Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Cannot ping external network from tenant network



Hello,

I hava setup of 1 servers
Cannot ping external network from tenant network

thank you for your help!

==============================================
  TROUBLE CASE
==============================================
 CASE 1. instance 10.0.0.3 <-> br-ex            192.168.20.200 (ssh, ping OK!!!) 
 CASE 2. instance 10.0.0.3 <-> external network 192.168.20.1 (ssh, ping X)


[root@stack2 pkg(keystone_demo)]# nova list
+--------------------------------------+------+--------+------------+-------------+---------------------------------+
| ID                                   | Name | Status | Task State | Power State | Networks                        |
+--------------------------------------+------+--------+------------+-------------+---------------------------------+
| 39458cc1-020e-4fa6-a013-372a57a5643c | vm1  | ACTIVE | -          | Running     | private=10.0.0.3, 192.168.20.91 |
| 141c64dc-e156-4441-aea1-d9f0c8c359b6 | vm2  | ACTIVE | -          | Running     | private=10.0.0.4, 192.168.20.92 |
+--------------------------------------+------+--------+------------+-------------+---------------------------------+

[root@stack2 network(keystone_demo)]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+


==========  CASE 1 ======================================

##################################
 HOST -> External gateway PING
##################################
[root@stack2 network-scripts(keystone_admin)]# ping -c3 192.168.20.1
PING 192.168.20.1 (192.168.20.1) 56(84) bytes of data.
64 bytes from 192.168.20.1: icmp_seq=1 ttl=64 time=0.295 ms
64 bytes from 192.168.20.1: icmp_seq=2 ttl=64 time=0.169 ms
64 bytes from 192.168.20.1: icmp_seq=3 ttl=64 time=0.240 ms

--- 192.168.20.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.169/0.234/0.295/0.054 ms


#########################################
 HOST -> instance(VM) Floating IP PING
#########################################
[root@stack2 network-scripts(keystone_admin)]# ping -c3 192.168.20.91
PING 192.168.20.91 (192.168.20.91) 56(84) bytes of data.
64 bytes from 192.168.20.91: icmp_seq=1 ttl=63 time=2.68 ms
64 bytes from 192.168.20.91: icmp_seq=2 ttl=63 time=0.218 ms
64 bytes from 192.168.20.91: icmp_seq=3 ttl=63 time=0.274 ms

--- 192.168.20.91 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms


#########################################
 HOST -> instance Floating IP ssh
#########################################
[root@stack2 network-scripts(keystone_admin)]# ssh cirros@192.168.20.91
cirros@192.168.20.91's password: 
$ sudo su
$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.1        0.0.0.0         UG    0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0

##########################
 instance -> br-ex PING
##########################
$ ping -c3 192.168.20.167
PING 192.168.20.167 (192.168.20.167): 56 data bytes
64 bytes from 192.168.20.167: seq=0 ttl=63 time=0.888 ms
64 bytes from 192.168.20.167: seq=1 ttl=63 time=0.571 ms
64 bytes from 192.168.20.167: seq=2 ttl=63 time=0.454 ms

--- 192.168.20.167 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.454/0.637/0.888 ms


###############################################
 instance -> external gateway PING ===> FAIL
###############################################
$ ping -c3 192.168.20.1
PING 192.168.20.1 (192.168.20.1): 56 data bytes
^C
--- 192.168.20.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss


###############################################
 instance -> HOST ssh
###############################################
$ ssh 192.168.20.167
root@192.168.20.167's password: 
Last login: Sat Feb 28 15:32:13 2015 from vm1
[root@stack2 ~]# 
[root@stack2 ~]# who
root     pts/2        Feb 28 14:36 (kvm1.mmrf.kr)
root     pts/3        Feb 28 15:24 (kvm1.mmrf.kr)
root     pts/4        Feb 28 15:32 (vm1)



==========  CASE 2 ======================================

####################################
 HOST2 -> HOST(Openstack) PING
####################################
[root@stack3 ~]# ifconfig eth2
eth2      Link encap:Ethernet  HWaddr 00:14:4A:23:A2:19  
          inet addr:192.168.20.180  Bcast:192.168.20.255  Mask:255.255.255.0
          inet6 addr: fe80::214:4aff:fe23:a219/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:552 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:62696 (61.2 KiB)  TX bytes:676 (676.0 b)


[root@stack3 ~]# ping -c3 192.168.20.167
PING 192.168.20.167 (192.168.20.167) 56(84) bytes of data.
64 bytes from 192.168.20.167: icmp_seq=1 ttl=64 time=1.01 ms
64 bytes from 192.168.20.167: icmp_seq=2 ttl=64 time=0.149 ms
64 bytes from 192.168.20.167: icmp_seq=3 ttl=64 time=0.169 ms

--- 192.168.20.167 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.149/0.444/1.015/0.403 ms


#########################################################
 HOST2 -> HOST(Openstack) instance Floating IP PING
#########################################################
[root@stack3 ~]# ping -c3 192.168.20.91 
PING 192.168.20.91 (192.168.20.91) 56(84) bytes of data.
From 192.168.20.180 icmp_seq=1 Destination Host Unreachable
From 192.168.20.180 icmp_seq=2 Destination Host Unreachable
From 192.168.20.180 icmp_seq=3 Destination Host Unreachable

--- 192.168.20.91 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3000ms
pipe 3


#########################################################
 instance -> HOST2 PING
#########################################################
$ ping -c3 192.168.20.180
PING 192.168.20.180 (192.168.20.180): 56 data bytes
^C
--- 192.168.20.180 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss


#########################################################
 instance -> HOST br-ex PING
#########################################################
$ ping -c3 192.168.20.167
PING 192.168.20.167 (192.168.20.167): 56 data bytes
64 bytes from 192.168.20.167: seq=0 ttl=63 time=1.560 ms
64 bytes from 192.168.20.167: seq=1 ttl=63 time=0.460 ms
64 bytes from 192.168.20.167: seq=2 ttl=63 time=0.482 ms

--- 192.168.20.167 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.460/0.834/1.560 ms


###############################################################
 instance -> curl http://169.254.169.254/latest/meta-data
###############################################################
$ ifconfig
eth0      Link encap:Ethernet  HWaddr FA:16:3E:80:C0:B0  
          inet addr:10.0.0.3  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::f816:3eff:fe80:c0b0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:936 errors:0 dropped:0 overruns:0 frame:0
          TX packets:860 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:100254 (97.9 KiB)  TX bytes:95972 (93.7 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

$ curl http://169.254.169.254/latest/meta-data
ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
ramdisk-id
reservation-id
security-groups

###############################################################
 HOST namespace -> PING TEST
###############################################################
[root@stack2 ~(keystone_admin)]# ip netns exec `ip netns|grep qrouter` ping 192.168.20.167
PING 192.168.20.167 (192.168.20.167) 56(84) bytes of data.
64 bytes from 192.168.20.167: icmp_seq=1 ttl=64 time=1.05 ms
64 bytes from 192.168.20.167: icmp_seq=2 ttl=64 time=0.023 ms
64 bytes from 192.168.20.167: icmp_seq=3 ttl=64 time=0.022 ms
^C
--- 192.168.20.167 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2114ms
rtt min/avg/max/mdev = 0.022/0.367/1.057/0.487 ms


[root@stack2 ~(keystone_admin)]# ip netns exec `ip netns|grep qrouter` ping 192.168.20.1
PING 192.168.20.1 (192.168.20.1) 56(84) bytes of data.
From 192.168.20.90 icmp_seq=2 Destination Host Unreachable
From 192.168.20.90 icmp_seq=3 Destination Host Unreachable
From 192.168.20.90 icmp_seq=4 Destination Host Unreachable
^C
--- 192.168.20.1 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3125ms
pipe 3

[root@stack2 ~(keystone_admin)]# ip netns exec `ip netns|grep qrouter` route -n         
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.20.0    0.0.0.0         255.255.255.0   U     0      0        0 qg-339ccee8-f2
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 qr-88a577f9-cc
0.0.0.0         192.168.20.1    0.0.0.0         UG    0      0        0 qg-339ccee8-f2



==============================================
  ENVIRONMENT
==============================================
 - OS      : CentOS 6.6
 - Version : ICEHOUSE 4, Redhat Platform 5 
 - Packstack Install (One NODE)  
 - Network Type : vxlan


===========================
  NETWORK
===========================
 - External   Network : 192.168.20.0/24   (eth2 promisc -> br-ex)
 - Management Network : 192.168.10.0/24   (eth0 promisc)
 - API        Network : 192.168.0.0/24    (eth1 promisc)
 - Tenant     Network : 10.0.0.0/24        


===========================
  STATUS
===========================
[root@stack2 pkg(keystone_admin)]# neutron agent-list
+--------------------------------------+--------------------+----------------+-------+----------------+
| id                                   | agent_type         | host           | alive | admin_state_up |
+--------------------------------------+--------------------+----------------+-------+----------------+
| 19f8504b-8323-447c-b974-c945b3b87acb | L3 agent           | stack2.mmrf.kr | :-)   | True           |
| d20b9380-6d14-41dd-baa2-b10f973cc519 | Open vSwitch agent | stack2.mmrf.kr | :-)   | True           |
| e86c7b2b-ccdb-40f8-8b33-0861772bc9b8 | Metadata agent     | stack2.mmrf.kr | :-)   | True           |
| e9b86191-0736-4e78-b386-66f48e082f43 | DHCP agent         | stack2.mmrf.kr | :-)   | True           |
+--------------------------------------+--------------------+----------------+-------+----------------+

[root@stack2 pkg(keystone_admin)]# ovs-vsctl show
fc2e40de-4d67-4d6e-9baa-ea4cf4d215ce
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "eth2"
            Interface "eth2"
        Port "tap339ccee8-f2"
            Interface "tap339ccee8-f2"
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-int
        fail_mode: secure
        Port "qvod52704eb-6a"
            tag: 1
            Interface "qvod52704eb-6a"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "tap88a577f9-cc"
            tag: 1
            Interface "tap88a577f9-cc"
        Port br-int
            Interface br-int
                type: internal
        Port "tapb2ef9350-92"
            tag: 1
            Interface "tapb2ef9350-92"
                type: internal
        Port "qvo21a7709a-49"
            tag: 1
            Interface "qvo21a7709a-49"
    ovs_version: "2.1.3"



[root@stack2 pkg(keystone_admin)]# ip netns
qrouter-cdcba36a-47b2-4311-8eab-a3cb35e44208
qdhcp-622b5a21-4645-4e20-b403-0efe849acd71

[root@stack2 pkg(keystone_admin)]# ip netns exec `ip netns|grep qrouter` route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.20.0    0.0.0.0         255.255.255.0   U     0      0        0 qg-339ccee8-f2
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 qr-88a577f9-cc
0.0.0.0         192.168.20.1    0.0.0.0         UG    0      0        0 qg-339ccee8-f2


[root@stack2 pkg(keystone_admin)]# ip netns exec `ip netns|grep qrouter` ip a s
20: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
21: qr-88a577f9-cc: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether fa:16:3e:a1:37:88 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-88a577f9-cc
    inet6 fe80::f816:3eff:fea1:3788/64 scope link 
       valid_lft forever preferred_lft forever
23: qg-339ccee8-f2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether fa:16:3e:3d:7e:80 brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.90/24 brd 192.168.20.255 scope global qg-339ccee8-f2
    inet 192.168.20.91/32 brd 192.168.20.91 scope global qg-339ccee8-f2
    inet 192.168.20.92/32 brd 192.168.20.92 scope global qg-339ccee8-f2
    inet6 fe80::f816:3eff:fe3d:7e80/64 scope link 
       valid_lft forever preferred_lft forever

[root@stack2 pkg(keystone_admin)]# ip netns exec `ip netns|grep qrouter` iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N neutron-filter-top
-N neutron-l3-agent-FORWARD
-N neutron-l3-agent-INPUT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-local
-A INPUT -j neutron-l3-agent-INPUT 
-A FORWARD -j neutron-filter-top 
-A FORWARD -j neutron-l3-agent-FORWARD 
-A OUTPUT -j neutron-filter-top 
-A OUTPUT -j neutron-l3-agent-OUTPUT 
-A neutron-filter-top -j neutron-l3-agent-local 
-A neutron-l3-agent-INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 9697 -j ACCEPT 


[root@stack2 pkg(keystone_admin)]# ip netns exec `ip netns|grep qrouter` iptables -S -t nat
-P PREROUTING ACCEPT
-P POSTROUTING ACCEPT
-P OUTPUT ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING 
-A POSTROUTING -j neutron-l3-agent-POSTROUTING 
-A POSTROUTING -j neutron-postrouting-bottom 
-A OUTPUT -j neutron-l3-agent-OUTPUT 
-A neutron-l3-agent-OUTPUT -d 192.168.20.92/32 -j DNAT --to-destination 10.0.0.4 
-A neutron-l3-agent-OUTPUT -d 192.168.20.91/32 -j DNAT --to-destination 10.0.0.3 
-A neutron-l3-agent-POSTROUTING ! -i qg-339ccee8-f2 ! -o qg-339ccee8-f2 -m conntrack ! --ctstate DNAT -j ACCEPT 
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697 
-A neutron-l3-agent-PREROUTING -d 192.168.20.92/32 -j DNAT --to-destination 10.0.0.4 
-A neutron-l3-agent-PREROUTING -d 192.168.20.91/32 -j DNAT --to-destination 10.0.0.3 
-A neutron-l3-agent-float-snat -s 10.0.0.4/32 -j SNAT --to-source 192.168.20.92 
-A neutron-l3-agent-float-snat -s 10.0.0.3/32 -j SNAT --to-source 192.168.20.91 
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat 
-A neutron-l3-agent-snat -s 10.0.0.0/24 -j SNAT --to-source 192.168.20.90 
-A neutron-postrouting-bottom -j neutron-l3-agent-snat 


[root@stack2 pkg(keystone_admin)]# ip netns exec `ip netns|grep qrouter` sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296


[root@stack2 network-scripts(keystone_admin)]# cat ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
PROMISC=yes
IPADDR=192.168.10.167
PREFIX=24

[root@stack2 network-scripts(keystone_admin)]# 
[root@stack2 network-scripts(keystone_admin)]# cat ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
PROMISC=yes
IPADDR=192.168.0.167
PREFIX=24

[root@stack2 network-scripts(keystone_admin)]# cat ifcfg-eth2
DEVICE=eth2
ONBOOT=yes
BOOTPROTO=none
PROMISC=yes
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex

[root@stack2 network-scripts(keystone_admin)]# cat ifcfg-br-ex
DEVICE=br-ex
ONBOOT=yes
BOOTPROTO=static
DEVICETYPE=ovs
TYPE=OVSBridge
IPADDR=192.168.20.167
PREFIX=24
GATEWAY=192.168.20.1


[root@stack2 network-scripts(keystone_admin)]# brctl show
bridge name bridge id       STP enabled interfaces
qbr21a7709a-49      8000.023a4830f33c   no      qvb21a7709a-49
                            tap21a7709a-49
qbrd52704eb-6a      8000.46c2636ce3a3   no      qvbd52704eb-6a
                            tapd52704eb-6a


[root@stack2 network-scripts(keystone_admin)]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.20.0    0.0.0.0         255.255.255.0   U     0      0        0 br-ex
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eth1
169.254.0.0     0.0.0.0         255.255.0.0     U     1004   0        0 eth2
169.254.0.0     0.0.0.0         255.255.0.0     U     1009   0        0 br-ex
0.0.0.0         192.168.20.1    0.0.0.0         UG    0      0        0 br-ex


[root@stack2 pkg(keystone_admin)]# ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:14:4a:23:a2:11 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.167/24 brd 192.168.10.255 scope global eth0
    inet6 fe80::214:4aff:fe23:a211/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:14:4a:23:a2:18 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.167/24 brd 192.168.0.255 scope global eth1
    inet6 fe80::214:4aff:fe23:a218/64 scope link 
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:14:4a:23:a2:17 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::214:4aff:fe23:a217/64 scope link 
       valid_lft forever preferred_lft forever
5: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether ea:1d:83:65:f1:4a brd ff:ff:ff:ff:ff:ff
6: br-int: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether be:53:55:ff:e1:4c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::bc53:55ff:feff:e14c/64 scope link 
       valid_lft forever preferred_lft forever
9: br-ex: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 00:14:4a:23:a2:17 brd ff:ff:ff:ff:ff:ff
    inet 192.168.20.167/24 brd 192.168.20.255 scope global br-ex
    inet6 fe80::c84b:edff:fe7c:d8/64 scope link 
       valid_lft forever preferred_lft forever
11: br-tun: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether a2:ec:72:c2:35:4a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::1cf6:32ff:fe9e:6fc0/64 scope link 
       valid_lft forever preferred_lft forever
12: qbrd52704eb-6a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 46:c2:63:6c:e3:a3 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e023:c1ff:fe97:395/64 scope link 
       valid_lft forever preferred_lft forever
13: qvod52704eb-6a: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 9a:f2:26:ba:0e:6a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::98f2:26ff:feba:e6a/64 scope link 
       valid_lft forever preferred_lft forever
14: qvbd52704eb-6a: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 46:c2:63:6c:e3:a3 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::44c2:63ff:fe6c:e3a3/64 scope link 
       valid_lft forever preferred_lft forever
15: qbr21a7709a-49: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 02:3a:48:30:f3:3c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9853:7eff:feea:2a14/64 scope link 
       valid_lft forever preferred_lft forever
16: qvo21a7709a-49: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 22:26:15:ee:b0:b4 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::2026:15ff:feee:b0b4/64 scope link 
       valid_lft forever preferred_lft forever
17: qvb21a7709a-49: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:3a:48:30:f3:3c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::3a:48ff:fe30:f33c/64 scope link 
       valid_lft forever preferred_lft forever
22: tap88a577f9-cc: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 36:90:c5:bb:95:10 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::3490:c5ff:febb:9510/64 scope link 
       valid_lft forever preferred_lft forever
24: tap339ccee8-f2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether ce:81:f9:d7:59:37 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::cc81:f9ff:fed7:5937/64 scope link 
       valid_lft forever preferred_lft forever
25: tap21a7709a-49: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:16:3e:18:0b:eb brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc16:3eff:fe18:beb/64 scope link 
       valid_lft forever preferred_lft forever
26: tapd52704eb-6a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:16:3e:80:c0:b0 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc16:3eff:fe80:c0b0/64 scope link 
       valid_lft forever preferred_lft forever


[root@stack2 pkg(keystone_admin)]# neutron net-list
+--------------------------------------+---------+------------------------------------------------------+
| id                                   | name    | subnets                                              |
+--------------------------------------+---------+------------------------------------------------------+
| 622b5a21-4645-4e20-b403-0efe849acd71 | private | e36d2734-95a3-40c0-b22a-008dbca8c893 10.0.0.0/24     |
| 3f0ceeaa-c855-4d73-a575-c693bbdc1314 | public  | 5f5706ae-b409-4938-a298-1d7afb243821 192.168.20.0/24 |
+--------------------------------------+---------+------------------------------------------------------+

[root@stack2 pkg(keystone_admin)]# neutron net-show public
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | 3f0ceeaa-c855-4d73-a575-c693bbdc1314 |
| name                      | public                               |
| provider:network_type     | vxlan                                |
| provider:physical_network |                                      |
| provider:segmentation_id  | 10                                   |
| router:external           | True                                 |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   | 5f5706ae-b409-4938-a298-1d7afb243821 |
| tenant_id                 | 1e05753fb6e441e997a2051e14951a9a     |
+---------------------------+--------------------------------------+

[root@stack2 pkg(keystone_admin)]# neutron net-show private
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | 622b5a21-4645-4e20-b403-0efe849acd71 |
| name                      | private                              |
| provider:network_type     | vxlan                                |
| provider:physical_network |                                      |
| provider:segmentation_id  | 11                                   |
| router:external           | False                                |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   | e36d2734-95a3-40c0-b22a-008dbca8c893 |
| tenant_id                 | 044c0f0f5b0f48daa11896ca3272369b     |
+---------------------------+--------------------------------------+

[root@stack2 pkg(keystone_admin)]# neutron subnet-list
+--------------------------------------+----------------+-----------------+----------------------------------------------------+
| id                                   | name           | cidr            | allocation_pools                                   |
+--------------------------------------+----------------+-----------------+----------------------------------------------------+
| e36d2734-95a3-40c0-b22a-008dbca8c893 | private_subnet | 10.0.0.0/24     | {"start": "10.0.0.2", "end": "10.0.0.254"}         |
| 5f5706ae-b409-4938-a298-1d7afb243821 | public_subnet  | 192.168.20.0/24 | {"start": "192.168.20.90", "end": "192.168.20.99"} |
+--------------------------------------+----------------+-----------------+----------------------------------------------------+


[root@stack2 pkg(keystone_admin)]# neutron router-list
+--------------------------------------+-------------+-----------------------------------------------------------------------------+
| id                                   | name        | external_gateway_info                                                       |
+--------------------------------------+-------------+-----------------------------------------------------------------------------+
| cdcba36a-47b2-4311-8eab-a3cb35e44208 | demo_router | {"network_id": "3f0ceeaa-c855-4d73-a575-c693bbdc1314", "enable_snat": true} |
+--------------------------------------+-------------+-----------------------------------------------------------------------------+

[root@stack2 pkg(keystone_admin)]# neutron router-port-list demo_router
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                            |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| 339ccee8-f2b7-4dca-ba12-df2b8b5a9ac4 |      | fa:16:3e:3d:7e:80 | {"subnet_id": "5f5706ae-b409-4938-a298-1d7afb243821", "ip_address": "192.168.20.90"} |
| 88a577f9-ccfc-46fb-a7a9-b4de3a90c78f |      | fa:16:3e:a1:37:88 | {"subnet_id": "e36d2734-95a3-40c0-b22a-008dbca8c893", "ip_address": "10.0.0.1"}      |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+



[root@stack2 pkg(keystone_admin)]# neutron port-list
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                            |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
| 21a7709a-496a-4e9b-9aea-4fa8e2f684e4 |      | fa:16:3e:18:0b:eb | {"subnet_id": "e36d2734-95a3-40c0-b22a-008dbca8c893", "ip_address": "10.0.0.4"}      |
| 339ccee8-f2b7-4dca-ba12-df2b8b5a9ac4 |      | fa:16:3e:3d:7e:80 | {"subnet_id": "5f5706ae-b409-4938-a298-1d7afb243821", "ip_address": "192.168.20.90"} |
| 88a577f9-ccfc-46fb-a7a9-b4de3a90c78f |      | fa:16:3e:a1:37:88 | {"subnet_id": "e36d2734-95a3-40c0-b22a-008dbca8c893", "ip_address": "10.0.0.1"}      |
| b2ef9350-92cb-4030-8873-da9ea1f4b6f8 |      | fa:16:3e:c9:8c:cf | {"subnet_id": "e36d2734-95a3-40c0-b22a-008dbca8c893", "ip_address": "10.0.0.2"}      |
| ce77eda6-6250-42bc-931b-d908be32d56c |      | fa:16:3e:df:a3:d3 | {"subnet_id": "5f5706ae-b409-4938-a298-1d7afb243821", "ip_address": "192.168.20.91"} |
| d52704eb-6a22-4a97-a4fa-77ffaacfc345 |      | fa:16:3e:80:c0:b0 | {"subnet_id": "e36d2734-95a3-40c0-b22a-008dbca8c893", "ip_address": "10.0.0.3"}      |
| f31e9c89-5efb-4b65-b5bf-54f5d650d8c1 |      | fa:16:3e:97:ac:44 | {"subnet_id": "5f5706ae-b409-4938-a298-1d7afb243821", "ip_address": "192.168.20.92"} |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+


===========================
  CONFIGURATION FILE
===========================

#####################
  neutron.conf
#####################
[root@stack2 neutron(keystone_admin)]# grep -v ^# neutron.conf
[DEFAULT]
verbose = True
debug = False
use_syslog = False
log_dir =/var/log/neutron
bind_host = 0.0.0.0
bind_port = 9696
core_plugin =neutron.plugins.ml2.plugin.Ml2Plugin
service_plugins =neutron.services.l3_router.l3_router_plugin.L3RouterPlugin,neutron.services.firewall.fwaas_plugin.FirewallPlugin
auth_strategy = keystone
base_mac = fa:16:3e:00:00:00
mac_generation_retries = 16
dhcp_lease_duration = 86400
dhcp_agent_notification = True
allow_bulk = True
allow_pagination = False
allow_sorting = False
allow_overlapping_ips = True
rpc_backend = neutron.openstack.common.rpc.impl_kombu
control_exchange = neutron
rabbit_host = 192.168.10.167
rabbit_password = guest
rabbit_port = 5672
rabbit_hosts = 192.168.10.167:5672
rabbit_userid = guest
rabbit_virtual_host = /
rabbit_ha_queues = False
agent_down_time = 75
router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler
dhcp_agents_per_network = 1
api_workers = 0
use_ssl = False
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://192.168.10.167:8774/v2
nova_region_name =RegionOne
nova_admin_username =nova
nova_admin_tenant_id =1e05753fb6e441e997a2051e14951a9a
nova_admin_password =fishkun
nova_admin_auth_url =http://192.168.10.167:35357/v2.0
send_events_interval = 2
rabbit_use_ssl=False

[quotas]

[agent]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
report_interval = 30

[keystone_authtoken]
auth_host = 192.168.10.167
auth_port = 35357
auth_protocol = http
admin_tenant_name = services
admin_user = neutron
admin_password = fishkun
auth_uri=http://192.168.10.167:5000/

[database]
connection = mysql://neutron:fishkun@192.168.10.167/neutron
max_retries = 10
retry_interval = 10
idle_timeout = 3600

[service_providers]
service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default


#####################
  ml2_conf.ini
#####################
[root@stack2 ml2(keystone_admin)]# grep -v ^# ml2_conf.ini 
[ml2]
type_drivers = vxlan
tenant_network_types = vxlan
mechanism_drivers =openvswitch

[ml2_type_flat]

[ml2_type_vlan]

[ml2_type_gre]

[ml2_type_vxlan]
vni_ranges =10:100
vxlan_group =224.0.0.1

[securitygroup]
enable_security_group = True


##############################
  ovs_neutron_plugin.ini
##############################
[root@stack2 openvswitch(keystone_admin)]# grep -v ^# ovs_neutron_plugin.ini
[ovs]
enable_tunneling = False
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip =192.168.0.167

[agent]
polling_interval = 2
tunnel_types =vxlan
vxlan_udp_port =4789
l2_population = False
arp_responder=True

[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
tunnel_id_ranges = 1:1000