Revision history [back]

click to hide/show revision 1
initial version

External network setup on CentOS

I have a proof-of-concept installation of OpenStack-Ansible running on 3 physical servers, all running CentOS 7. Each server has 2 network interfaces, em1 and em2. em1 is connected to the campus network (10.x.x.x/24), and em2 is connected to a private switch. OSA is configured to use em2 for management/container (br-mgmt, 172.29.10.0/24), vlan (br-vlan), tunnels (br-vxlan, 172.29.11.0/24), and storage (br-storage, 172.29.12.0/24).

This all works fine for private networks. I can create various private networks (192.168.x.x) and connect instances to them. I can create routers between private networks and the instances on one private network can talk to the instances on another private network.

What I can't figure out is how to configure an external network so that instances can talk to the campus network and the Internet. I've tried variations on this:

$ openstack network create --share --external --provider-physical-network vlan --provider-network-type vlan EXTERNAL

$ openstack subnet create --network EXTERNAL --allocation-pool start=172.29.10.151,end=172.29.10.200 --dns-server 10.x.x.x --gateway 172.29.10.1 --subnet-range 172.29.10.0/24 EXTSUB1

I can set this network as the gateway of a router, and I can ping the assigned interface address, but I can't ping anything else on the 172.x.x.x network or anything with a campus IP address.

I feel like I'm missing something simple/fundamental, but I can't figure out what that is.

Any ideas?

External network setup on CentOS

I have a proof-of-concept installation of OpenStack-Ansible running on 3 physical servers, all running CentOS 7. Each server has 2 network interfaces, em1 and em2. em1 is connected to the campus network (10.x.x.x/24), and em2 is connected to a private switch. OSA is configured to use em2 for management/container (br-mgmt, 172.29.10.0/24), vlan (br-vlan), tunnels (br-vxlan, 172.29.11.0/24), and storage (br-storage, 172.29.12.0/24).

This all works fine for private networks. I can create various private networks (192.168.x.x) and connect instances to them. I can create routers between private networks and the instances on one private network can talk to the instances on another private network.

What I can't figure out is how to configure an external network so that instances can talk to the campus network and the Internet. I've tried variations on this:

$ openstack network create --share --external --provider-physical-network vlan --provider-network-type vlan EXTERNAL

$ openstack subnet create --network EXTERNAL --allocation-pool start=172.29.10.151,end=172.29.10.200 --dns-server 10.x.x.x --gateway 172.29.10.1 --subnet-range 172.29.10.0/24 EXTSUB1

I can set this network as the gateway of a router, and I can ping the assigned interface address, but I can't ping anything else on the 172.x.x.x network or anything with a campus IP address.

I feel like I'm missing something simple/fundamental, but I can't figure out what that is.

Any ideas?

Additional info:

In the openstack_user_config.yml file, it's actually named 'vlan':

- network:
    group_binds:
      - neutron_linuxbridge_agent
    container_bridge: "br-vlan"
    container_type: "veth"
    container_interface: "eth11"
    type: "vlan"
    range: "101:200,301:400"
    net_name: "vlan"

From /etc/sysconfig/network-scripts/ifcfg-br-vlan:

DEVICE=br-vlan
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=manual
NM_CONTROLLED=no
DELAY=0