Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Problem with accesing external network GW

W have a bare metal server with CentOS Linux release 7.6.1810. We installed the RDO packstack Rocky release. We followed the "Neutron with existing external network" guide during our setup. Unfortunately, we are facing some issues with connectivity inside our environment - VM's are not able to see default GW in external network.

We have created the following setup:

                   OpenStack - .1
                +-------------------------+
  GW - .254     |                         |
   +----+       |                         |
   |    +-------+ OVS:       vRouter      |
   |    |      ++ br-ex      ex gw - .12  |
   +----+       | + enp6s0                |
        |       |            VM Float. IP |
        |       |            .14          |
        |       |                         |
        |       +-------------------------+
        |
        |       +----+
        |       |    |
        +-------+    |
                +----+
                host - .3

From OpensStack vRouter namespace we are able to ping all hosts in the network, except default GW (.254). From host .3 we are able to ping all IP, including VMs in our private networks with assigned floating IPs. When we tried to sniff ARP packages, we are able to see ARP from GW comming to enp6s0 but unfortunarelly nothing was received in the vRouter site.

Here is sample output from enp6s0 interface. First succesful one:

13:11:35.492414 fa:16:3e:b3:0d:f1 > 00:25:b5:20:a0:11, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 172.17.88.3 tell 172.17.88.12, length 28
13:11:35.492608 00:25:b5:20:a0:11 > fa:16:3e:b3:0d:f1, ethertype 802.1Q (0x8100), length 60: vlan 0, p 0, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Reply 172.17.88.3 is-at 00:25:b5:20:a0:11, length 42

Next ARP requests from GW:

13:12:18.628168 fa:16:3e:b3:0d:f1 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 172.17.88.254 tell 172.17.88.12, length 28
13:12:18.629358 00:00:0c:9f:f8:f0 > fa:16:3e:b3:0d:f1, ethertype 802.1Q (0x8100), length 60: vlan 0, p 6, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Reply 172.17.88.254 is-at 00:00:0c:9f:f8:f0, length 42

13:12:19.628353 fa:16:3e:b3:0d:f1 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 172.17.88.254 tell 172.17.88.12, length 28
13:12:19.630608 00:00:0c:9f:f8:f0 > fa:16:3e:b3:0d:f1, ethertype 802.1Q (0x8100), length 60: vlan 0, p 6, ethertype ARP, Ethernet (len 6), IPv4 (len 4), Reply 172.17.88.254 is-at 00:00:0c:9f:f8:f0, length 42

External gateway on vRouter output:

ip netns exec qrouter-8b252334-f03f-4de5-beda-34097e299df5 tcpdump -nni qg-1967f4b6-76 -e arp -vv

tcpdump: listening on qg-1967f4b6-76, link-type EN10MB (Ethernet), capture size 262144 bytes
12:33:51.956362 fa:16:3e:b3:0d:f1 > 00:25:b5:20:a0:11, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 172.17.88.3 tell 172.17.88.12, length 28
12:33:51.956886 00:25:b5:20:a0:11 > fa:16:3e:b3:0d:f1, ethertype ARP (0x0806), length 56: Ethernet (len 6), IPv4 (len 4), Reply 172.17.88.3 is-at 00:25:b5:20:a0:11, length 42

12:34:04.735034 fa:16:3e:b3:0d:f1 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 172.17.88.254 tell 172.17.88.12, length 28
12:34:05.736335 fa:16:3e:b3:0d:f1 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 172.17.88.254 tell 172.17.88.12, length 28

The only noticeable difference is the value of VLAN priority field: vlan 0, p 6 (VLAN_PCP). We do not see any errors in Neutron log files.

Here are our br-ex and enp6s0 configuration:

/etc/sysconfig/network-scripts/ifcfg-br-ex
NAME=br-ex
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
ONBOOT=yes
IPV6INIT=no
BOOTPROTO=static
NM_CONTROLLED=no
DNS1=8.8.8.8
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPADDR=172.17.88.1
PREFIX=24
NETMASK=255.255.255.0
GATEWAY=172.17.88.254

 /etc/sysconfig/network-scripts/ifcfg-enp6s0
 DEVICE=enp6s0 NAME=enp6s0
 DEVICETYPE=ovs TYPE=OVSPort
 NM_CONTROLLED=no OVS_BRIDGE=br-ex
 DEFROUTE=no ONBOOT=yes IPV6INIT=no
 BOOTPROTO=none

Can you help us with the issue? Thanks in advance.