Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Gateway always down

Hello All,

I'm having some problems to bring up the gateway on the public network. I've see other questions about it but nothing helped me, the network:router_gateway port is allways DOWN. I've a three node installation: compute, network and controller. This is the port status:

    [root@neutron ~(keystone_admin)]# neutron router-port-list PublicRouter
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                              |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+
| 80c3b435-346d-4191-a3c8-24af40d23362 |      | fa:16:3e:ed:4f:a1 | {"subnet_id": "2ad73ff6-9d2a-4f21-8cae-23ff3b95823e", "ip_address": "192.168.210.158"} |
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+
[root@neutron ~(keystone_admin)]# neutron port-show 80c3b435-346d-4191-a3c8-24af40d23362
+-----------------------+----------------------------------------------------------------------------------------+
| Field                 | Value                                                                                  |
+-----------------------+----------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                   |
| allowed_address_pairs |                                                                                        |
| binding:host_id       | neutron.enterprise.com                                                                   |
| binding:profile       | {}                                                                                     |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                         |
| binding:vif_type      | ovs                                                                                    |
| binding:vnic_type     | normal                                                                                 |
| device_id             | 8fccfbf4-c861-4f2c-9afe-e7891d5badfa                                                   |
| device_owner          | network:router_gateway                                                                 |
| extra_dhcp_opts       |                                                                                        |
| fixed_ips             | {"subnet_id": "2ad73ff6-9d2a-4f21-8cae-23ff3b95823e", "ip_address": "192.168.210.158"} |
| id                    | 80c3b435-346d-4191-a3c8-24af40d23362                                                   |
| mac_address           | fa:16:3e:ed:4f:a1                                                                      |
| name                  |                                                                                        |
| network_id            | 11a6fac9-f239-4818-9b50-1692bae7892e                                                   |
| security_groups       |                                                                                        |
| status                | DOWN                                                                                   |
| tenant_id             |                                                                                        |
+-----------------------+----------------------------------------------------------------------------------------+

The installation (packstack) enabled the IP forwarding:

[root@neutron ~(keystone_admin)]# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

Openvswitch:

[root@neutron ~(keystone_admin)]# ovs-vsctl show
2ae7e474-2a77-4e69-9660-b21e4682a2c3
    Bridge br-int
        Port int-br-ex
            Interface int-br-ex
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
    Bridge br-tun
        Port "vxlan-c0a87a6f"
            Interface "vxlan-c0a87a6f"
                type: vxlan
                options: {in_key=flow, local_ip="192.168.122.101", out_key=flow, remote_ip="192.168.122.111"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-c0a87a66"
            Interface "vxlan-c0a87a66"
                type: vxlan
                options: {in_key=flow, local_ip="192.168.122.101", out_key=flow, remote_ip="192.168.122.102"}
    Bridge br-ex
        Port "qg-80c3b435-34"
            Interface "qg-80c3b435-34"
                type: internal
        Port br-ex
            Interface br-ex
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
        Port "eth2"
            Interface "eth2"
    ovs_version: "1.11.0"

[root@neutron ~(keystone_admin)]# ifconfig br-ex
br-ex     Link encap:Ethernet  HWaddr 00:1A:4A:6B:13:D0  
          inet addr:192.168.210.241  Bcast:192.168.210.255  Mask:255.255.255.0
          inet6 addr: fe80::b495:6fff:fe01:9815/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:263 errors:0 dropped:0 overruns:0 frame:0
          TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:17874 (17.4 KiB)  TX bytes:4276 (4.1 KiB)

[root@neutron ~(keystone_admin)]# ifconfig eth2
eth2      Link encap:Ethernet  HWaddr 00:1A:4A:6B:13:D0  
          inet6 addr: fe80::21a:4aff:fe6b:13d0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:155 errors:0 dropped:0 overruns:0 frame:0
          TX packets:329 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:9728 (9.5 KiB)  TX bytes:20330 (19.8 KiB)

some namespaces info:

[root@neutron ~(keystone_admin)]# ip netns exec qrouter-8fccfbf4-c861-4f2c-9afe-e7891d5badfa netstat -i
Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
lo        16436   0      111      0      0      0      111      0      0      0 LRU
qg-80c3b435-34  1500   0       14      0      0      0       94      0      0      0 BRU
[root@neutron ~(keystone_admin)]# ip netns exec qrouter-8fccfbf4-c861-4f2c-9afe-e7891d5badfa netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.210.0   0.0.0.0         255.255.255.0   U         0 0          0 qg-80c3b435-34
0.0.0.0         192.168.210.1   0.0.0.0         UG        0 0          0 qg-80c3b435-34
[root@neutron ~(keystone_admin)]# ip netns exec qrouter-8fccfbf4-c861-4f2c-9afe-e7891d5badfa netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name   
tcp        0      0 0.0.0.0:9697                0.0.0.0:*                   LISTEN      121889/python       
[root@neutron ~(keystone_admin)]# ip netns exec qrouter-8fccfbf4-c861-4f2c-9afe-e7891d5badfa ip a
18: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
44: qg-80c3b435-34: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:ed:4f:a1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.210.158/24 brd 192.168.210.255 scope global qg-80c3b435-34
    inet6 fe80::f816:3eff:feed:4fa1/64 scope link 
       valid_lft forever preferred_lft forever

Plugin config:

[root@neutron ~(keystone_admin)]# grep -v \# /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini | grep -v "^$"
[ovs]
bridge_mappings = 
[agent]
tunnel_types =vxlan
vxlan_udp_port =4789
[securitygroup]
[OVS]
local_ip=192.168.122.101
enable_tunneling=True
integration_bridge=br-int
tunnel_bridge=br-tun
[AGENT]
polling_interval=2
[SECURITYGROUP]
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

I've cleared all the IPtables rules and added these that I've found on the oficial documentation:

# iptables -A FORWARD -i eth2 -o br-ex -s 192.168.210.0/24 -m conntrack --ctstate NEW -j ACCEPT
# iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# iptables -A POSTROUTING -s 192.168.210.0/24 -t nat -j MASQUERADE

some suggestions about what more I've to look for?

thanks in advance,