Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

devstack: [Neutron] instances unreachables

Hi all,

I have succesfully deployed an AIO Devstack (Icehouse) with Neutron and OVS on a Ubuntu 14.04. Main problem I have is network configuration. Althought I have read tones ofarticles, questions, Im still stuck on it...

https://ask.openstack.org/en/question/11172/devstack-networking-for-standalone-virtualbox-vm-cant-ping-tofrom-instances/ https://ask.openstack.org/en/question/11446/devstack-instance-not-reachable-on-virtualhost-with-nat/ https://ask.openstack.org/en/question/35100/cannot-access-instance-with-assigned-floating-ip/ http://openstack.redhat.com/Networking

The host public network is 10.7.6.0/24. I have to NICs in my machine.

My local conf is:

[[local|localrc]]
APACHE_ENABLED_SERVICES+=keystone
LOGFILE=$DEST/logs/stack.sh.log
disable_service n-net
enable_service q-svc
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-meta
enable_service neutron
HOST_IP=10.7.6.41
FLOATING_RANGE=10.7.6.0/24
Q_FLOATING_ALLOCATION_POOL=start=10.7.6.224,end=10.7.6.254
FIXED_RANGE=10.0.0.0/24
FIXED_NETWORK_SIZE=256
FLAT_INTERFACE=eth0
ADMIN_PASSWORD=password
MYSQL_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
SERVICE_TOKEN=tokentoken

This is my host network config:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:a4:00:54 brd ff:ff:ff:ff:ff:ff
    inet 10.7.6.41/24 brd 10.7.6.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fea4:54/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP group default qlen 1000
    link/ether 00:50:56:a4:00:5c brd ff:ff:ff:ff:ff:ff
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 62:6c:ac:f4:18:1d brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default
    link/ether 42:a9:87:5c:bd:35 brd ff:ff:ff:ff:ff:ff
6: br-int: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/ether de:aa:ec:da:ab:4d brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fca1:d3ff:fe49:64d8/64 scope link
       valid_lft forever preferred_lft forever
7: br-ex: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/ether 00:50:56:a4:00:5c brd ff:ff:ff:ff:ff:ff
    inet 10.7.6.42/24 scope global br-ex
       valid_lft forever preferred_lft forever

I have manually configured br-ex to be attached to eth1, my non IPed NIC.

sudo ip addr flush eth1
sudo ovs-vsctl add-port br-ex eth1
sudo ip addr del 172.24.4.1/24 dev br-ex
sudo ip addr add 10.7.6.42/24 dev br-ex
sudo ip link set br-ex up

Here are my network namespaces:

stack@ubuntu-devstack2:~/devstack$ ip netns
qdhcp-edf20f57-c221-4af0-829f-d636e6fc2034
qrouter-fd9d6c0c-6931-40eb-8f07-6d2500a381b2

Router config:

stack@ubuntu-devstack2:~/devstack$ ip netns exec qrouter-fd9d6c0c-6931-40eb-8f07-6d2500a381b2 ip a
seting the network namespace "qrouter-fd9d6c0c-6931-40eb-8f07-6d2500a381b2" failed: Operation not permitted
stack@ubuntu-devstack2:~/devstack$ sudo ip netns exec qrouter-fd9d6c0c-6931-40eb-8f07-6d2500a381b2 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
8: qr-4fd93510-40: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/ether fa:16:3e:81:df:1a brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-4fd93510-40
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe81:df1a/64 scope link
       valid_lft forever preferred_lft forever
9: qg-874d52b9-c5: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/ether fa:16:3e:b4:35:39 brd ff:ff:ff:ff:ff:ff
    inet 10.7.6.224/24 brd 10.7.6.255 scope global qg-874d52b9-c5
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:feb4:3539/64 scope link
       valid_lft forever preferred_lft forever

OVS config:

stack@ubuntu-devstack2:~/devstack$ sudo ovs-vsctl show
8b9940c7-16ef-47df-adb1-7e42770e2bfd
    Bridge br-ex
        Port "qg-874d52b9-c5"
            Interface "qg-874d52b9-c5"
                type: internal
        Port "eth1"
            Interface "eth1"
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port "tap6c9a74c9-fd"
            tag: 1
            Interface "tap6c9a74c9-fd"
                type: internal
        Port "qr-4fd93510-40"
            tag: 1
            Interface "qr-4fd93510-40"
                type: internal
    ovs_version: "2.0.1"

br-ex config:

stack@ubuntu-devstack2:~$ sudo ovs-ofctl show br-ex
OFPT_FEATURES_REPLY (xid=0x2): dpid:0000005056a4005c
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: OUTPUT SET_VLAN_VID SET_VLAN_PCP STRIP_VLAN SET_DL_SRC SET_DL_DST SET_NW_SRC SET_NW_DST SET_NW_TOS SET_TP_SRC SET_TP_DST ENQUEUE
 1(qg-874d52b9-c5): addr:00:00:00:00:00:00
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
 2(eth1): addr:00:50:56:a4:00:5c
     config:     0
     state:      0
     current:    1GB-FD COPPER AUTO_NEG
     advertised: 10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
     supported:  10MB-HD 10MB-FD 100MB-HD 100MB-FD 1GB-FD COPPER AUTO_NEG
     speed: 1000 Mbps now, 1000 Mbps max
 LOCAL(br-ex): addr:00:50:56:a4:00:5c
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

I have alose set up ICMP and ssh security rules, and added iptables rule too:

nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 
sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

I still cannot ping nor ssh instances from outside nor I cant ping/ssh the outside world from the instances. Besides, I cant even ping floating instances IPs from router

I have noticed that althought pinging an instance form the outside world fails, arp table entry is set correctly..

Any advice would be really helpful, thanks in advance.