Revision history [back]

Cause for strange network config?

Trying to set up Kilo on Centos according to the install guide, I hit a brick wall with neutron configuration.

This is what I expect on the network node after launching an instance and associating a floating IP with it:

  • The qrouter-xxxxx NW namespace has NAT configured, and contains the router's gateway interface with the floating IP
  • br-ex contains the router's gateway interface, qg-yyyyyyy

Instead, I don't see any NAT, and qg-yyyyyy is plugged into br-int. Details below.

Any idea what misconfiguration could cause this? I have gone over the config files several times and can't find anything wrong. If you have suggestions what to look for in the database, they would be welcome as well.

Or is the config correct, and the fact that I can't ping my instance is caused by something else? (but how is a packet supposed to go to the instance without NAT??)

Below: No NAT. The router's IP is, the floating IP is - at least that has been configured.

# ip netns exec qrouter-3baec6ff-2dcd-4eae-b6e7-4e10e6610df9 sh
# ip a
(removed interfaces lo and qr-zzzzzzz)
12: qg-9f212d17-bb: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:76:75:9e brd ff:ff:ff:ff:ff:ff
    inet brd scope global qg-9f212d17-bb
       valid_lft forever preferred_lft forever
    inet brd scope global qg-9f212d17-bb
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe76:759e/64 scope link 
       valid_lft forever preferred_lft forever

# iptables -S
-N neutron-filter-top
-N neutron-l3-agent-FORWARD
-N neutron-l3-agent-INPUT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-local
-A INPUT -j neutron-l3-agent-INPUT
-A FORWARD -j neutron-filter-top
-A FORWARD -j neutron-l3-agent-FORWARD
-A OUTPUT -j neutron-filter-top
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A neutron-filter-top -j neutron-l3-agent-local
-A neutron-l3-agent-INPUT -m mark --mark 0x1 -j ACCEPT
-A neutron-l3-agent-INPUT -p tcp -m tcp --dport 9697 -j DROP

Below: Strange OVS config. Note that br-int contains the qg-yyyy interface, which I would expect to be plugged into br-ex.

# ovs-vsctl show
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port "eth3"
            Interface "eth3"
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "gre-0a000183"
            Interface "gre-0a000183"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="", out_key=flow, remote_ip=""}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-int
        fail_mode: secure
        Port "qg-9f212d17-bb"
            tag: 2
            Interface "qg-9f212d17-bb"
                type: internal
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qr-3ae9346b-a8"
            tag: 1
            Interface "qr-3ae9346b-a8"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "tap3c4dc956-08"
            tag: 1
            Interface "tap3c4dc956-08"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
    ovs_version: "2.3.1"