Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Instance fails to spawn with nic on provider network - binding:vif_type binding_failed

Plenty of similar questions arround, one seems to have the exact problem but was closed without actualy solving it:

https://ask.openstack.org/en/question/53430/instance-fails-to-spawn-with-unexpected-vif_typebinding_failed/

The conclusion of the above seemed to be "I can live with assigning floating IPs". Whell, I would like to be able to create instances with an interface on the provider network only.

My problem is this: 4 nodes Juno, two provider networks (vlan type) and vxlan type tenant network(s). What works:

  • I can create instances with nic(s) in tenant networks
  • I can add floating IPs from either or both provider networks (from the subnets attached to them to be precise)

What fails: - Creating an instance with a nic in either of the provider networks. The atempt results in an instance like this:

| 0bf8fcc7-3534-41c0-8b9d-98fef037bccc | testOntenant2 | ERROR  | - | NOSTATE   | pdmz=10.50.6.14 |

The port of the (failed) instance looks like this:

+-----------------------+--------------------------------------------------------------------------+
| Field                 | Value                                                                    |
+-----------------------+--------------------------------------------------------------------------+
| admin_state_up        | True                                                                     |
| allowed_address_pairs |                                                                          |
| binding:host_id       | ostack-comp4                                                             |
| binding:profile       | {}                                                                       |
| binding:vif_details   | {}                                                                       |
| binding:vif_type      | binding_failed                                                           |
| binding:vnic_type     | normal                                                                   |
| device_id             | 0bf8fcc7-3534-41c0-8b9d-98fef037bccc                                     |
| device_owner          | compute:nova                                                             |
| extra_dhcp_opts       |                                                                          |
| fixed_ips             | {"subnet_id": "da60ada1-873e...dffe8056853", "ip_address": "10.50.6.14"} |
| id                    | 55efd2a8-5ea7-4a8d-91c5-cb65a209fd61                                     |
| mac_address           | fa:16:3e:56:17:4b                                                        |
| name                  |                                                                          |
| network_id            | 9cd0566c-7e12-413d-b515-328c479c59af                                     |
| security_groups       | 12f73c35-ac93-40f3-a65e-d11d0e589652                                     |
| status                | DOWN                                                                     |
| tenant_id             | fdb4ca1402d941af884ba0cd7f68a761                                         |
+-----------------------+--------------------------------------------------------------------------+

and the "not so relevant" logs are:

neutron-server: WARNING neutron.plugins.ml2.managers [req-3c446ec8-ba45-4ba5-b1a6-d40fe21cccb4 None] Failed to bind port 55efd2a8-5ea7-4a8d-91c5-cb65a209fd61 on host ostack-comp4

TRACE nova.compute.manager [instance: 0bf8fcc7-3534-41c0-8b9d-98fef037bccc] NovaException: Unexpected vif_type=binding_failed

Instance fails to spawn with nic on provider network - binding:vif_type binding_failed

Plenty of similar questions arround, one seems to have the exact problem but was closed without actualy solving it:

https://ask.openstack.org/en/question/53430/instance-fails-to-spawn-with-unexpected-vif_typebinding_failed/

The conclusion of the above seemed to be "I can live with assigning floating IPs". Whell, I would like to be able to create instances with an interface on the provider network only.

My problem is this: 4 nodes Juno, two provider networks (vlan type) and vxlan type tenant network(s). What works:

  • I can create instances with nic(s) in tenant networks
  • I can add floating IPs from either or both provider networks (from the subnets attached to them to be precise)

What fails: - Creating an instance with a nic in either of the provider networks. The atempt results in an instance like this:

| 0bf8fcc7-3534-41c0-8b9d-98fef037bccc | testOntenant2 | ERROR  | - | NOSTATE   | pdmz=10.50.6.14 |

The port of the (failed) instance looks like this:

+-----------------------+--------------------------------------------------------------------------+
| Field                 | Value                                                                    |
+-----------------------+--------------------------------------------------------------------------+
| admin_state_up        | True                                                                     |
| allowed_address_pairs |                                                                          |
| binding:host_id       | ostack-comp4                                                             |
| binding:profile       | {}                                                                       |
| binding:vif_details   | {}                                                                       |
| binding:vif_type      | binding_failed                                                           |
| binding:vnic_type     | normal                                                                   |
| device_id             | 0bf8fcc7-3534-41c0-8b9d-98fef037bccc                                     |
| device_owner          | compute:nova                                                             |
| extra_dhcp_opts       |                                                                          |
| fixed_ips             | {"subnet_id": "da60ada1-873e...dffe8056853", "ip_address": "10.50.6.14"} |
| id                    | 55efd2a8-5ea7-4a8d-91c5-cb65a209fd61                                     |
| mac_address           | fa:16:3e:56:17:4b                                                        |
| name                  |                                                                          |
| network_id            | 9cd0566c-7e12-413d-b515-328c479c59af                                     |
| security_groups       | 12f73c35-ac93-40f3-a65e-d11d0e589652                                     |
| status                | DOWN                                                                     |
| tenant_id             | fdb4ca1402d941af884ba0cd7f68a761                                         |
+-----------------------+--------------------------------------------------------------------------+

and the "not so relevant" logs are:

neutron-server: WARNING neutron.plugins.ml2.managers [req-3c446ec8-ba45-4ba5-b1a6-d40fe21cccb4 None] Failed to bind port 55efd2a8-5ea7-4a8d-91c5-cb65a209fd61 on host ostack-comp4

TRACE nova.compute.manager [instance: 0bf8fcc7-3534-41c0-8b9d-98fef037bccc] NovaException: Unexpected vif_type=binding_failed

Update 1:

I've added the br-ex to all compute nodes:

    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "enp10s4f1"
            trunks: [206, 300]
            Interface "enp10s4f1"

And the openvswitch agent is (also) loading the ml2 configuration:

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = vxlan
mechanism_drivers =openvswitch
[ml2_type_flat]
[ml2_type_vlan]
network_vlan_ranges = provnet:206:206,provnet:300:300
bridge_mappings = provnet:br-ex
[ml2_type_gre]
[ml2_type_vxlan]
vni_ranges =10:100
vxlan_group =224.0.0.1
[securitygroup]
enable_security_group = True

Instance fails to spawn with nic on provider network - binding:vif_type binding_failed

Plenty of similar questions arround, one seems to have the exact problem but was closed without actualy solving it:

https://ask.openstack.org/en/question/53430/instance-fails-to-spawn-with-unexpected-vif_typebinding_failed/

The conclusion of the above seemed to be "I can live with assigning floating IPs". Whell, I would like to be able to create instances with an interface on the provider network only.

My problem is this: 4 nodes Juno, two provider networks (vlan type) and vxlan type tenant network(s). What works:

  • I can create instances with nic(s) in tenant networks
  • I can add floating IPs from either or both provider networks (from the subnets attached to them to be precise)

What fails: - Creating an instance with a nic in either of the provider networks. The atempt results in an instance like this:

| 0bf8fcc7-3534-41c0-8b9d-98fef037bccc | testOntenant2 | ERROR  | - | NOSTATE   | pdmz=10.50.6.14 |

The port of the (failed) instance looks like this:

+-----------------------+--------------------------------------------------------------------------+
| Field                 | Value                                                                    |
+-----------------------+--------------------------------------------------------------------------+
| admin_state_up        | True                                                                     |
| allowed_address_pairs |                                                                          |
| binding:host_id       | ostack-comp4                                                             |
| binding:profile       | {}                                                                       |
| binding:vif_details   | {}                                                                       |
| binding:vif_type      | binding_failed                                                           |
| binding:vnic_type     | normal                                                                   |
| device_id             | 0bf8fcc7-3534-41c0-8b9d-98fef037bccc                                     |
| device_owner          | compute:nova                                                             |
| extra_dhcp_opts       |                                                                          |
| fixed_ips             | {"subnet_id": "da60ada1-873e...dffe8056853", "ip_address": "10.50.6.14"} |
| id                    | 55efd2a8-5ea7-4a8d-91c5-cb65a209fd61                                     |
| mac_address           | fa:16:3e:56:17:4b                                                        |
| name                  |                                                                          |
| network_id            | 9cd0566c-7e12-413d-b515-328c479c59af                                     |
| security_groups       | 12f73c35-ac93-40f3-a65e-d11d0e589652                                     |
| status                | DOWN                                                                     |
| tenant_id             | fdb4ca1402d941af884ba0cd7f68a761                                         |
+-----------------------+--------------------------------------------------------------------------+

and the "not so relevant" logs are:

neutron-server: WARNING neutron.plugins.ml2.managers [req-3c446ec8-ba45-4ba5-b1a6-d40fe21cccb4 None] Failed to bind port 55efd2a8-5ea7-4a8d-91c5-cb65a209fd61 on host ostack-comp4

TRACE nova.compute.manager [instance: 0bf8fcc7-3534-41c0-8b9d-98fef037bccc] NovaException: Unexpected vif_type=binding_failed

Update 1:

I've added the br-ex to all compute nodes:

    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "enp10s4f1"
            trunks: [206, 300]
            Interface "enp10s4f1"

And the openvswitch agent is (also) loading the ml2 configuration:

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = vxlan
mechanism_drivers =openvswitch
[ml2_type_flat]
[ml2_type_vlan]
network_vlan_ranges = provnet:206:206,provnet:300:300
bridge_mappings = provnet:br-ex
[ml2_type_gre]
[ml2_type_vxlan]
vni_ranges =10:100
vxlan_group =224.0.0.1
[securitygroup]
enable_security_group = True

Update 2:

Following Sam's advice I've added the bridge mapping into [ovs] section on all nodes. That solved the problem of binding. The instance spawned on a compute node, a port got created on br-int on that node, patches got created to br-ex on the same node and openflow rules translate to the correct vlan tag on the provider network:

]# ovs-vsctl show
1bb865cf-d06a-4d50-80a7-9ca10d2e28e5
    Bridge br-int
        fail_mode: secure
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port br-int
            Interface br-int
                type: internal
        Port "qvoc9c60160-45"
            tag: 1
            Interface "qvoc9c60160-45"
    Bridge br-tun
            .... cut out for ...
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
        Port "enp10s4f1"
            trunks: [206, 300]
            Interface "enp10s4f1"
    ovs_version: "2.1.3"

At this point I will mark the question resolved as the answer was to provide layer 2 conectivity on compute nodes and use propper secrtion for the mapping. However, at the moment I still face problems and I would appreciate some pointers:

  • openstack doesn't provide IP information to the instance created in this way. (dhcp service disabled when creating the provider subnet). Any ideas how can i do this other than a dhcp server on the physical vlan?
  • the ip configured by hand in the instance above is not reachable. listening on the physical interface of br-ex while pinging from the instance doesn't show pachets reaching that far, looks like the patch between br-int and ext on the compute node doesn't work?!