Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

openstack neutron ovs external network not reachable

Hello

i'm new here so i have installed openstack manually and had an issue as follows. i followed the official install guide for openstack train and self service with ovs and everything seems to work except one thing external networks.

i cant ping any IP external other than the one assigned to the neutron br-provider i have been doing debugging on different name spaces and i can't figure whats wrong. i have connected 2 private networks to a router and tested communication between instances on same host and different compute hosts that worked but connecting a private network to a router with another external network as gateway and floating IPs won't ping any ip other than neutron node (br-provider) interface 10.65.6.29 instances inside cant ping the gateway or other hosts on the physical network that im using as external please find below config contents for neutron modules on controller,network and compute nodes i have assigned br-provider an IP manually with ifconfig (br-provider is the bridge name i used for external bridge on ovs) following is the output for ovs-vsctl show command:

[root@Neutron ~]# ovs-vsctl show
5ab40f37-5ae4-48ad-92be-c2a2b0659234
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        datapath_type: system
        Port "tap96feb649-57"
            tag: 6
            Interface "tap96feb649-57"
                type: internal
        Port "qr-ddca8fbb-b4"
            tag: 1
            Interface "qr-ddca8fbb-b4"
                type: internal
        Port "qr-017caf07-d1"
            tag: 7
            Interface "qr-017caf07-d1"
                type: internal
        Port "qg-84564d0c-78"
            tag: 6
            Interface "qg-84564d0c-78"
                type: internal
        Port "tapa05a825d-56"
            tag: 2
            Interface "tapa05a825d-56"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port int-br-provider
            Interface int-br-provider
                type: patch
                options: {peer=phy-br-provider}
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qg-f66ba620-d9"
            tag: 4095
            Interface "qg-f66ba620-d9"
                type: internal
        Port "tapa70c6aed-db"
            tag: 7
            Interface "tapa70c6aed-db"
                type: internal
        Port "tap6ee2f60a-1f"
            tag: 3
            Interface "tap6ee2f60a-1f"
                type: internal
        Port "tap946bc635-91"
            tag: 1
            Interface "tap946bc635-91"
                type: internal
    Bridge br-provider
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        datapath_type: system
        Port phy-br-provider
            Interface phy-br-provider
                type: patch
                options: {peer=int-br-provider}
        Port "ens161"
            Interface "ens161"
        Port br-provider
            Interface br-provider
                type: internal
    Bridge br-tun
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        datapath_type: system
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-0a14141b"
            Interface "vxlan-0a14141b"
                type: vxlan
                options: {df_default="true", egress_pkt_mark="0", in_key=flow, local_ip="10.20.20.29", out_key=flow, remote_ip="10.20.20.27"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-0a14141a"
            Interface "vxlan-0a14141a"
                type: vxlan
                options: {df_default="true", egress_pkt_mark="0", in_key=flow, local_ip="10.20.20.29", out_key=flow, remote_ip="10.20.20.26"}
    ovs_version: "2.12.0"

external network conf

Name
external
ID
67f0d0d1-392f-402e-bff6-2cf008050029
Project ID
8c79bb4e38074276886e7a8effc6c966
Status
Active
Admin State
UP
Shared
Yes
External Network
Yes
MTU
1500
Provider Network
Network Type: flat
Physical Network: provider
Segmentation ID: -

Name
    external-subnet
    ID
    8e410b3b-f647-45b3-abfb-ca99b518dcd9
    Project ID
    8c79bb4e38074276886e7a8effc6c966
    Network Name
    external
    Network ID
    67f0d0d1-392f-402e-bff6-2cf008050029
    Subnet Pool
    None
    IP Version
    IPv4
    CIDR
    10.65.6.0/24
    IP Allocation Pools
    Start 10.65.6.50 - End 10.65.6.100
    Gateway IP
    10.65.6.1
    DHCP Enabled
    Yes
    Additional Routes
    None
    DNS Name Servers
    8.8.8.8

Network node -- neutron.conf

[DEFAULT]
core_plugin = ml2
auth_strategy = keystone
allow_overlapping_ips = true
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
transport_url = rabbit://openstack:master@controller
[cors]
[database]
connection = mysql+pymysql://neutron:master@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = master
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = master
[agent]

Network node -- ml2.conf

[DEFAULT]
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
vni_ranges = 1:1000
[ml2_type_flat]
flat_networks = *

Network node -- openvswitch-agent.conf

[DEFAULT]

[ovs]
bridge_mappings = provider:br-provider
local_ip = 10.20.20.29

[agent]
tunnel_types = vxlan
l2_population = True

[securitygroup]
firewall_driver = iptables_hybrid