set dev $IFACE up
        down ip link set dev $IFACE down


#Tunnel network
auto eth1
iface eth1 inet static
address 172.16.15.184
netmask 255.255.0.0

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch

[ml2_type_flat]
flat_networks = external

[ml2_type_gre]
tunnel_id_ranges = 1:1000

[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
local_ip = 172.16.15.184
bridge_mappings = external:br-ex

[agent]
tunnel_types = gre

ovs-vsctl show output:

1e33e3bd-ee07-4ded-86da-49d34068f7a8
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port "gre-ac1018b1"
            Interface "gre-ac1018b1"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="172.16.15.184", out_key=flow, remote_ip="172.16.24.177"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port "eth2"
            Interface "eth2"
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        fail_mode: secure
        Port "tap8569777d-82"
            tag: 2
            Interface "tap8569777d-82"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qvoe9e264e9-54"
            tag: 2
            Interface "qvoe9e264e9-54"
        Port "qg-480a122c-ff"
            tag: 1
            Interface "qg-480a122c-ff"
                type: internal
        Port "tapb8fffcec-e7"
            tag: 1
            Interface "tapb8fffcec-e7"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "qr-74fca313-98"
            tag: 2
            Interface "qr-74fca313-98"
                type: internal
    ovs_version: "2.3.2"

Openstack Network Topology details:

image description

Openstack Public network details:

image description

Please let me know if any additional information needed!


Thanks in advance.

Vinoth

Hosting Openstack on an AWS EC2 instance. Openstack VMs unable to access internet!

Hi,

I'm currently looking to host OpenStack on an AWS instance. I have installed Openstack-Kilo (Single node setup) in Ubuntu 14.04(HVM Ec2 Instance) with OpenVswitch/GRE/Neutron networking and QEMU emulator for computing.

I can provision new VMs and ping the router Gateway from the VM. Also, can ping the VM's floating IP from the Controller.

But the problem is to access the internet from the VM. Notably pinging 8.8.8.8 from "ip netns exec router-xxxxx" also not reaching the gateway.

I have 2NICs 3NICs attached to my EC2 instance and once instance. In that eth2 is mapped with br-ex OVS bridge.bridge, eth1 for VM tunnnel network, and eth0 for openstack Management network.

Important:

In available 3NICs, I can access the internet thru only one NIC at a time. I.e., Any one NIC is accessible to internet. For example, If I assigned the default gateway to eth0, then executing "ping 8.8.8.8 -I eth1" will failed to access the internet.

Notably, If I assigned default gateway to br-ex or eth2 (external network NIC), then no NIC is accessible to internet.

I have listed the VPC/OVS-Br/Route information below:

**AWS VPC Details:**

VPC CIDR: 172.16.0.0/16
VPC Subnet CIDR: 172.16.0.0/16

**VPC Route Table:**
Destination         Target          Status      Propagated
172.16.0.0/16       local           Active      No
0.0.0.0/0       internet-GateWay    Active      No


**AWS Instance Details:**

VM_Name: Openstack_Kilo_Controller
NIC details:
Name        Private_IP          Public_IP
eth0        172.16.24.177       36.H.H.33
eth1        172.16.15.184       36.H.H.22
eth2        172.16.2.27


**VM routing table information**:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use  Iface
default          172.16.0.1      0.0.0.0             UG    0      0        0      eth0
172.16.0.0          *               255.255.0.0        U     0      0        0      eth1
172.16.0.0          *               255.255.0.0        U     0      0        0      eth0
192.168.122.0       *             255.255.255.0    U     0      0        0      virbr0

Cat /etc/network/interface file:

#Management Network
auto eth0
iface eth0 inet static
address 172.16.24.177
netmask 255.255.0.0
gateway 172.16.0.1


# The external network interface
auto eth2
iface eth2 inet manual
        up ip link set dev $IFACE up
        down ip link set dev $IFACE down


#Tunnel network
auto eth1
iface eth1 inet static
address 172.16.15.184
netmask 255.255.0.0

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch

[ml2_type_flat]
flat_networks = external

[ml2_type_gre]
tunnel_id_ranges = 1:1000

[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
local_ip = 172.16.15.184
bridge_mappings = external:br-ex

[agent]
tunnel_types = gre

ovs-vsctl show output:

1e33e3bd-ee07-4ded-86da-49d34068f7a8
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port "gre-ac1018b1"
            Interface "gre-ac1018b1"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="172.16.15.184", out_key=flow, remote_ip="172.16.24.177"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port "eth2"
            Interface "eth2"
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        fail_mode: secure
        Port "tap8569777d-82"
            tag: 2
            Interface "tap8569777d-82"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qvoe9e264e9-54"
            tag: 2
            Interface "qvoe9e264e9-54"
        Port "qg-480a122c-ff"
            tag: 1
            Interface "qg-480a122c-ff"
                type: internal
        Port "tapb8fffcec-e7"
            tag: 1
            Interface "tapb8fffcec-e7"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "qr-74fca313-98"
            tag: 2
            Interface "qr-74fca313-98"
                type: internal
    ovs_version: "2.3.2"

Openstack Network Topology details:

image description

Openstack Public network details:

image description

Please let me know if any additional information needed!


Thanks in advance.

Vinoth

Hosting Openstack on an AWS EC2 instance. Openstack VMs unable to access internet!

Hi,

I'm currently looking to host OpenStack on an AWS instance. I have installed Openstack-Kilo (Single node setup) in Ubuntu 14.04(HVM Ec2 Instance) with OpenVswitch/GRE/Neutron networking and QEMU emulator for computing.

I can provision new VMs and ping the router Gateway from the VM. Also, can ping the VM's floating IP from the Controller.

But the problem is to access the internet from the VM. Notably pinging 8.8.8.8 from "ip netns exec router-xxxxx" also not reaching the gateway.

I have 3NICs attached to my EC2 instance. In that eth2 is mapped with br-ex OVS bridge, eth1 for VM tunnnel network, and eth0 for openstack Management network.

Important:

In available 3NICs, I can access the internet thru only one NIC at a time. I.e., Any one NIC is accessible to internet. For example, If I assigned the default gateway to eth0, then executing "ping 8.8.8.8 -I eth1" will failed to access the internet.

Notably, If I assigned default gateway to br-ex or eth2 (external network NIC), then no NIC is accessible to internet.

I have listed the VPC/OVS-Br/Route information below:

**AWS VPC Details:**

VPC CIDR: 172.16.0.0/16
VPC Subnet CIDR: 172.16.0.0/16

**VPC Route Table:**
Destination         Target          Status      Propagated
172.16.0.0/16       local           Active      No
0.0.0.0/0       internet-GateWay    Active      No


**AWS Instance Details:**

VM_Name: Openstack_Kilo_Controller
NIC details:
Name        Private_IP          Public_IP
eth0        172.16.24.177       36.H.H.33
eth1        172.16.15.184       36.H.H.22
eth2        172.16.2.27


**VM routing table information**:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use  Iface
default          172.16.0.1      0.0.0.0             UG    0      0        0      eth0
172.16.0.0          *               255.255.0.0        U     0      0        0      eth1
172.16.0.0          *               255.255.0.0        U     0      0        0      eth0
192.168.122.0       *             255.255.255.0    U     0      0        0      virbr0

Cat /etc/network/interface file:

#Management Network
auto eth0
iface eth0 inet static
address 172.16.24.177
netmask 255.255.0.0
gateway 172.16.0.1


# The external network interface
auto eth2
iface eth2 inet manual
        up ip link set dev $IFACE up
        down ip link set dev $IFACE down


#Tunnel network
auto eth1
iface eth1 inet static
address 172.16.15.184
netmask 255.255.0.0

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch

[ml2_type_flat]
flat_networks = external

[ml2_type_gre]
tunnel_id_ranges = 1:1000

[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
local_ip = 172.16.15.184
bridge_mappings = external:br-ex

[agent]
tunnel_types = gre

ovs-vsctl show output:

1e33e3bd-ee07-4ded-86da-49d34068f7a8
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port "gre-ac1018b1"
            Interface "gre-ac1018b1"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="172.16.15.184", out_key=flow, remote_ip="172.16.24.177"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port "eth2"
            Interface "eth2"
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        fail_mode: secure
        Port "tap8569777d-82"
            tag: 2
            Interface "tap8569777d-82"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qvoe9e264e9-54"
            tag: 2
            Interface "qvoe9e264e9-54"
        Port "qg-480a122c-ff"
            tag: 1
            Interface "qg-480a122c-ff"
                type: internal
        Port "tapb8fffcec-e7"
            tag: 1
            Interface "tapb8fffcec-e7"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "qr-74fca313-98"
            tag: 2
            Interface "qr-74fca313-98"
                type: internal
    ovs_version: "2.3.2"

Openstack Network Topology details:

image description

Openstack Public network details:

image description

Output of the ip netns Command:

root@ip-172-16-24-177:~# ip netns exec qrouter-dc571205-0591-4e3f-w9e7-bbe301c2f61d netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         172.16.0.1      0.0.0.0         UG        0 0          0 qg-480a122c-ff
172.16.0.0      0.0.0.0         255.255.0.0     U         0 0          0 qg-480a122c-ff
192.168.7.0     0.0.0.0         255.255.255.0   U         0 0          0 qr-74fca313-98

Please let me know if any additional information needed!


Thanks in advance.

Vinoth

Hosting Openstack on an AWS EC2 instance. Openstack VMs unable to access internet!

Hi,

I'm currently looking to host OpenStack on an AWS instance. I have installed Openstack-Kilo (Single node setup) in Ubuntu 14.04(HVM Ec2 Instance) with OpenVswitch/GRE/Neutron networking and QEMU emulator for computing.

I can provision new VMs and ping the router Gateway from the VM. Also, can ping the VM's floating IP from the Controller.

But the problem is to access the internet from the VM. Notably pinging 8.8.8.8 from "ip netns exec router-xxxxx" also not reaching the gateway.

I have 3NICs attached to my EC2 instance. In that eth2 is mapped with br-ex OVS bridge, eth1 for VM tunnnel network, and eth0 for openstack Management network.

Important:

In available 3NICs, I can access the internet thru only one NIC at a time. I.e., Any one NIC is accessible to internet. For example, If I assigned the default gateway to eth0, then executing "ping 8.8.8.8 -I eth1" will failed to access the internet.

Notably, If I assigned default gateway to br-ex or eth2 (external network NIC), then no NIC is accessible to internet.

I have listed the VPC/OVS-Br/Route information below:

**AWS VPC Details:**

VPC CIDR: 172.16.0.0/16
VPC Subnet CIDR: 172.16.0.0/16

**VPC Route Table:**
Destination         Target          Status      Propagated
172.16.0.0/16       local           Active      No
0.0.0.0/0       internet-GateWay    Active      No


**AWS Instance Details:**

VM_Name: Openstack_Kilo_Controller
NIC details:
Name        Private_IP          Public_IP
eth0        172.16.24.177       36.H.H.33
eth1        172.16.15.184       36.H.H.22
eth2        172.16.2.27


**VM routing table information**:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use  Iface
default          172.16.0.1      0.0.0.0             UG    0      0        0      eth0
172.16.0.0          *               255.255.0.0        U     0      0        0      eth1
172.16.0.0          *               255.255.0.0        U     0      0        0      eth0
192.168.122.0       *             255.255.255.0    U     0      0        0      virbr0

Cat /etc/network/interface file:

#Management Network
auto eth0
iface eth0 inet static
address 172.16.24.177
netmask 255.255.0.0
gateway 172.16.0.1


# The external network interface
auto eth2
iface eth2 inet manual
        up ip link set dev $IFACE up
        down ip link set dev $IFACE down


#Tunnel network
auto eth1
iface eth1 inet static
address 172.16.15.184
netmask 255.255.0.0

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch

[ml2_type_flat]
flat_networks = external

[ml2_type_gre]
tunnel_id_ranges = 1:1000

[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]
local_ip = 172.16.15.184
bridge_mappings = external:br-ex

[agent]
tunnel_types = gre

ovs-vsctl show output:

1e33e3bd-ee07-4ded-86da-49d34068f7a8
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port "gre-ac1018b1"
            Interface "gre-ac1018b1"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="172.16.15.184", out_key=flow, remote_ip="172.16.24.177"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port "eth2"
            Interface "eth2"
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        fail_mode: secure
        Port "tap8569777d-82"
            tag: 2
            Interface "tap8569777d-82"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qvoe9e264e9-54"
            tag: 2
            Interface "qvoe9e264e9-54"
        Port "qg-480a122c-ff"
            tag: 1
            Interface "qg-480a122c-ff"
                type: internal
        Port "tapb8fffcec-e7"
            tag: 1
            Interface "tapb8fffcec-e7"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "qr-74fca313-98"
            tag: 2
            Interface "qr-74fca313-98"
                type: internal
    ovs_version: "2.3.2"

Openstack Network Topology details:

image description

Openstack Public network details:

image description

Output of the ip netns Command:

root@ip-172-16-24-177:~# ip netns exec qrouter-dc571205-0591-4e3f-w9e7-bbe301c2f61d netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         172.16.0.1      0.0.0.0         UG        0 0          0 qg-480a122c-ff
172.16.0.0      0.0.0.0         255.255.0.0     U         0 0          0 qg-480a122c-ff
192.168.7.0     0.0.0.0         255.255.255.0   U         0 0          0 qr-74fca313-98

Please let me know if any additional information needed!

EDIT-01: Connectivity issue after Bridge mapping between br-ex and eth2 is fixed by assigning eth2's MAC address to br-ex. However, the connectivity between br-ex and br-int still exist. Whenever I create new floating IPs mapped with newly created VMs, It is not reflecting in br-ex interface. eventually, I can't reach gateway/internet from the router's ip netns commands.


Thanks in advance.

Vinoth