Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Icehouse multi-node neutron router not able to ping external gateway or outside of OVS bridge

I'm following the OpenStack guide Installation Guide for Red Hat Enterprise Linux - icehouse for icehouse with multiple nodes. I am trying to get this working on VMs running on VMWare and configuring it for VXLAN instead of GRE. With that said I'm to the point in the guide where I'm trying to setup the network node and verifying that it works i.e. Installation Guide for Red Hat Enterprise Linux - icehouse verify connectivity. The router gets created on the network node but isn't able to ping anything outside of that network node. I have 3 servers

  • Controller
    • eth0 -> server IP (external)
    • eth1 -> management network
  • Network node
    • br-ex -> server IP (external)
      • eth0 -> ovs port on external network
    • eth1 -> manament network
    • eth2 -> data (instance tunnels)
  • Compute node
    • eth0 -> server IP (external)
    • eth1 -> managment network
    • eth2 -> data (instance tunnels)

I've moved the eth0 IP to the br-ex bridge and the neutron router gets created but it can only ping the IP of the network node and nothing outside that node. It seems like the OVS bridge isn't passing the traffic to the physical NIC.

    Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "qg-32881dcd-45"
        Interface "qg-32881dcd-45"
            type: internal
    Port "eth0"
        Interface "eth0"
ovs_version: "1.11.0"

and my /etc/neutron/plugin.ini

[ml2]
type_drivers = vxlan,vlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch
[ml2_type_flat]
[ml2_type_vlan]
network_vlan_ranges = physnet1
bridge_mappings = physnet1:br-ex
[ml2_type_gre]
[ml2_type_vxlan]
vni_ranges = 10:2000
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True

and here is what is in /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

[ovs]
local_ip = 192.168.1.13
tunnel_type = vxlan
enable_tunneling = True
tunnel_bridge = br-tun
integration_bridge = br-int
[agent]
tunnel_types = vxlan
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Here is what I see in the qrouter

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1008 (1008.0 b)  TX bytes:1008 (1008.0 b)

qg-32881dcd-45 Link encap:Ethernet  HWaddr FA:16:3E:6F:02:84
          inet addr:10.11.19.155  Bcast:10.115.195.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe6f:284/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:2027383 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:128824572 (122.8 MiB)  TX bytes:1896 (1.8 KiB)

qr-f9fb9aef-90 Link encap:Ethernet  HWaddr FA:16:3E:5C:1B:25
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe5c:1b25/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:608 (608.0 b)  TX bytes:936 (936.0 b)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.11.19.0    0.0.0.0         255.255.255.0   U     0      0        0 br-ex
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
0.0.0.0         10.11.19.1    0.0.0.0         UG    0      0        0 br-ex

When trying to ping the gateway from within the namespace it is unreachable i.e.

# ip netns exec qrouter-cf07b71d-5ef4-42c5-92b7-a42671e48c00 ping 10.11.19.1
PING 10.11.19.1 (10.11.19.1) 56(84) bytes of data.
From 10.11.19.155 icmp_seq=2 Destination Host Unreachable
From 10.11.19.155 icmp_seq=3 Destination Host Unreachable
From 10.11.19.155 icmp_seq=4 Destination Host Unreachable
^C
--- 10.115.195.1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4496ms

Any and all help would be greately appreciated.

Icehouse multi-node neutron router not able to ping external gateway or outside of OVS bridge

I'm following the OpenStack guide Installation Guide for Red Hat Enterprise Linux - icehouse for icehouse with multiple nodes. I am trying to get this working on VMs running on VMWare and configuring it for VXLAN instead of GRE. With that said I'm to the point in the guide where I'm trying to setup the network node and verifying that it works i.e. Installation Guide for Red Hat Enterprise Linux - icehouse verify connectivity. The router gets created on the network node but isn't able to ping anything outside of that network node. I have 3 servers

  • Controller
    • eth0 -> server IP (external)
    • eth1 -> management network
  • Network node
    • br-ex -> server IP (external)
      • eth0 -> ovs port on external network
    • eth1 -> manament network
    • eth2 -> data (instance tunnels)
  • Compute node
    • eth0 -> server IP (external)
    • eth1 -> managment network
    • eth2 -> data (instance tunnels)

I've moved the eth0 IP to the br-ex bridge and the neutron router gets created but it can only ping the IP of the network node and nothing outside that node. It seems like the OVS bridge isn't passing the traffic to the physical NIC.

    Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "qg-32881dcd-45"
        Interface "qg-32881dcd-45"
            type: internal
    Port "eth0"
        Interface "eth0"
ovs_version: "1.11.0"

and my /etc/neutron/plugin.ini

[ml2]
type_drivers = vxlan,vlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch
[ml2_type_flat]
[ml2_type_vlan]
network_vlan_ranges = physnet1
bridge_mappings = physnet1:br-ex
[ml2_type_gre]
[ml2_type_vxlan]
vni_ranges = 10:2000
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True

and here is what is in /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

[ovs]
local_ip = 192.168.1.13
tunnel_type = vxlan
enable_tunneling = True
tunnel_bridge = br-tun
integration_bridge = br-int
[agent]
tunnel_types = vxlan
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Here is what I see in the qrouter

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1008 (1008.0 b)  TX bytes:1008 (1008.0 b)

qg-32881dcd-45 Link encap:Ethernet  HWaddr FA:16:3E:6F:02:84
          inet addr:10.11.19.155  Bcast:10.115.195.255 Bcast:10.11.19.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe6f:284/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:2027383 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:128824572 (122.8 MiB)  TX bytes:1896 (1.8 KiB)

qr-f9fb9aef-90 Link encap:Ethernet  HWaddr FA:16:3E:5C:1B:25
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe5c:1b25/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:608 (608.0 b)  TX bytes:936 (936.0 b)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.11.19.0    0.0.0.0         255.255.255.0   U     0      0        0 br-ex
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
0.0.0.0         10.11.19.1    0.0.0.0         UG    0      0        0 br-ex

When trying to ping the gateway from within the namespace it is unreachable i.e.

# ip netns exec qrouter-cf07b71d-5ef4-42c5-92b7-a42671e48c00 ping 10.11.19.1
PING 10.11.19.1 (10.11.19.1) 56(84) bytes of data.
From 10.11.19.155 icmp_seq=2 Destination Host Unreachable
From 10.11.19.155 icmp_seq=3 Destination Host Unreachable
From 10.11.19.155 icmp_seq=4 Destination Host Unreachable
^C
--- 10.115.195.1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4496ms

Any and all help would be greately appreciated.

Icehouse multi-node neutron router not able to ping external gateway or outside of OVS bridge

I'm following the OpenStack guide Installation Guide for Red Hat Enterprise Linux - icehouse for icehouse with multiple nodes. I am trying to get this working on VMs running on VMWare and configuring it for VXLAN instead of GRE. With that said I'm to the point in the guide where I'm trying to setup the network node and verifying that it works i.e. Installation Guide for Red Hat Enterprise Linux - icehouse verify connectivity. The router gets created on the network node but isn't able to ping anything outside of that network node. I have 3 servers

  • Controller
    • eth0 -> server IP (external)
    • eth1 -> management network
  • Network node
    • br-ex -> server IP (external)
      • eth0 -> ovs port on external network
    • eth1 -> manament network
    • eth2 -> data (instance tunnels)
  • Compute node
    • eth0 -> server IP (external)
    • eth1 -> managment network
    • eth2 -> data (instance tunnels)

I've moved the eth0 IP to the br-ex bridge and the neutron router gets created but it can only ping the IP of the network node and nothing outside that node. It seems like the OVS bridge isn't passing the traffic to the physical NIC.

    Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "qg-32881dcd-45"
        Interface "qg-32881dcd-45"
            type: internal
    Port "eth0"
        Interface "eth0"
ovs_version: "1.11.0"

and my /etc/neutron/plugin.ini

[ml2]
type_drivers = vxlan,vlan
vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch
[ml2_type_flat]
[ml2_type_vlan]
network_vlan_ranges = physnet1
bridge_mappings = physnet1:br-ex
[ml2_type_gre]
[ml2_type_vxlan]
vni_ranges = 10:2000
vxlan_group = 239.1.1.2
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True

and here is what is in /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

[ovs]
local_ip = 192.168.1.13
tunnel_type = vxlan
enable_tunneling = True
tunnel_bridge = br-tun
integration_bridge = br-int
[agent]
polling_interval = 2
tunnel_types = vxlan
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Here is what I see in the qrouter

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1008 (1008.0 b)  TX bytes:1008 (1008.0 b)

qg-32881dcd-45 Link encap:Ethernet  HWaddr FA:16:3E:6F:02:84
          inet addr:10.11.19.155  Bcast:10.11.19.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe6f:284/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:2027383 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:128824572 (122.8 MiB)  TX bytes:1896 (1.8 KiB)

qr-f9fb9aef-90 Link encap:Ethernet  HWaddr FA:16:3E:5C:1B:25
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe5c:1b25/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:608 (608.0 b)  TX bytes:936 (936.0 b)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.11.19.0    0.0.0.0         255.255.255.0   U     0      0        0 br-ex
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
0.0.0.0         10.11.19.1    0.0.0.0         UG    0      0        0 br-ex

When trying to ping the gateway from within the namespace it is unreachable i.e.

# ip netns exec qrouter-cf07b71d-5ef4-42c5-92b7-a42671e48c00 ping 10.11.19.1
PING 10.11.19.1 (10.11.19.1) 56(84) bytes of data.
From 10.11.19.155 icmp_seq=2 Destination Host Unreachable
From 10.11.19.155 icmp_seq=3 Destination Host Unreachable
From 10.11.19.155 icmp_seq=4 Destination Host Unreachable
^C
--- 10.115.195.1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4496ms

Any and all help would be greately appreciated.

Icehouse multi-node neutron router not able to ping external gateway or outside of OVS bridge

I'm following the OpenStack guide Installation Guide for Red Hat Enterprise Linux - icehouse for icehouse with multiple nodes. I am trying to get this working on VMs running on VMWare and configuring it for VXLAN instead of GRE. With that said I'm to the point in the guide where I'm trying to setup the network node and verifying that it works i.e. Installation Guide for Red Hat Enterprise Linux - icehouse verify connectivity. The router gets created on the network node but isn't able to ping anything outside of that network node. I have 3 servers

  • Controller
    • eth0 -> server IP (external)
    • eth1 -> management network
  • Network node
    • br-ex -> server IP (external)
      • eth0 -> ovs port on external network
    • eth1 -> manament network
    • eth2 -> data (instance tunnels)
  • Compute node
    • eth0 -> server IP (external)
    • eth1 -> managment network
    • eth2 -> data (instance tunnels)

I've moved the eth0 IP to the br-ex bridge and the neutron router gets created but it can only ping the IP of the network node and nothing outside that node. It seems like the OVS bridge isn't passing the traffic to the physical NIC.

    Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "qg-32881dcd-45"
        Interface "qg-32881dcd-45"
            type: internal
    Port "eth0"
        Interface "eth0"
ovs_version: "1.11.0"

and my /etc/neutron/plugin.ini

[ml2]
type_drivers = vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch
[ml2_type_flat]
[ml2_type_vlan]
[ml2_type_gre]
[ml2_type_vxlan]
vni_ranges = 10:2000
vxlan_group = 239.1.1.2
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True

and here is what is in /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

[ovs]
local_ip = 192.168.1.13
enable_tunneling = True
tunnel_bridge = br-tun
integration_bridge = br-int
[agent]
polling_interval = 2
tunnel_types = vxlan
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Here is what I see in the qrouter

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1008 (1008.0 b)  TX bytes:1008 (1008.0 b)

qg-32881dcd-45 Link encap:Ethernet  HWaddr FA:16:3E:6F:02:84
          inet addr:10.11.19.155  Bcast:10.11.19.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe6f:284/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:2027383 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:128824572 (122.8 MiB)  TX bytes:1896 (1.8 KiB)

qr-f9fb9aef-90 Link encap:Ethernet  HWaddr FA:16:3E:5C:1B:25
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe5c:1b25/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:608 (608.0 b)  TX bytes:936 (936.0 b)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.11.19.0    0.0.0.0         255.255.255.0   U     0      0        0 br-ex
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
0.0.0.0         10.11.19.1    0.0.0.0         UG    0      0        0 br-ex

When trying to ping the gateway from within the namespace it is unreachable i.e.

# ip netns exec qrouter-cf07b71d-5ef4-42c5-92b7-a42671e48c00 ping 10.11.19.1
PING 10.11.19.1 (10.11.19.1) 56(84) bytes of data.
From 10.11.19.155 icmp_seq=2 Destination Host Unreachable
From 10.11.19.155 icmp_seq=3 Destination Host Unreachable
From 10.11.19.155 icmp_seq=4 Destination Host Unreachable
^C
--- 10.115.195.1 10.11.19.1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4496ms

Any and all help would be greately appreciated.

Icehouse multi-node neutron router not able to ping external gateway or outside of OVS bridge

I'm following the OpenStack guide Installation Guide for Red Hat Enterprise Linux - icehouse for icehouse with multiple nodes. I am trying to get this working on VMs running on VMWare and configuring it for VXLAN instead of GRE. With that said I'm to the point in the guide where I'm trying to setup the network node and verifying that it works i.e. Installation Guide for Red Hat Enterprise Linux - icehouse verify connectivity. The router gets created on the network node but isn't able to ping anything outside of that network node. I have 3 servers

  • Controller
    • eth0 -> server IP (external)
    • eth1 -> management network
  • Network node
    • br-ex -> server IP (external)
      • eth0 -> ovs port on external network
    • eth1 -> manament network
    • eth2 -> data (instance tunnels)
  • Compute node
    • eth0 -> server IP (external)
    • eth1 -> managment network
    • eth2 -> data (instance tunnels)

I've moved the eth0 IP to the br-ex bridge and the neutron router gets created but it can only ping the IP of the network node and nothing outside that node. It seems like the OVS bridge isn't passing the traffic to the physical NIC.

29a81188-a1f3-459f-b1ee-c6a913d40b03
    Bridge br-int
        Port br-int
            Interface br-int
                type: internal
        Port "tapfe3920f7-b6"
            tag: 1
            Interface "tapfe3920f7-b6"
                type: internal
        Port "qr-f9fb9aef-90"
            tag: 1
            Interface "qr-f9fb9aef-90"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
    Bridge br-tun
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-c0a8010f"
            Interface "vxlan-c0a8010f"
                type: vxlan
                options: {in_key=flow, local_ip="192.168.1.13", out_key=flow, remote_ip="192.168.1.15"}
        Port "vxlan-c0a80110"
            Interface "vxlan-c0a80110"
                type: vxlan
                options: {in_key=flow, local_ip="192.168.1.13", out_key=flow, remote_ip="192.168.1.16"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-ex
     Port br-ex
         Interface br-ex
             type: internal
     Port "qg-32881dcd-45"
         Interface "qg-32881dcd-45"
             type: internal
     Port "eth0"
         Interface "eth0"
 ovs_version: "1.11.0"

and my /etc/neutron/plugin.ini

[ml2]
type_drivers = vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch
[ml2_type_flat]
[ml2_type_vlan]
[ml2_type_gre]
[ml2_type_vxlan]
vni_ranges = 10:2000
vxlan_group = 239.1.1.2
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True

and here is what is in /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

[ovs]
local_ip = 192.168.1.13
enable_tunneling = True
tunnel_bridge = br-tun
integration_bridge = br-int
[agent]
polling_interval = 2
tunnel_types = vxlan
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Here is what I see in the qrouter

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1008 (1008.0 b)  TX bytes:1008 (1008.0 b)

qg-32881dcd-45 Link encap:Ethernet  HWaddr FA:16:3E:6F:02:84
          inet addr:10.11.19.155  Bcast:10.11.19.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe6f:284/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:2027383 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:128824572 (122.8 MiB)  TX bytes:1896 (1.8 KiB)

qr-f9fb9aef-90 Link encap:Ethernet  HWaddr FA:16:3E:5C:1B:25
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe5c:1b25/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:608 (608.0 b)  TX bytes:936 (936.0 b)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.11.19.0    0.0.0.0         255.255.255.0   U     0      0        0 br-ex
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
0.0.0.0         10.11.19.1    0.0.0.0         UG    0      0        0 br-ex

When trying to ping the gateway from within the namespace it is unreachable i.e.

# ip netns exec qrouter-cf07b71d-5ef4-42c5-92b7-a42671e48c00 ping 10.11.19.1
PING 10.11.19.1 (10.11.19.1) 56(84) bytes of data.
From 10.11.19.155 icmp_seq=2 Destination Host Unreachable
From 10.11.19.155 icmp_seq=3 Destination Host Unreachable
From 10.11.19.155 icmp_seq=4 Destination Host Unreachable
^C
--- 10.11.19.1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4496ms

Any and all help would be greately appreciated.

Icehouse multi-node neutron router not able to ping external gateway or outside of OVS bridge

I'm following the OpenStack guide Installation Guide for Red Hat Enterprise Linux - icehouse for icehouse with multiple nodes. I am trying to get this working on VMs running on VMWare and configuring it for VXLAN instead of GRE. With that said I'm to the point in the guide where I'm trying to setup the network node and verifying that it works i.e. Installation Guide for Red Hat Enterprise Linux - icehouse verify connectivity. The router gets created on the network node but isn't able to ping anything outside of that network node. I have 3 servers

  • Controller
    • eth0 -> server IP (external)
    • eth1 -> management network
  • Network node
    • br-ex -> server IP (external)
      • eth0 -> ovs port on external network
    • eth1 -> manament network
    • eth2 -> data (instance tunnels)
  • Compute node
    • eth0 -> server IP (external)
    • eth1 -> managment network
    • eth2 -> data (instance tunnels)

I've moved the eth0 IP to the br-ex bridge and the neutron router gets created but it can only ping the IP of the network node and nothing outside that node. It seems like the OVS bridge isn't passing the traffic to the physical NIC.

29a81188-a1f3-459f-b1ee-c6a913d40b03
    Bridge br-int
        Port br-int
            Interface br-int
                type: internal
        Port "tapfe3920f7-b6"
            tag: 1
            Interface "tapfe3920f7-b6"
                type: internal
        Port "qr-f9fb9aef-90"
            tag: 1
            Interface "qr-f9fb9aef-90"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
    Bridge br-tun
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-c0a8010f"
            Interface "vxlan-c0a8010f"
                type: vxlan
                options: {in_key=flow, local_ip="192.168.1.13", out_key=flow, remote_ip="192.168.1.15"}
        Port "vxlan-c0a80110"
            Interface "vxlan-c0a80110"
                type: vxlan
                options: {in_key=flow, local_ip="192.168.1.13", out_key=flow, remote_ip="192.168.1.16"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "qg-32881dcd-45"
            Interface "qg-32881dcd-45"
                type: internal
        Port "eth0"
            Interface "eth0"
    ovs_version: "1.11.0"

and my /etc/neutron/plugin.ini

# ll /etc/neutron/plugin.ini
lrwxrwxrwx. 1 root neutron 24 Oct 14 15:47 /etc/neutron/plugin.ini -> plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch
[ml2_type_flat]
[ml2_type_vlan]
[ml2_type_gre]
[ml2_type_vxlan]
vni_ranges = 10:2000
vxlan_group = 239.1.1.2
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True

and here is what is in /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

# ll /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
-rw-r-----. 1 root neutron 6533 Oct 23 11:07 /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
[ovs]
local_ip = 192.168.1.13
enable_tunneling = True
tunnel_bridge = br-tun
integration_bridge = br-int
[agent]
polling_interval = 2
tunnel_types = vxlan
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True

Here is what I see in the qrouter

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1008 (1008.0 b)  TX bytes:1008 (1008.0 b)

qg-32881dcd-45 Link encap:Ethernet  HWaddr FA:16:3E:6F:02:84
          inet addr:10.11.19.155  Bcast:10.11.19.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe6f:284/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:2027383 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:128824572 (122.8 MiB)  TX bytes:1896 (1.8 KiB)

qr-f9fb9aef-90 Link encap:Ethernet  HWaddr FA:16:3E:5C:1B:25
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe5c:1b25/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:608 (608.0 b)  TX bytes:936 (936.0 b)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.11.19.0    0.0.0.0         255.255.255.0   U     0      0        0 br-ex
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
0.0.0.0         10.11.19.1    0.0.0.0         UG    0      0        0 br-ex

When trying to ping the gateway from within the namespace it is unreachable i.e.

# ip netns exec qrouter-cf07b71d-5ef4-42c5-92b7-a42671e48c00 ping 10.11.19.1
PING 10.11.19.1 (10.11.19.1) 56(84) bytes of data.
From 10.11.19.155 icmp_seq=2 Destination Host Unreachable
From 10.11.19.155 icmp_seq=3 Destination Host Unreachable
From 10.11.19.155 icmp_seq=4 Destination Host Unreachable
^C
--- 10.11.19.1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4496ms

Any and all help would be greately appreciated.

Icehouse multi-node neutron router not able to ping external gateway or outside of OVS bridge

I'm following the OpenStack guide Installation Guide for Red Hat Enterprise Linux - icehouse for icehouse with multiple nodes. I am trying to get this working on VMs running on VMWare and configuring it for VXLAN instead of GRE. With that said I'm to the point in the guide where I'm trying to setup the network node and verifying that it works i.e. Installation Guide for Red Hat Enterprise Linux - icehouse verify connectivity. The router gets created on the network node but isn't able to ping anything outside of that network node. I have 3 servers

  • Controller
    • eth0 -> server IP (external)
    • eth1 -> management network
  • Network node
    • br-ex -> server IP (external)
      • eth0 -> ovs port on external network
    • eth1 -> manament network
    • eth2 -> data (instance tunnels)
  • Compute node
    • eth0 -> server IP (external)
    • eth1 -> managment network
    • eth2 -> data (instance tunnels)

I've moved the eth0 IP to the br-ex bridge and the neutron router gets created but it can only ping the IP of the network node and nothing outside that node. It seems like the OVS bridge isn't passing the traffic to the physical NIC.

29a81188-a1f3-459f-b1ee-c6a913d40b03
    Bridge br-int
        Port br-int
            Interface br-int
                type: internal
        Port "tapfe3920f7-b6"
            tag: 1
            Interface "tapfe3920f7-b6"
                type: internal
        Port "qr-f9fb9aef-90"
            tag: 1
            Interface "qr-f9fb9aef-90"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
    Bridge br-tun
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-c0a8010f"
            Interface "vxlan-c0a8010f"
                type: vxlan
                options: {in_key=flow, local_ip="192.168.1.13", out_key=flow, remote_ip="192.168.1.15"}
        Port "vxlan-c0a80110"
            Interface "vxlan-c0a80110"
                type: vxlan
                options: {in_key=flow, local_ip="192.168.1.13", out_key=flow, remote_ip="192.168.1.16"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "qg-32881dcd-45"
            Interface "qg-32881dcd-45"
                type: internal
        Port "eth0"
            Interface "eth0"
    ovs_version: "1.11.0"

Here is what is in my /etc/neutron directory

# cd /etc/neutron/; ll
total 60
-rw-r-----. 1 root neutron  3634 Oct 14 14:18 dhcp_agent.ini
-rw-r-----. 1 root neutron   109 Jun  7 17:38 fwaas_driver.ini
-rw-r-----. 1 root neutron  3231 Oct 14 15:47 l3_agent.ini
-rw-r-----. 1 root neutron  1400 Jun  7 17:38 lbaas_agent.ini
-rw-r-----. 1 root neutron  1400 Oct 14 15:46 metadata_agent.ini
-rw-r-----. 1 root neutron 18359 Oct 14 15:12 neutron.conf
lrwxrwxrwx. 1 root neutron    24 Oct 14 15:47 plugin.ini -> plugins/ml2/ml2_conf.ini
drwxr-xr-x. 4 root neutron  4096 Oct 14 13:53 plugins
-rw-r-----. 1 root neutron  6148 Jun  7 17:38 policy.json
-rw-r--r--. 1 root neutron    78 Jun 13 07:41 release
-rw-r--r--. 1 root neutron  1216 Jun  7 17:38 rootwrap.conf

and my /etc/neutron/plugin.ini

# ll egrep -v "^[[:space:]]*$|^#" /etc/neutron/plugin.ini
lrwxrwxrwx. 1 root neutron 24 Oct 14 15:47 /etc/neutron/plugin.ini -> plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch
[ml2_type_flat]
[ml2_type_vlan]
[ml2_type_gre]
[ml2_type_vxlan]
vni_ranges = 10:2000
vxlan_group = 239.1.1.2
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True

and here is what is in /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

# ll /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
-rw-r-----. 1 root neutron 6533 Oct 23 11:07 /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
[ovs]
[OVS]
local_ip = 192.168.1.13
enable_tunneling = True
tunnel_bridge = br-tun
integration_bridge = br-int
[agent]
polling_interval = 2
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True

Here is what I see in the qrouter

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1008 (1008.0 b)  TX bytes:1008 (1008.0 b)

qg-32881dcd-45 Link encap:Ethernet  HWaddr FA:16:3E:6F:02:84
          inet addr:10.11.19.155  Bcast:10.11.19.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe6f:284/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:2027383 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:128824572 (122.8 MiB)  TX bytes:1896 (1.8 KiB)

qr-f9fb9aef-90 Link encap:Ethernet  HWaddr FA:16:3E:5C:1B:25
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe5c:1b25/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:608 (608.0 b)  TX bytes:936 (936.0 b)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.11.19.0    0.0.0.0         255.255.255.0   U     0      0        0 br-ex
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
0.0.0.0         10.11.19.1    0.0.0.0         UG    0      0        0 br-ex

When trying to ping the gateway from within the namespace it is unreachable i.e.

# ip netns exec qrouter-cf07b71d-5ef4-42c5-92b7-a42671e48c00 ping 10.11.19.1
PING 10.11.19.1 (10.11.19.1) 56(84) bytes of data.
From 10.11.19.155 icmp_seq=2 Destination Host Unreachable
From 10.11.19.155 icmp_seq=3 Destination Host Unreachable
From 10.11.19.155 icmp_seq=4 Destination Host Unreachable
^C
--- 10.11.19.1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4496ms

Any and all help would be greately appreciated.