Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

instance cannot ping external network

Hi,

I deployed openstack using kolla (rocky). My controller and deploy machines are Ubuntu 18.04 VMs running on Proxmox. My neutron external network is a pfsense LAN. I have two compute nodes running Ubuntu 18.04 (on metal not VMs). I have two cirros instances on demo-net and they can ping each other and the demo-router. demo-* was automatically setup by running init-once. When I ping my gateway on the external network I can see the echo requests using tcpdump on vxlan_sys_4789 on the controller machine. Any help in figuring this out is appreciated.

Additional Info:

oscontrol@oscontrol:~$ docker exec openvswitch_vswitchd ovs-vsctl show
c86e2fb7-af1e-47b2-8a6b-c1c9ebb7053c
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-ex
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port br-ex
            Interface br-ex
                type: internal
        Port "ens18"
            Interface "ens18"
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "tap0ceeef01-b5"
            tag: 5
            Interface "tap0ceeef01-b5"
                type: internal
        Port "qr-92c98b74-c2"
            tag: 5
            Interface "qr-92c98b74-c2"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "qg-86e06ca5-d7"
            tag: 6
            Interface "qg-86e06ca5-d7"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
    Bridge br-tun
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-0a0a0adc"
            Interface "vxlan-0a0a0adc"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.10.10.210", out_key=flow, remote_ip="10.10.10.220"}
        Port br-tun
            Interface br-tun
                type: internal
oscontrol@oscontrol:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST> mtu 1500 qdisc noop master ovs-system state DOWN group default qlen 1000
    link/ether 7a:cf:b6:3b:3d:1b brd ff:ff:ff:ff:ff:ff
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 4a:71:b6:1b:79:9f brd ff:ff:ff:ff:ff:ff
    inet 10.10.10.210/24 brd 10.10.10.255 scope global ens19
       valid_lft forever preferred_lft forever
    inet 10.10.10.100/32 scope global ens19
       valid_lft forever preferred_lft forever
    inet6 fe80::4871:b6ff:fe1b:799f/64 scope link
       valid_lft forever preferred_lft forever
4: ens20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 72:c3:c4:26:66:b6 brd ff:ff:ff:ff:ff:ff
    inet 10.168.1.210/24 brd 10.168.1.255 scope global ens20
       valid_lft forever preferred_lft forever
    inet6 fe80::70c3:c4ff:fe26:66b6/64 scope link
       valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:ce:52:ce:4c brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
23: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 86:d2:ec:ed:73:3e brd ff:ff:ff:ff:ff:ff
24: br-ex: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether fe:5b:4d:0e:55:46 brd ff:ff:ff:ff:ff:ff
25: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 86:bd:42:2a:b3:44 brd ff:ff:ff:ff:ff:ff
26: br-tun: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 26:ec:55:78:83:4d brd ff:ff:ff:ff:ff:ff
41: vxlan_sys_4789: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65000 qdisc noqueue master ovs-system state UNKNOWN group default qlen 1000
    link/ether 86:df:6d:fa:4d:f1 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::84df:6dff:fefa:4df1/64 scope link
       valid_lft forever preferred_lft forever