Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Openstack deployment on two nodes with one NIC

Hi all, although I have some knowledge on the Openstack Architecture, I am quite new to its actual deployment.

I am trying install its basic components (Nova, Glance and Neutron) on a small cluster formed of two PCs, each having a single NIC available.

I am following this document guide: http://docs.openstack.org/icehouse/install-guide/install/yum/content/ch_overview.html

as I have Fedora 21 installed on both the machines.

I am trying to adapt the process as in that document three nodes are expected to be used, each having more than 1 NIC. I would like to deploy the network manager on the controller node.

I thought creating virtual NICs could have been a workaround but that did not work.

Could anybody provide a small guide on how to modify the network configuration (e.g. creating virtual NICs, linux bridges, etc) but still using that guide as reference?

Thanks in advance, Francesco.

Openstack deployment on two nodes with one NIC

Hi all, although I have some knowledge on the Openstack Architecture, I am quite new to its actual deployment.

I am trying install its basic components (Nova, Glance and Neutron) on a small cluster formed of two PCs, each having a single NIC available.

I am following this document guide: http://docs.openstack.org/icehouse/install-guide/install/yum/content/ch_overview.html

as I have Fedora 21 installed on both the machines.

I am trying to adapt the process as in that document three nodes are expected to be used, each having more than 1 NIC. I would like to deploy the network manager on the controller node.

I thought creating virtual NICs could have been a workaround but that did not work.

Could anybody provide a small guide on how to modify the network configuration (e.g. creating virtual NICs, linux bridges, etc) but still using that guide as reference?

Thanks in advance, Francesco.

UPDATE Hi, thanks again.

I have switched to CentOS 7.1 and I still have some doubts regarding the network configuration.

Both the machines (Controller/Network and Compute) are connected to the same private network 10.20.151.0/24, which is routed to Internet through the gw 10.20.151.1. On both machines, the NIC connected to this network is em1. DHCP is disabled on this network.

I would like to a have the VM instances connected to a different network (e.g. 192.168.1.0/24) and have IP addressed assigned through DHCP. I would also like each VM instance to be connected to Internet and being accessible via ssh from the Controller and/or computing node.

Could you please help me to figure out how to change the settings in the answer file to achieve that?

Thanks very much, Francesco.

Openstack deployment on two nodes with one NIC

Hi all, although I have some knowledge on the Openstack Architecture, I am quite new to its actual deployment.

I am trying install its basic components (Nova, Glance and Neutron) on a small cluster formed of two PCs, each having a single NIC available.

I am following this document guide: http://docs.openstack.org/icehouse/install-guide/install/yum/content/ch_overview.html

as I have Fedora 21 installed on both the machines.

I am trying to adapt the process as in that document three nodes are expected to be used, each having more than 1 NIC. I would like to deploy the network manager on the controller node.

I thought creating virtual NICs could have been a workaround but that did not work.

Could anybody provide a small guide on how to modify the network configuration (e.g. creating virtual NICs, linux bridges, etc) but still using that guide as reference?

Thanks in advance, Francesco.

UPDATE Hi, thanks again.

I have switched to CentOS 7.1 and I still have some doubts regarding the network configuration.

Both the machines (Controller/Network and Compute) are connected to the same private network 10.20.151.0/24, which is routed to Internet through the gw 10.20.151.1. On both machines, the NIC connected to this network is em1. DHCP is disabled on this network.

I would like to a have the VM instances connected to a different network (e.g. 192.168.1.0/24) and have IP addressed assigned through DHCP. I would also like each VM instance to be connected to Internet and being accessible via ssh from the Controller and/or computing node.

Could you please help me to figure out how to change the settings in the answer file to achieve that?

Thanks very much, Francesco.

Openstack deployment on two nodes with one NIC

Hi all, although I have some knowledge on the Openstack Architecture, I am quite new to its actual deployment.

I am trying install its basic components (Nova, Glance and Neutron) on a small cluster formed of two PCs, each having a single NIC available.

I am following this document guide: http://docs.openstack.org/icehouse/install-guide/install/yum/content/ch_overview.html

as I have Fedora 21 installed on both the machines.

I am trying to adapt the process as in that document three nodes are expected to be used, each having more than 1 NIC. I would like to deploy the network manager on the controller node.

I thought creating virtual NICs could have been a workaround but that did not work.

Could anybody provide a small guide on how to modify the network configuration (e.g. creating virtual NICs, linux bridges, etc) but still using that guide as reference?

Thanks in advance, Francesco.

UPDATE

I have switched to CentOS 7.1 and I still have some doubts regarding the network configuration.

Both the machines (Controller/Network and Compute) are connected to the same private network 10.20.151.0/24, which is routed to Internet through the gw 10.20.151.1. On both machines, the NIC connected to this network is em1. DHCP is disabled on this network.

I would like to a have the VM instances connected to a different network (e.g. 192.168.1.0/24) and have IP addressed addresses assigned through DHCP. I would also like each VM instance to be connected to Internet and being accessible via ssh from the Controller and/or computing node.

Could you please help me to figure out how to change the settings in the answer file to achieve that?

Thanks very much, Francesco.

Openstack deployment on two nodes with one NIC

Hi all, although I have some knowledge on the Openstack Architecture, I am quite new to its actual deployment.

I am trying install its basic components (Nova, Glance and Neutron) on a small cluster formed of two PCs, each having a single NIC available.

I am following this document guide: http://docs.openstack.org/icehouse/install-guide/install/yum/content/ch_overview.html

as I have Fedora 21 installed on both the machines.

I am trying to adapt the process as in that document three nodes are expected to be used, each having more than 1 NIC. I would like to deploy the network manager on the controller node.

I thought creating virtual NICs could have been a workaround but that did not work.

Could anybody provide a small guide on how to modify the network configuration (e.g. creating virtual NICs, linux bridges, etc) but still using that guide as reference?

Thanks in advance, Francesco.

UPDATEUPDATE 13/07/2015

I have switched to CentOS 7.1 and I still have some doubts regarding the network configuration.

Both the machines (Controller/Network and Compute) are connected to the same private network 10.20.151.0/24, which is routed to Internet through the gw 10.20.151.1. On both machines, the NIC connected to this network is em1. DHCP is disabled on this network.

I would like to a have the VM instances connected to a different network (e.g. 192.168.1.0/24) and have IP addresses assigned through DHCP. I would also like each VM instance to be connected to Internet and being accessible via ssh from the Controller and/or computing node.

Could you please help me to figure out how to change the settings in the answer file to achieve that?

Thanks very much, Francesco.

UPDATE 14/07/2015 After setting up the networks, subnets and router as advised, I cannot ping/ssh any VM instances. Furthermore I cannot ping any external IP from the VMs other than the virtual router (10.20.151.20) and the Network/Controller node.

On the Controller/Network:

ovs-vsctl show
91296ee0-4e36-420e-ba86-06995f4dba69
    Bridge br-int
        fail_mode: secure
        Port "qr-c15092f4-bb"
            tag: 1
            Interface "qr-c15092f4-bb"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "tapf3d9ab30-3e"
            tag: 1
            Interface "tapf3d9ab30-3e"
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "em1"
            Interface "em1"
        Port "qg-b9d315ce-54"
            Interface "qg-b9d315ce-54"
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-tun
        fail_mode: secure                                                                                                                                    
        Port patch-int                                                                                                                                       
            Interface patch-int                                                                                                                              
                type: patch                                                                                                                                  
                options: {peer=patch-tun}                                                                                                                    
        Port br-tun                                                                                                                                          
            Interface br-tun                                                                                                                                 
                type: internal                                                                                                                               
        Port "vxlan-0a14972f"                                                                                                                                
            Interface "vxlan-0a14972f"                                                                                                                       
                type: vxlan                                                                                                                                  
                options: {df_default="true", in_key=flow, local_ip="10.20.151.48", out_key=flow, remote_ip="10.20.151.47"}                                   
    ovs_version: "2.3.1"



cat /etc/sysconfig/network-scripts/ifcfg-em1 
#HWADDR=74:E6:E2:DA:3A:61
DEVICE="em1"
ONBOOT=yes
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE="br-ex"
#BOOTPROTO=none
#IPADDR=10.20.151.48
#PREFIX=24
#GATEWAY=10.20.151.1
#DNS1=161.74.92.5
#DEFROUTE=yes
#IPV4_FAILURE_FATAL=no
IPV6INIT=no
#UUID=a9beca21-64aa-4415-8e40-21674e795606



cat /etc/sysconfig/network-scripts/ifcfg-br-ex 
DEVICE=br-ex
DEVICETYPE=ovs
#TYPE=OVSBridge
TYPE="OVSIntPort"
OVS_BRIDGE="br-ex"
BOOTPROTO=static
IPADDR=10.20.151.48
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=10.20.151.1
DNS1=161.74.92.5
#DEFROUTE=yes

Any help is appreciated, thanks! Francesco.

Openstack deployment on two nodes with one NIC

Hi all, although I have some knowledge on the Openstack Architecture, I am quite new to its actual deployment.

I am trying install its basic components (Nova, Glance and Neutron) on a small cluster formed of two PCs, each having a single NIC available.

I am following this document guide: http://docs.openstack.org/icehouse/install-guide/install/yum/content/ch_overview.html

as I have Fedora 21 installed on both the machines.

I am trying to adapt the process as in that document three nodes are expected to be used, each having more than 1 NIC. I would like to deploy the network manager on the controller node.

I thought creating virtual NICs could have been a workaround but that did not work.

Could anybody provide a small guide on how to modify the network configuration (e.g. creating virtual NICs, linux bridges, etc) but still using that guide as reference?

Thanks in advance, Francesco.

UPDATE 13/07/2015

I have switched to CentOS 7.1 and I still have some doubts regarding the network configuration.

Both the machines (Controller/Network and Compute) are connected to the same private network 10.20.151.0/24, which is routed to Internet through the gw 10.20.151.1. On both machines, the NIC connected to this network is em1. DHCP is disabled on this network.

I would like to a have the VM instances connected to a different network (e.g. 192.168.1.0/24) and have IP addresses assigned through DHCP. I would also like each VM instance to be connected to Internet and being accessible via ssh from the Controller and/or computing node.

Could you please help me to figure out how to change the settings in the answer file to achieve that?

Thanks very much, Francesco.

UPDATE 14/07/2015 After setting up the networks, subnets and router as advised, I cannot ping/ssh any VM instances. Furthermore I cannot ping any external IP from the VMs other than the virtual router (10.20.151.20) and the Network/Controller node.

On the Controller/Network:

ovs-vsctl show
91296ee0-4e36-420e-ba86-06995f4dba69
    Bridge br-int
        fail_mode: secure
        Port "qr-c15092f4-bb"
            tag: 1
            Interface "qr-c15092f4-bb"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "tapf3d9ab30-3e"
            tag: 1
            Interface "tapf3d9ab30-3e"
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "em1"
            Interface "em1"
        Port "qg-b9d315ce-54"
            Interface "qg-b9d315ce-54"
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-tun
        fail_mode: secure                                                                                                                                    
        Port patch-int                                                                                                                                       
            Interface patch-int                                                                                                                              
                type: patch                                                                                                                                  
                options: {peer=patch-tun}                                                                                                                    
        Port br-tun                                                                                                                                          
            Interface br-tun                                                                                                                                 
                type: internal                                                                                                                               
        Port "vxlan-0a14972f"                                                                                                                                
            Interface "vxlan-0a14972f"                                                                                                                       
                type: vxlan                                                                                                                                  
                options: {df_default="true", in_key=flow, local_ip="10.20.151.48", out_key=flow, remote_ip="10.20.151.47"}                                   
    ovs_version: "2.3.1"



cat /etc/sysconfig/network-scripts/ifcfg-em1 
#HWADDR=74:E6:E2:DA:3A:61
DEVICE="em1"
ONBOOT=yes
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE="br-ex"
#BOOTPROTO=none
#IPADDR=10.20.151.48
#PREFIX=24
#GATEWAY=10.20.151.1
#DNS1=161.74.92.5
#DEFROUTE=yes
#IPV4_FAILURE_FATAL=no
IPV6INIT=no
#UUID=a9beca21-64aa-4415-8e40-21674e795606



cat /etc/sysconfig/network-scripts/ifcfg-br-ex 
DEVICE=br-ex
DEVICETYPE=ovs
#TYPE=OVSBridge
TYPE="OVSIntPort"
OVS_BRIDGE="br-ex"
BOOTPROTO=static
IPADDR=10.20.151.48
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=10.20.151.1
DNS1=161.74.92.5
#DEFROUTE=yes

Any help is appreciated, thanks! Francesco.UPDATE 15/07/2015

~(keystone_admin)]# neutron subnet-list
+--------------------------------------+------+----------------+---------------------------------------------------+
| id                                   | name | cidr           | allocation_pools                                  |
+--------------------------------------+------+----------------+---------------------------------------------------+
| 62c1c4e1-f303-4d94-bc73-caf592a392b0 |      | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"}  |
| f2913e31-653b-4bd5-a9c0-605afe240c23 |      | 10.20.151.0/24 | {"start": "10.20.151.20", "end": "10.20.151.200"} |
+--------------------------------------+------+----------------+---------------------------------------------------+


~(keystone_admin)]# neutron subnet-show 62c1c4e1-f303-4d94-bc73-caf592a392b0
+-------------------+--------------------------------------------------+
| Field             | Value                                            |
+-------------------+--------------------------------------------------+
| allocation_pools  | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr              | 192.168.1.0/24                                   |
| dns_nameservers   | 8.8.8.8                                          |
| enable_dhcp       | True                                             |
| gateway_ip        | 192.168.1.1                                      |
| host_routes       |                                                  |
| id                | 62c1c4e1-f303-4d94-bc73-caf592a392b0             |
| ip_version        | 4                                                |
| ipv6_address_mode |                                                  |
| ipv6_ra_mode      |                                                  |
| name              |                                                  |
| network_id        | 57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6             |
| subnetpool_id     |                                                  |
| tenant_id         | 9cc0cb14b3cb44b2a56fd623b8bce027                 |
+-------------------+--------------------------------------------------+
~(keystone_admin)]# neutron subnet-show f2913e31-653b-4bd5-a9c0-605afe240c23
+-------------------+---------------------------------------------------+
| Field             | Value                                             |
+-------------------+---------------------------------------------------+
| allocation_pools  | {"start": "10.20.151.20", "end": "10.20.151.200"} |
| cidr              | 10.20.151.0/24                                    |
| dns_nameservers   |                                                   |
| enable_dhcp       | False                                             |
| gateway_ip        | 10.20.151.1                                       |
| host_routes       |                                                   |
| id                | f2913e31-653b-4bd5-a9c0-605afe240c23              |
| ip_version        | 4                                                 |
| ipv6_address_mode |                                                   |
| ipv6_ra_mode      |                                                   |
| name              |                                                   |
| network_id        | d658b932-3126-4118-bf77-3c8ad6ddb7f9              |
| subnetpool_id     |                                                   |
| tenant_id         | b9f2dfeea6184c4682e4b54e1f98897e                  |
+-------------------+---------------------------------------------------+


~(keystone_admin)]# source keystonerc_demo 
[root@Chopin ~(keystone_demo)]# neutron subnet-list
+--------------------------------------+------+----------------+--------------------------------------------------+
| id                                   | name | cidr           | allocation_pools                                 |
+--------------------------------------+------+----------------+--------------------------------------------------+
| 62c1c4e1-f303-4d94-bc73-caf592a392b0 |      | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"} |
+--------------------------------------+------+----------------+--------------------------------------------------+

Openstack deployment on two nodes with one NIC

Hi all, although I have some knowledge on the Openstack Architecture, I am quite new to its actual deployment.

I am trying install its basic components (Nova, Glance and Neutron) on a small cluster formed of two PCs, each having a single NIC available.

I am following this document guide: http://docs.openstack.org/icehouse/install-guide/install/yum/content/ch_overview.html

as I have Fedora 21 installed on both the machines.

I am trying to adapt the process as in that document three nodes are expected to be used, each having more than 1 NIC. I would like to deploy the network manager on the controller node.

I thought creating virtual NICs could have been a workaround but that did not work.

Could anybody provide a small guide on how to modify the network configuration (e.g. creating virtual NICs, linux bridges, etc) but still using that guide as reference?

Thanks in advance, Francesco.

UPDATE 13/07/2015

I have switched to CentOS 7.1 and I still have some doubts regarding the network configuration.

Both the machines (Controller/Network and Compute) are connected to the same private network 10.20.151.0/24, which is routed to Internet through the gw 10.20.151.1. On both machines, the NIC connected to this network is em1. DHCP is disabled on this network.

I would like to a have the VM instances connected to a different network (e.g. 192.168.1.0/24) and have IP addresses assigned through DHCP. I would also like each VM instance to be connected to Internet and being accessible via ssh from the Controller and/or computing node.

Could you please help me to figure out how to change the settings in the answer file to achieve that?

Thanks very much, Francesco.

UPDATE 14/07/2015 After setting up the networks, subnets and router as advised, I cannot ping/ssh any VM instances. Furthermore I cannot ping any external IP from the VMs other than the virtual router (10.20.151.20) and the Network/Controller node.

On the Controller/Network:

ovs-vsctl show
91296ee0-4e36-420e-ba86-06995f4dba69
    Bridge br-int
        fail_mode: secure
        Port "qr-c15092f4-bb"
            tag: 1
            Interface "qr-c15092f4-bb"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "tapf3d9ab30-3e"
            tag: 1
            Interface "tapf3d9ab30-3e"
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "em1"
            Interface "em1"
        Port "qg-b9d315ce-54"
            Interface "qg-b9d315ce-54"
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-tun
        fail_mode: secure                                                                                                                                    
        Port patch-int                                                                                                                                       
            Interface patch-int                                                                                                                              
                type: patch                                                                                                                                  
                options: {peer=patch-tun}                                                                                                                    
        Port br-tun                                                                                                                                          
            Interface br-tun                                                                                                                                 
                type: internal                                                                                                                               
        Port "vxlan-0a14972f"                                                                                                                                
            Interface "vxlan-0a14972f"                                                                                                                       
                type: vxlan                                                                                                                                  
                options: {df_default="true", in_key=flow, local_ip="10.20.151.48", out_key=flow, remote_ip="10.20.151.47"}                                   
    ovs_version: "2.3.1"



cat /etc/sysconfig/network-scripts/ifcfg-em1 
#HWADDR=74:E6:E2:DA:3A:61
DEVICE="em1"
ONBOOT=yes
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE="br-ex"
#BOOTPROTO=none
#IPADDR=10.20.151.48
#PREFIX=24
#GATEWAY=10.20.151.1
#DNS1=161.74.92.5
#DEFROUTE=yes
#IPV4_FAILURE_FATAL=no
IPV6INIT=no
#UUID=a9beca21-64aa-4415-8e40-21674e795606



cat /etc/sysconfig/network-scripts/ifcfg-br-ex 
DEVICE=br-ex
DEVICETYPE=ovs
#TYPE=OVSBridge
TYPE="OVSIntPort"
OVS_BRIDGE="br-ex"
BOOTPROTO=static
IPADDR=10.20.151.48
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=10.20.151.1
DNS1=161.74.92.5
#DEFROUTE=yes

UPDATE 15/07/2015

~(keystone_admin)]# neutron subnet-list
+--------------------------------------+------+----------------+---------------------------------------------------+
| id                                   | name | cidr           | allocation_pools                                  |
+--------------------------------------+------+----------------+---------------------------------------------------+
| 62c1c4e1-f303-4d94-bc73-caf592a392b0 |      | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"}  |
| f2913e31-653b-4bd5-a9c0-605afe240c23 |      | 10.20.151.0/24 | {"start": "10.20.151.20", "end": "10.20.151.200"} |
+--------------------------------------+------+----------------+---------------------------------------------------+


~(keystone_admin)]# neutron subnet-show 62c1c4e1-f303-4d94-bc73-caf592a392b0
+-------------------+--------------------------------------------------+
| Field             | Value                                            |
+-------------------+--------------------------------------------------+
| allocation_pools  | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr              | 192.168.1.0/24                                   |
| dns_nameservers   | 8.8.8.8                                          |
| enable_dhcp       | True                                             |
| gateway_ip        | 192.168.1.1                                      |
| host_routes       |                                                  |
| id                | 62c1c4e1-f303-4d94-bc73-caf592a392b0             |
| ip_version        | 4                                                |
| ipv6_address_mode |                                                  |
| ipv6_ra_mode      |                                                  |
| name              |                                                  |
| network_id        | 57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6             |
| subnetpool_id     |                                                  |
| tenant_id         | 9cc0cb14b3cb44b2a56fd623b8bce027                 |
+-------------------+--------------------------------------------------+
~(keystone_admin)]# neutron subnet-show f2913e31-653b-4bd5-a9c0-605afe240c23
+-------------------+---------------------------------------------------+
| Field             | Value                                             |
+-------------------+---------------------------------------------------+
| allocation_pools  | {"start": "10.20.151.20", "end": "10.20.151.200"} |
| cidr              | 10.20.151.0/24                                    |
| dns_nameservers   |                                                   |
| enable_dhcp       | False                                             |
| gateway_ip        | 10.20.151.1                                       |
| host_routes       |                                                   |
| id                | f2913e31-653b-4bd5-a9c0-605afe240c23              |
| ip_version        | 4                                                 |
| ipv6_address_mode |                                                   |
| ipv6_ra_mode      |                                                   |
| name              |                                                   |
| network_id        | d658b932-3126-4118-bf77-3c8ad6ddb7f9              |
| subnetpool_id     |                                                   |
| tenant_id         | b9f2dfeea6184c4682e4b54e1f98897e                  |
+-------------------+---------------------------------------------------+


~(keystone_admin)]# source keystonerc_demo 
[root@Chopin ~(keystone_demo)]# neutron subnet-list
+--------------------------------------+------+----------------+--------------------------------------------------+
| id                                   | name | cidr           | allocation_pools                                 |
+--------------------------------------+------+----------------+--------------------------------------------------+
| 62c1c4e1-f303-4d94-bc73-caf592a392b0 |      | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"} |
+--------------------------------------+------+----------------+--------------------------------------------------+




~(keystone_demo)]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

Openstack deployment on two nodes with one NIC

Hi all, although I have some knowledge on the Openstack Architecture, I am quite new to its actual deployment.

I am trying install its basic components (Nova, Glance and Neutron) on a small cluster formed of two PCs, each having a single NIC available.

I am following this document guide: http://docs.openstack.org/icehouse/install-guide/install/yum/content/ch_overview.html

as I have Fedora 21 installed on both the machines.

I am trying to adapt the process as in that document three nodes are expected to be used, each having more than 1 NIC. I would like to deploy the network manager on the controller node.

I thought creating virtual NICs could have been a workaround but that did not work.

Could anybody provide a small guide on how to modify the network configuration (e.g. creating virtual NICs, linux bridges, etc) but still using that guide as reference?

Thanks in advance, Francesco.

UPDATE 13/07/2015

I have switched to CentOS 7.1 and I still have some doubts regarding the network configuration.

Both the machines (Controller/Network and Compute) are connected to the same private network 10.20.151.0/24, which is routed to Internet through the gw 10.20.151.1. On both machines, the NIC connected to this network is em1. DHCP is disabled on this network.

I would like to a have the VM instances connected to a different network (e.g. 192.168.1.0/24) and have IP addresses assigned through DHCP. I would also like each VM instance to be connected to Internet and being accessible via ssh from the Controller and/or computing node.

Could you please help me to figure out how to change the settings in the answer file to achieve that?

Thanks very much, Francesco.

UPDATE 14/07/2015 After setting up the networks, subnets and router as advised, I cannot ping/ssh any VM instances. Furthermore I cannot ping any external IP from the VMs other than the virtual router (10.20.151.20) and the Network/Controller node.

On the Controller/Network:

ovs-vsctl show
91296ee0-4e36-420e-ba86-06995f4dba69
    Bridge br-int
        fail_mode: secure
        Port "qr-c15092f4-bb"
            tag: 1
            Interface "qr-c15092f4-bb"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "tapf3d9ab30-3e"
            tag: 1
            Interface "tapf3d9ab30-3e"
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "em1"
            Interface "em1"
        Port "qg-b9d315ce-54"
            Interface "qg-b9d315ce-54"
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-tun
        fail_mode: secure                                                                                                                                    
        Port patch-int                                                                                                                                       
            Interface patch-int                                                                                                                              
                type: patch                                                                                                                                  
                options: {peer=patch-tun}                                                                                                                    
        Port br-tun                                                                                                                                          
            Interface br-tun                                                                                                                                 
                type: internal                                                                                                                               
        Port "vxlan-0a14972f"                                                                                                                                
            Interface "vxlan-0a14972f"                                                                                                                       
                type: vxlan                                                                                                                                  
                options: {df_default="true", in_key=flow, local_ip="10.20.151.48", out_key=flow, remote_ip="10.20.151.47"}                                   
    ovs_version: "2.3.1"



cat /etc/sysconfig/network-scripts/ifcfg-em1 
#HWADDR=74:E6:E2:DA:3A:61
DEVICE="em1"
ONBOOT=yes
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE="br-ex"
#BOOTPROTO=none
#IPADDR=10.20.151.48
#PREFIX=24
#GATEWAY=10.20.151.1
#DNS1=161.74.92.5
#DEFROUTE=yes
#IPV4_FAILURE_FATAL=no
IPV6INIT=no
#UUID=a9beca21-64aa-4415-8e40-21674e795606



cat /etc/sysconfig/network-scripts/ifcfg-br-ex 
DEVICE=br-ex
DEVICETYPE=ovs
#TYPE=OVSBridge
TYPE="OVSIntPort"
OVS_BRIDGE="br-ex"
BOOTPROTO=static
IPADDR=10.20.151.48
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=10.20.151.1
DNS1=161.74.92.5
#DEFROUTE=yes

UPDATE 15/07/2015

~(keystone_admin)]# neutron subnet-list
+--------------------------------------+------+----------------+---------------------------------------------------+
| id                                   | name | cidr           | allocation_pools                                  |
+--------------------------------------+------+----------------+---------------------------------------------------+
| 62c1c4e1-f303-4d94-bc73-caf592a392b0 |      | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"}  |
| f2913e31-653b-4bd5-a9c0-605afe240c23 |      | 10.20.151.0/24 | {"start": "10.20.151.20", "end": "10.20.151.200"} |
+--------------------------------------+------+----------------+---------------------------------------------------+


~(keystone_admin)]# neutron subnet-show 62c1c4e1-f303-4d94-bc73-caf592a392b0
+-------------------+--------------------------------------------------+
| Field             | Value                                            |
+-------------------+--------------------------------------------------+
| allocation_pools  | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr              | 192.168.1.0/24                                   |
| dns_nameservers   | 8.8.8.8                                          |
| enable_dhcp       | True                                             |
| gateway_ip        | 192.168.1.1                                      |
| host_routes       |                                                  |
| id                | 62c1c4e1-f303-4d94-bc73-caf592a392b0             |
| ip_version        | 4                                                |
| ipv6_address_mode |                                                  |
| ipv6_ra_mode      |                                                  |
| name              |                                                  |
| network_id        | 57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6             |
| subnetpool_id     |                                                  |
| tenant_id         | 9cc0cb14b3cb44b2a56fd623b8bce027                 |
+-------------------+--------------------------------------------------+
~(keystone_admin)]# neutron subnet-show f2913e31-653b-4bd5-a9c0-605afe240c23
+-------------------+---------------------------------------------------+
| Field             | Value                                             |
+-------------------+---------------------------------------------------+
| allocation_pools  | {"start": "10.20.151.20", "end": "10.20.151.200"} |
| cidr              | 10.20.151.0/24                                    |
| dns_nameservers   |                                                   |
| enable_dhcp       | False                                             |
| gateway_ip        | 10.20.151.1                                       |
| host_routes       |                                                   |
| id                | f2913e31-653b-4bd5-a9c0-605afe240c23              |
| ip_version        | 4                                                 |
| ipv6_address_mode |                                                   |
| ipv6_ra_mode      |                                                   |
| name              |                                                   |
| network_id        | d658b932-3126-4118-bf77-3c8ad6ddb7f9              |
| subnetpool_id     |                                                   |
| tenant_id         | b9f2dfeea6184c4682e4b54e1f98897e                  |
+-------------------+---------------------------------------------------+


~(keystone_admin)]# source keystonerc_demo 
[root@Chopin ~(keystone_demo)]# neutron subnet-list
+--------------------------------------+------+----------------+--------------------------------------------------+
| id                                   | name | cidr           | allocation_pools                                 |
+--------------------------------------+------+----------------+--------------------------------------------------+
| 62c1c4e1-f303-4d94-bc73-caf592a392b0 |      | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"} |
+--------------------------------------+------+----------------+--------------------------------------------------+




~(keystone_demo)]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

UPDATE 15/07/2015 - afternoon

~(keystone_demo)]# ip netns
qrouter-dff3861b-69d2-46c8-b990-0d218826955b
qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6


~(keystone_demo)]# ip netns exec qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 tapf3d9ab30-3e
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 tapf3d9ab30-3e


~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 24  bytes 2254 (2.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 24  bytes 2254 (2.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qg-b9d315ce-54: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.20.151.20  netmask 255.255.255.0  broadcast 10.20.151.255
        inet6 fe80::f816:3eff:fe0a:6a3a  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:0a:6a:3a  txqueuelen 0  (Ethernet)
        RX packets 24997  bytes 1729531 (1.6 MiB)
        RX errors 0  dropped 15843  overruns 0  frame 0
        TX packets 399  bytes 17833 (17.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qr-c15092f4-bb: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::f816:3eff:fe52:4cc  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:52:04:cc  txqueuelen 0  (Ethernet)
        RX packets 915  bytes 93688 (91.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 619  bytes 66593 (65.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



 ~(keystone_demo)]# ip netns exec qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6 ping 10.20.151.1
PING 10.20.151.1 (10.20.151.1) 56(84) bytes of data.
From 10.20.151.20 icmp_seq=1 Destination Host Unreachable
From 10.20.151.20 icmp_seq=2 Destination Host Unreachable
From 10.20.151.20 icmp_seq=3 Destination Host Unreachable
From 10.20.151.20 icmp_seq=4 Destination Host Unreachable
^C
--- 10.20.151.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms
pipe 4
~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b ping 10.20.151.1
PING 10.20.151.1 (10.20.151.1) 56(84) bytes of data.
From 10.20.151.20 icmp_seq=1 Destination Host Unreachable
From 10.20.151.20 icmp_seq=2 Destination Host Unreachable
From 10.20.151.20 icmp_seq=3 Destination Host Unreachable
From 10.20.151.20 icmp_seq=4 Destination Host Unreachable
^C
--- 10.20.151.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms

Openstack deployment on two nodes with one NIC

Hi all, although I have some knowledge on the Openstack Architecture, I am quite new to its actual deployment.

I am trying install its basic components (Nova, Glance and Neutron) on a small cluster formed of two PCs, each having a single NIC available.

I am following this document guide: http://docs.openstack.org/icehouse/install-guide/install/yum/content/ch_overview.html

as I have Fedora 21 installed on both the machines.

I am trying to adapt the process as in that document three nodes are expected to be used, each having more than 1 NIC. I would like to deploy the network manager on the controller node.

I thought creating virtual NICs could have been a workaround but that did not work.

Could anybody provide a small guide on how to modify the network configuration (e.g. creating virtual NICs, linux bridges, etc) but still using that guide as reference?

Thanks in advance, Francesco.

UPDATE 13/07/2015

I have switched to CentOS 7.1 and I still have some doubts regarding the network configuration.

Both the machines (Controller/Network and Compute) are connected to the same private network 10.20.151.0/24, which is routed to Internet through the gw 10.20.151.1. On both machines, the NIC connected to this network is em1. DHCP is disabled on this network.

I would like to a have the VM instances connected to a different network (e.g. 192.168.1.0/24) and have IP addresses assigned through DHCP. I would also like each VM instance to be connected to Internet and being accessible via ssh from the Controller and/or computing node.

Could you please help me to figure out how to change the settings in the answer file to achieve that?

Thanks very much, Francesco.

UPDATE 14/07/2015 After setting up the networks, subnets and router as advised, I cannot ping/ssh any VM instances. Furthermore I cannot ping any external IP from the VMs other than the virtual router (10.20.151.20) and the Network/Controller node.

On the Controller/Network:

ovs-vsctl show
91296ee0-4e36-420e-ba86-06995f4dba69
    Bridge br-int
        fail_mode: secure
        Port "qr-c15092f4-bb"
            tag: 1
            Interface "qr-c15092f4-bb"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "tapf3d9ab30-3e"
            tag: 1
            Interface "tapf3d9ab30-3e"
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "em1"
            Interface "em1"
        Port "qg-b9d315ce-54"
            Interface "qg-b9d315ce-54"
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-tun
        fail_mode: secure                                                                                                                                    
        Port patch-int                                                                                                                                       
            Interface patch-int                                                                                                                              
                type: patch                                                                                                                                  
                options: {peer=patch-tun}                                                                                                                    
        Port br-tun                                                                                                                                          
            Interface br-tun                                                                                                                                 
                type: internal                                                                                                                               
        Port "vxlan-0a14972f"                                                                                                                                
            Interface "vxlan-0a14972f"                                                                                                                       
                type: vxlan                                                                                                                                  
                options: {df_default="true", in_key=flow, local_ip="10.20.151.48", out_key=flow, remote_ip="10.20.151.47"}                                   
    ovs_version: "2.3.1"



cat /etc/sysconfig/network-scripts/ifcfg-em1 
#HWADDR=74:E6:E2:DA:3A:61
DEVICE="em1"
ONBOOT=yes
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE="br-ex"
#BOOTPROTO=none
#IPADDR=10.20.151.48
#PREFIX=24
#GATEWAY=10.20.151.1
#DNS1=161.74.92.5
#DEFROUTE=yes
#IPV4_FAILURE_FATAL=no
IPV6INIT=no
#UUID=a9beca21-64aa-4415-8e40-21674e795606



cat /etc/sysconfig/network-scripts/ifcfg-br-ex 
DEVICE=br-ex
DEVICETYPE=ovs
#TYPE=OVSBridge
TYPE="OVSIntPort"
OVS_BRIDGE="br-ex"
BOOTPROTO=static
IPADDR=10.20.151.48
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=10.20.151.1
DNS1=161.74.92.5
#DEFROUTE=yes

UPDATE 15/07/2015

~(keystone_admin)]# neutron subnet-list
+--------------------------------------+------+----------------+---------------------------------------------------+
| id                                   | name | cidr           | allocation_pools                                  |
+--------------------------------------+------+----------------+---------------------------------------------------+
| 62c1c4e1-f303-4d94-bc73-caf592a392b0 |      | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"}  |
| f2913e31-653b-4bd5-a9c0-605afe240c23 |      | 10.20.151.0/24 | {"start": "10.20.151.20", "end": "10.20.151.200"} |
+--------------------------------------+------+----------------+---------------------------------------------------+


~(keystone_admin)]# neutron subnet-show 62c1c4e1-f303-4d94-bc73-caf592a392b0
+-------------------+--------------------------------------------------+
| Field             | Value                                            |
+-------------------+--------------------------------------------------+
| allocation_pools  | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr              | 192.168.1.0/24                                   |
| dns_nameservers   | 8.8.8.8                                          |
| enable_dhcp       | True                                             |
| gateway_ip        | 192.168.1.1                                      |
| host_routes       |                                                  |
| id                | 62c1c4e1-f303-4d94-bc73-caf592a392b0             |
| ip_version        | 4                                                |
| ipv6_address_mode |                                                  |
| ipv6_ra_mode      |                                                  |
| name              |                                                  |
| network_id        | 57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6             |
| subnetpool_id     |                                                  |
| tenant_id         | 9cc0cb14b3cb44b2a56fd623b8bce027                 |
+-------------------+--------------------------------------------------+
~(keystone_admin)]# neutron subnet-show f2913e31-653b-4bd5-a9c0-605afe240c23
+-------------------+---------------------------------------------------+
| Field             | Value                                             |
+-------------------+---------------------------------------------------+
| allocation_pools  | {"start": "10.20.151.20", "end": "10.20.151.200"} |
| cidr              | 10.20.151.0/24                                    |
| dns_nameservers   |                                                   |
| enable_dhcp       | False                                             |
| gateway_ip        | 10.20.151.1                                       |
| host_routes       |                                                   |
| id                | f2913e31-653b-4bd5-a9c0-605afe240c23              |
| ip_version        | 4                                                 |
| ipv6_address_mode |                                                   |
| ipv6_ra_mode      |                                                   |
| name              |                                                   |
| network_id        | d658b932-3126-4118-bf77-3c8ad6ddb7f9              |
| subnetpool_id     |                                                   |
| tenant_id         | b9f2dfeea6184c4682e4b54e1f98897e                  |
+-------------------+---------------------------------------------------+


~(keystone_admin)]# source keystonerc_demo 
[root@Chopin ~(keystone_demo)]# neutron subnet-list
+--------------------------------------+------+----------------+--------------------------------------------------+
| id                                   | name | cidr           | allocation_pools                                 |
+--------------------------------------+------+----------------+--------------------------------------------------+
| 62c1c4e1-f303-4d94-bc73-caf592a392b0 |      | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"} |
+--------------------------------------+------+----------------+--------------------------------------------------+




~(keystone_demo)]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

UPDATE 15/07/2015 - afternoon

~(keystone_demo)]# ip netns
qrouter-dff3861b-69d2-46c8-b990-0d218826955b
qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6


~(keystone_demo)]# ip netns exec qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 tapf3d9ab30-3e
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 tapf3d9ab30-3e


~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 24  bytes 2254 (2.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 24  bytes 2254 (2.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qg-b9d315ce-54: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.20.151.20  netmask 255.255.255.0  broadcast 10.20.151.255
        inet6 fe80::f816:3eff:fe0a:6a3a  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:0a:6a:3a  txqueuelen 0  (Ethernet)
        RX packets 24997  bytes 1729531 (1.6 MiB)
        RX errors 0  dropped 15843  overruns 0  frame 0
        TX packets 399  bytes 17833 (17.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qr-c15092f4-bb: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::f816:3eff:fe52:4cc  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:52:04:cc  txqueuelen 0  (Ethernet)
        RX packets 915  bytes 93688 (91.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 619  bytes 66593 (65.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



 ~(keystone_demo)]# ip netns exec qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6 ping 10.20.151.1
PING 10.20.151.1 (10.20.151.1) 56(84) bytes of data.
From 10.20.151.20 icmp_seq=1 Destination Host Unreachable
From 10.20.151.20 icmp_seq=2 Destination Host Unreachable
From 10.20.151.20 icmp_seq=3 Destination Host Unreachable
From 10.20.151.20 icmp_seq=4 Destination Host Unreachable
^C
--- 10.20.151.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms
pipe 4
~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b ping 10.20.151.1
PING 10.20.151.1 (10.20.151.1) 56(84) bytes of data.
From 10.20.151.20 icmp_seq=1 Destination Host Unreachable
From 10.20.151.20 icmp_seq=2 Destination Host Unreachable
From 10.20.151.20 icmp_seq=3 Destination Host Unreachable
From 10.20.151.20 icmp_seq=4 Destination Host Unreachable
^C
--- 10.20.151.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms

I cannot figure out what the problem could be. I cannot ping the default gw from the namespaces. I'm struggling to find out what the problem could be but my knowledge on both SDN and Neutron is quite limited. Please can anybody help me? I would like to learn more about these topics. Thanks and regards, Francesco.

Openstack deployment on two nodes with one NIC

Hi all, although I have some knowledge on the Openstack Architecture, I am quite new to its actual deployment.

I am trying install its basic components (Nova, Glance and Neutron) on a small cluster formed of two PCs, each having a single NIC available.

I am following this document guide: http://docs.openstack.org/icehouse/install-guide/install/yum/content/ch_overview.html

as I have Fedora 21 installed on both the machines.

I am trying to adapt the process as in that document three nodes are expected to be used, each having more than 1 NIC. I would like to deploy the network manager on the controller node.

I thought creating virtual NICs could have been a workaround but that did not work.

Could anybody provide a small guide on how to modify the network configuration (e.g. creating virtual NICs, linux bridges, etc) but still using that guide as reference?

Thanks in advance, Francesco.

UPDATE 13/07/2015

I have switched to CentOS 7.1 and I still have some doubts regarding the network configuration.

Both the machines (Controller/Network and Compute) are connected to the same private network 10.20.151.0/24, which is routed to Internet through the gw 10.20.151.1. On both machines, the NIC connected to this network is em1. DHCP is disabled on this network.

I would like to a have the VM instances connected to a different network (e.g. 192.168.1.0/24) and have IP addresses assigned through DHCP. I would also like each VM instance to be connected to Internet and being accessible via ssh from the Controller and/or computing node.

Could you please help me to figure out how to change the settings in the answer file to achieve that?

Thanks very much, Francesco.

UPDATE 14/07/2015 After setting up the networks, subnets and router as advised, I cannot ping/ssh any VM instances. Furthermore I cannot ping any external IP from the VMs other than the virtual router (10.20.151.20) and the Network/Controller node.

On the Controller/Network:

ovs-vsctl show
91296ee0-4e36-420e-ba86-06995f4dba69
    Bridge br-int
        fail_mode: secure
        Port "qr-c15092f4-bb"
            tag: 1
            Interface "qr-c15092f4-bb"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "tapf3d9ab30-3e"
            tag: 1
            Interface "tapf3d9ab30-3e"
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "em1"
            Interface "em1"
        Port "qg-b9d315ce-54"
            Interface "qg-b9d315ce-54"
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-tun
        fail_mode: secure                                                                                                                                    
        Port patch-int                                                                                                                                       
            Interface patch-int                                                                                                                              
                type: patch                                                                                                                                  
                options: {peer=patch-tun}                                                                                                                    
        Port br-tun                                                                                                                                          
            Interface br-tun                                                                                                                                 
                type: internal                                                                                                                               
        Port "vxlan-0a14972f"                                                                                                                                
            Interface "vxlan-0a14972f"                                                                                                                       
                type: vxlan                                                                                                                                  
                options: {df_default="true", in_key=flow, local_ip="10.20.151.48", out_key=flow, remote_ip="10.20.151.47"}                                   
    ovs_version: "2.3.1"



cat /etc/sysconfig/network-scripts/ifcfg-em1 
#HWADDR=74:E6:E2:DA:3A:61
DEVICE="em1"
ONBOOT=yes
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE="br-ex"
#BOOTPROTO=none
#IPADDR=10.20.151.48
#PREFIX=24
#GATEWAY=10.20.151.1
#DNS1=161.74.92.5
#DEFROUTE=yes
#IPV4_FAILURE_FATAL=no
IPV6INIT=no
#UUID=a9beca21-64aa-4415-8e40-21674e795606



cat /etc/sysconfig/network-scripts/ifcfg-br-ex 
DEVICE=br-ex
DEVICETYPE=ovs
#TYPE=OVSBridge
TYPE="OVSIntPort"
OVS_BRIDGE="br-ex"
BOOTPROTO=static
IPADDR=10.20.151.48
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=10.20.151.1
DNS1=161.74.92.5
#DEFROUTE=yes

UPDATE 15/07/2015

~(keystone_admin)]# neutron subnet-list
+--------------------------------------+------+----------------+---------------------------------------------------+
| id                                   | name | cidr           | allocation_pools                                  |
+--------------------------------------+------+----------------+---------------------------------------------------+
| 62c1c4e1-f303-4d94-bc73-caf592a392b0 |      | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"}  |
| f2913e31-653b-4bd5-a9c0-605afe240c23 |      | 10.20.151.0/24 | {"start": "10.20.151.20", "end": "10.20.151.200"} |
+--------------------------------------+------+----------------+---------------------------------------------------+


~(keystone_admin)]# neutron subnet-show 62c1c4e1-f303-4d94-bc73-caf592a392b0
+-------------------+--------------------------------------------------+
| Field             | Value                                            |
+-------------------+--------------------------------------------------+
| allocation_pools  | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr              | 192.168.1.0/24                                   |
| dns_nameservers   | 8.8.8.8                                          |
| enable_dhcp       | True                                             |
| gateway_ip        | 192.168.1.1                                      |
| host_routes       |                                                  |
| id                | 62c1c4e1-f303-4d94-bc73-caf592a392b0             |
| ip_version        | 4                                                |
| ipv6_address_mode |                                                  |
| ipv6_ra_mode      |                                                  |
| name              |                                                  |
| network_id        | 57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6             |
| subnetpool_id     |                                                  |
| tenant_id         | 9cc0cb14b3cb44b2a56fd623b8bce027                 |
+-------------------+--------------------------------------------------+
~(keystone_admin)]# neutron subnet-show f2913e31-653b-4bd5-a9c0-605afe240c23
+-------------------+---------------------------------------------------+
| Field             | Value                                             |
+-------------------+---------------------------------------------------+
| allocation_pools  | {"start": "10.20.151.20", "end": "10.20.151.200"} |
| cidr              | 10.20.151.0/24                                    |
| dns_nameservers   |                                                   |
| enable_dhcp       | False                                             |
| gateway_ip        | 10.20.151.1                                       |
| host_routes       |                                                   |
| id                | f2913e31-653b-4bd5-a9c0-605afe240c23              |
| ip_version        | 4                                                 |
| ipv6_address_mode |                                                   |
| ipv6_ra_mode      |                                                   |
| name              |                                                   |
| network_id        | d658b932-3126-4118-bf77-3c8ad6ddb7f9              |
| subnetpool_id     |                                                   |
| tenant_id         | b9f2dfeea6184c4682e4b54e1f98897e                  |
+-------------------+---------------------------------------------------+


~(keystone_admin)]# source keystonerc_demo 
[root@Chopin ~(keystone_demo)]# neutron subnet-list
+--------------------------------------+------+----------------+--------------------------------------------------+
| id                                   | name | cidr           | allocation_pools                                 |
+--------------------------------------+------+----------------+--------------------------------------------------+
| 62c1c4e1-f303-4d94-bc73-caf592a392b0 |      | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"} |
+--------------------------------------+------+----------------+--------------------------------------------------+




~(keystone_demo)]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

UPDATE 15/07/2015 - afternoon

~(keystone_demo)]# ip netns
qrouter-dff3861b-69d2-46c8-b990-0d218826955b
qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6


~(keystone_demo)]# ip netns exec qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 tapf3d9ab30-3e
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 tapf3d9ab30-3e


~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 24  bytes 2254 (2.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 24  bytes 2254 (2.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qg-b9d315ce-54: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.20.151.20  netmask 255.255.255.0  broadcast 10.20.151.255
        inet6 fe80::f816:3eff:fe0a:6a3a  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:0a:6a:3a  txqueuelen 0  (Ethernet)
        RX packets 24997  bytes 1729531 (1.6 MiB)
        RX errors 0  dropped 15843  overruns 0  frame 0
        TX packets 399  bytes 17833 (17.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qr-c15092f4-bb: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::f816:3eff:fe52:4cc  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:52:04:cc  txqueuelen 0  (Ethernet)
        RX packets 915  bytes 93688 (91.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 619  bytes 66593 (65.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



 ~(keystone_demo)]# ip netns exec qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6 ping 10.20.151.1
PING 10.20.151.1 (10.20.151.1) 56(84) bytes of data.
From 10.20.151.20 icmp_seq=1 Destination Host Unreachable
From 10.20.151.20 icmp_seq=2 Destination Host Unreachable
From 10.20.151.20 icmp_seq=3 Destination Host Unreachable
From 10.20.151.20 icmp_seq=4 Destination Host Unreachable
^C
--- 10.20.151.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms
pipe 4
~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b ping 10.20.151.1
PING 10.20.151.1 (10.20.151.1) 56(84) bytes of data.
From 10.20.151.20 icmp_seq=1 Destination Host Unreachable
From 10.20.151.20 icmp_seq=2 Destination Host Unreachable
From 10.20.151.20 icmp_seq=3 Destination Host Unreachable
From 10.20.151.20 icmp_seq=4 Destination Host Unreachable
^C
--- 10.20.151.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms

I cannot figure out what the problem could be. I cannot ping the default gw from the namespaces. I'm struggling to find out what the problem could be but my knowledge on both SDN and Neutron is quite limited. Please can anybody help me? I would like to learn more about these topics. Thanks and regards, Francesco.

UPDATE 16/07/2015 I am trying to do some troubleshooting. When I try to ping the default gw of my external network 10.20.151.1 from inside a VM, tcpdump shows the following on the interface connected to the internal network:

~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b tcpdump -n -i qr-c15092f4-bb
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on qr-c15092f4-bb, link-type EN10MB (Ethernet), capture size 65535 bytes
11:06:11.283175 IP 192.168.1.8 > 10.20.151.1: ICMP echo request, id 23041, seq 0, length 64
11:06:12.282946 IP 192.168.1.8 > 10.20.151.1: ICMP echo request, id 23041, seq 1, length 64
11:06:13.283122 IP 192.168.1.8 > 10.20.151.1: ICMP echo request, id 23041, seq 2, length 64
11:06:14.283242 IP 192.168.1.8 > 10.20.151.1: ICMP echo request, id 23041, seq 3, length 64
11:06:14.287600 IP 10.20.151.20 > 192.168.1.8: ICMP host 10.20.151.1 unreachable, length 92
11:06:14.287621 IP 10.20.151.20 > 192.168.1.8: ICMP host 10.20.151.1 unreachable, length 92
11:06:14.287626 IP 10.20.151.20 > 192.168.1.8: ICMP host 10.20.151.1 unreachable, length 92
11:06:14.287631 IP 10.20.151.20 > 192.168.1.8: ICMP host 10.20.151.1 unreachable, length 92

on the interface connected to the external network:

~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b tcpdump -n -i qg-b9d315ce-54
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on qg-b9d315ce-54, link-type EN10MB (Ethernet), capture size 65535 bytes
11:08:36.168155 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60: 
        0x0000:  0800 0900 0302 0061 00ed 564e c091 3439  .......a..VN..49
        0x0010:  c600 948f be5c 6e13 77fb e7f0 11d9 eecb  .....\n.w.......
        0x0020:  9451 2d62 bc29 0000 0000 0000 0000       .Q-b.)........
11:08:36.297531 ARP, Request who-has 10.20.151.1 tell 10.20.151.20, length 28
11:08:37.299580 ARP, Request who-has 10.20.151.1 tell 10.20.151.20, length 28
11:08:39.296779 ARP, Request who-has 10.20.151.1 tell 10.20.151.20, length 28
11:08:40.299584 ARP, Request who-has 10.20.151.1 tell 10.20.151.20, length 28
11:08:41.169578 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60: 
        0x0000:  0800 0900 0302 0061 00ed 5653 c091 3439  .......a..VS..49
        0x0010:  c600 30d2 b731 f443 526d 03d1 daed 047d  ..0..1.CRm.....}

After setting by hand the ARP entry for the default gw 10.20.151.1 ICMP request are sent but replies are never received:

11:13:51.326651 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 460, length 64
11:13:52.326759 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 461, length 64
11:13:53.326883 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 462, length 64
11:13:54.070312 IP 10.20.151.1 > 224.0.0.13: PIMv2, Hello, length 34
11:13:54.327009 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 463, length 64
11:13:55.327099 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 464, length 64
11:13:56.169052 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60: 
        0x0000:  0800 0900 0302 0061 00ed 578e c091 3439  .......a..W...49
        0x0010:  c600 54c9 025c 0ddc 3eda cddd 1cf8 e2bd  ..T..\..>.......
        0x0020:  0b48 712a 47ec 0000 0000 0000 0000       .Hq*G.........
11:13:56.327192 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 465, length 64
11:13:57.327287 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 466, length 64
11:13:58.327378 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 467, length 64
11:13:59.327464 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 468, length 64
11:14:00.327575 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 469, length 64
11:14:01.170752 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60: 
        0x0000:  0800 0900 0302 0061 00ed 5793 c091 3439  .......a..W...49
        0x0010:  c600 eb69 1894 9eb8 1205 33b4 da55 2fa4  ...i......3..U/.
        0x0020:  08af a0e9 4fb3 0000 0000 0000 0000       ....O.........
11:14:01.327645 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 470, length 64
11:14:02.327710 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 471, length 64
11:14:03.327802 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 472, length 64
11:14:04.327929 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 473, length 64
11:14:05.328081 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 474, length 64
11:14:06.168281 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60:

Can anybody help me to further investigate the issue? Thanks very much!

Openstack deployment on two nodes with one NIC

Hi all, although I have some knowledge on the Openstack Architecture, I am quite new to its actual deployment.

I am trying install its basic components (Nova, Glance and Neutron) on a small cluster formed of two PCs, each having a single NIC available.

I am following this document guide: http://docs.openstack.org/icehouse/install-guide/install/yum/content/ch_overview.html

as I have Fedora 21 installed on both the machines.

I am trying to adapt the process as in that document three nodes are expected to be used, each having more than 1 NIC. I would like to deploy the network manager on the controller node.

I thought creating virtual NICs could have been a workaround but that did not work.

Could anybody provide a small guide on how to modify the network configuration (e.g. creating virtual NICs, linux bridges, etc) but still using that guide as reference?

Thanks in advance, Francesco.

UPDATE 13/07/2015

I have switched to CentOS 7.1 and I still have some doubts regarding the network configuration.

Both the machines (Controller/Network and Compute) are connected to the same private network 10.20.151.0/24, which is routed to Internet through the gw 10.20.151.1. On both machines, the NIC connected to this network is em1. DHCP is disabled on this network.

I would like to a have the VM instances connected to a different network (e.g. 192.168.1.0/24) and have IP addresses assigned through DHCP. I would also like each VM instance to be connected to Internet and being accessible via ssh from the Controller and/or computing node.

Could you please help me to figure out how to change the settings in the answer file to achieve that?

Thanks very much, Francesco.

UPDATE 14/07/2015 After setting up the networks, subnets and router as advised, I cannot ping/ssh any VM instances. Furthermore I cannot ping any external IP from the VMs other than the virtual router (10.20.151.20) and the Network/Controller node.

On the Controller/Network:

ovs-vsctl show
91296ee0-4e36-420e-ba86-06995f4dba69
    Bridge br-int
        fail_mode: secure
        Port "qr-c15092f4-bb"
            tag: 1
            Interface "qr-c15092f4-bb"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "tapf3d9ab30-3e"
            tag: 1
            Interface "tapf3d9ab30-3e"
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "em1"
            Interface "em1"
        Port "qg-b9d315ce-54"
            Interface "qg-b9d315ce-54"
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-tun
        fail_mode: secure                                                                                                                                    
        Port patch-int                                                                                                                                       
            Interface patch-int                                                                                                                              
                type: patch                                                                                                                                  
                options: {peer=patch-tun}                                                                                                                    
        Port br-tun                                                                                                                                          
            Interface br-tun                                                                                                                                 
                type: internal                                                                                                                               
        Port "vxlan-0a14972f"                                                                                                                                
            Interface "vxlan-0a14972f"                                                                                                                       
                type: vxlan                                                                                                                                  
                options: {df_default="true", in_key=flow, local_ip="10.20.151.48", out_key=flow, remote_ip="10.20.151.47"}                                   
    ovs_version: "2.3.1"



cat /etc/sysconfig/network-scripts/ifcfg-em1 
#HWADDR=74:E6:E2:DA:3A:61
DEVICE="em1"
ONBOOT=yes
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE="br-ex"
#BOOTPROTO=none
#IPADDR=10.20.151.48
#PREFIX=24
#GATEWAY=10.20.151.1
#DNS1=161.74.92.5
#DEFROUTE=yes
#IPV4_FAILURE_FATAL=no
IPV6INIT=no
#UUID=a9beca21-64aa-4415-8e40-21674e795606



cat /etc/sysconfig/network-scripts/ifcfg-br-ex 
DEVICE=br-ex
DEVICETYPE=ovs
#TYPE=OVSBridge
TYPE="OVSIntPort"
OVS_BRIDGE="br-ex"
BOOTPROTO=static
IPADDR=10.20.151.48
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=10.20.151.1
DNS1=161.74.92.5
#DEFROUTE=yes

UPDATE 15/07/2015

~(keystone_admin)]# neutron subnet-list
+--------------------------------------+------+----------------+---------------------------------------------------+
| id                                   | name | cidr           | allocation_pools                                  |
+--------------------------------------+------+----------------+---------------------------------------------------+
| 62c1c4e1-f303-4d94-bc73-caf592a392b0 |      | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"}  |
| f2913e31-653b-4bd5-a9c0-605afe240c23 |      | 10.20.151.0/24 | {"start": "10.20.151.20", "end": "10.20.151.200"} |
+--------------------------------------+------+----------------+---------------------------------------------------+


~(keystone_admin)]# neutron subnet-show 62c1c4e1-f303-4d94-bc73-caf592a392b0
+-------------------+--------------------------------------------------+
| Field             | Value                                            |
+-------------------+--------------------------------------------------+
| allocation_pools  | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr              | 192.168.1.0/24                                   |
| dns_nameservers   | 8.8.8.8                                          |
| enable_dhcp       | True                                             |
| gateway_ip        | 192.168.1.1                                      |
| host_routes       |                                                  |
| id                | 62c1c4e1-f303-4d94-bc73-caf592a392b0             |
| ip_version        | 4                                                |
| ipv6_address_mode |                                                  |
| ipv6_ra_mode      |                                                  |
| name              |                                                  |
| network_id        | 57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6             |
| subnetpool_id     |                                                  |
| tenant_id         | 9cc0cb14b3cb44b2a56fd623b8bce027                 |
+-------------------+--------------------------------------------------+
~(keystone_admin)]# neutron subnet-show f2913e31-653b-4bd5-a9c0-605afe240c23
+-------------------+---------------------------------------------------+
| Field             | Value                                             |
+-------------------+---------------------------------------------------+
| allocation_pools  | {"start": "10.20.151.20", "end": "10.20.151.200"} |
| cidr              | 10.20.151.0/24                                    |
| dns_nameservers   |                                                   |
| enable_dhcp       | False                                             |
| gateway_ip        | 10.20.151.1                                       |
| host_routes       |                                                   |
| id                | f2913e31-653b-4bd5-a9c0-605afe240c23              |
| ip_version        | 4                                                 |
| ipv6_address_mode |                                                   |
| ipv6_ra_mode      |                                                   |
| name              |                                                   |
| network_id        | d658b932-3126-4118-bf77-3c8ad6ddb7f9              |
| subnetpool_id     |                                                   |
| tenant_id         | b9f2dfeea6184c4682e4b54e1f98897e                  |
+-------------------+---------------------------------------------------+


~(keystone_admin)]# source keystonerc_demo 
[root@Chopin ~(keystone_demo)]# neutron subnet-list
+--------------------------------------+------+----------------+--------------------------------------------------+
| id                                   | name | cidr           | allocation_pools                                 |
+--------------------------------------+------+----------------+--------------------------------------------------+
| 62c1c4e1-f303-4d94-bc73-caf592a392b0 |      | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"} |
+--------------------------------------+------+----------------+--------------------------------------------------+




~(keystone_demo)]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

UPDATE 15/07/2015 - afternoon

~(keystone_demo)]# ip netns
qrouter-dff3861b-69d2-46c8-b990-0d218826955b
qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6


~(keystone_demo)]# ip netns exec qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 tapf3d9ab30-3e
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 tapf3d9ab30-3e


~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 24  bytes 2254 (2.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 24  bytes 2254 (2.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qg-b9d315ce-54: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.20.151.20  netmask 255.255.255.0  broadcast 10.20.151.255
        inet6 fe80::f816:3eff:fe0a:6a3a  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:0a:6a:3a  txqueuelen 0  (Ethernet)
        RX packets 24997  bytes 1729531 (1.6 MiB)
        RX errors 0  dropped 15843  overruns 0  frame 0
        TX packets 399  bytes 17833 (17.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qr-c15092f4-bb: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::f816:3eff:fe52:4cc  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:52:04:cc  txqueuelen 0  (Ethernet)
        RX packets 915  bytes 93688 (91.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 619  bytes 66593 (65.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



 ~(keystone_demo)]# ip netns exec qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6 ping 10.20.151.1
PING 10.20.151.1 (10.20.151.1) 56(84) bytes of data.
From 10.20.151.20 icmp_seq=1 Destination Host Unreachable
From 10.20.151.20 icmp_seq=2 Destination Host Unreachable
From 10.20.151.20 icmp_seq=3 Destination Host Unreachable
From 10.20.151.20 icmp_seq=4 Destination Host Unreachable
^C
--- 10.20.151.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms
pipe 4
~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b ping 10.20.151.1
PING 10.20.151.1 (10.20.151.1) 56(84) bytes of data.
From 10.20.151.20 icmp_seq=1 Destination Host Unreachable
From 10.20.151.20 icmp_seq=2 Destination Host Unreachable
From 10.20.151.20 icmp_seq=3 Destination Host Unreachable
From 10.20.151.20 icmp_seq=4 Destination Host Unreachable
^C
--- 10.20.151.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms

I cannot figure out what the problem could be. I cannot ping the default gw from the namespaces. I'm struggling to find out what the problem could be but my knowledge on both SDN and Neutron is quite limited. Please can anybody help me? I would like to learn more about these topics. Thanks and regards, Francesco.

UPDATE 16/07/2015 I am trying to do some troubleshooting. When I try to ping the default gw of my external network 10.20.151.1 from inside a VM, tcpdump shows the following on the interface connected to the internal network:

~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b tcpdump -n -i qr-c15092f4-bb
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on qr-c15092f4-bb, link-type EN10MB (Ethernet), capture size 65535 bytes
11:06:11.283175 IP 192.168.1.8 > 10.20.151.1: ICMP echo request, id 23041, seq 0, length 64
11:06:12.282946 IP 192.168.1.8 > 10.20.151.1: ICMP echo request, id 23041, seq 1, length 64
11:06:13.283122 IP 192.168.1.8 > 10.20.151.1: ICMP echo request, id 23041, seq 2, length 64
11:06:14.283242 IP 192.168.1.8 > 10.20.151.1: ICMP echo request, id 23041, seq 3, length 64
11:06:14.287600 IP 10.20.151.20 > 192.168.1.8: ICMP host 10.20.151.1 unreachable, length 92
11:06:14.287621 IP 10.20.151.20 > 192.168.1.8: ICMP host 10.20.151.1 unreachable, length 92
11:06:14.287626 IP 10.20.151.20 > 192.168.1.8: ICMP host 10.20.151.1 unreachable, length 92
11:06:14.287631 IP 10.20.151.20 > 192.168.1.8: ICMP host 10.20.151.1 unreachable, length 92

on the interface connected to the external network:

~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b tcpdump -n -i qg-b9d315ce-54
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on qg-b9d315ce-54, link-type EN10MB (Ethernet), capture size 65535 bytes
11:08:36.168155 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60: 
        0x0000:  0800 0900 0302 0061 00ed 564e c091 3439  .......a..VN..49
        0x0010:  c600 948f be5c 6e13 77fb e7f0 11d9 eecb  .....\n.w.......
        0x0020:  9451 2d62 bc29 0000 0000 0000 0000       .Q-b.)........
11:08:36.297531 ARP, Request who-has 10.20.151.1 tell 10.20.151.20, length 28
11:08:37.299580 ARP, Request who-has 10.20.151.1 tell 10.20.151.20, length 28
11:08:39.296779 ARP, Request who-has 10.20.151.1 tell 10.20.151.20, length 28
11:08:40.299584 ARP, Request who-has 10.20.151.1 tell 10.20.151.20, length 28
11:08:41.169578 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60: 
        0x0000:  0800 0900 0302 0061 00ed 5653 c091 3439  .......a..VS..49
        0x0010:  c600 30d2 b731 f443 526d 03d1 daed 047d  ..0..1.CRm.....}

After setting by hand the ARP entry for the default gw 10.20.151.1 ICMP request are sent but replies are never received:

11:13:51.326651 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 460, length 64
11:13:52.326759 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 461, length 64
11:13:53.326883 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 462, length 64
11:13:54.070312 IP 10.20.151.1 > 224.0.0.13: PIMv2, Hello, length 34
11:13:54.327009 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 463, length 64
11:13:55.327099 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 464, length 64
11:13:56.169052 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60: 
        0x0000:  0800 0900 0302 0061 00ed 578e c091 3439  .......a..W...49
        0x0010:  c600 54c9 025c 0ddc 3eda cddd 1cf8 e2bd  ..T..\..>.......
        0x0020:  0b48 712a 47ec 0000 0000 0000 0000       .Hq*G.........
11:13:56.327192 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 465, length 64
11:13:57.327287 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 466, length 64
11:13:58.327378 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 467, length 64
11:13:59.327464 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 468, length 64
11:14:00.327575 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 469, length 64
11:14:01.170752 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60: 
        0x0000:  0800 0900 0302 0061 00ed 5793 c091 3439  .......a..W...49
        0x0010:  c600 eb69 1894 9eb8 1205 33b4 da55 2fa4  ...i......3..U/.
        0x0020:  08af a0e9 4fb3 0000 0000 0000 0000       ....O.........
11:14:01.327645 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 470, length 64
11:14:02.327710 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 471, length 64
11:14:03.327802 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 472, length 64
11:14:04.327929 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 473, length 64
11:14:05.328081 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 474, length 64
11:14:06.168281 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60:

I have tried to add a floating IP to the VM (10.20.151.21) and I am able to ping it from the router namespace. I can ping the IP 10.20.151.48 as well, which is assigned to br-ex on the Controller/Network node.

~(keystone_admin)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b ping 10.20.151.21
PING 10.20.151.21 (10.20.151.21) 56(84) bytes of data.
64 bytes from 10.20.151.21: icmp_seq=1 ttl=64 time=0.898 ms
64 bytes from 10.20.151.21: icmp_seq=2 ttl=64 time=0.610 ms

Can anybody help me to further investigate the issue? Thanks very much!

Openstack deployment on two nodes with one NIC

Hi all, although I have some knowledge on the Openstack Architecture, I am quite new to its actual deployment.

I am trying install its basic components (Nova, Glance and Neutron) on a small cluster formed of two PCs, each having a single NIC available.

I am following this document guide: http://docs.openstack.org/icehouse/install-guide/install/yum/content/ch_overview.html

as I have Fedora 21 installed on both the machines.

I am trying to adapt the process as in that document three nodes are expected to be used, each having more than 1 NIC. I would like to deploy the network manager on the controller node.

I thought creating virtual NICs could have been a workaround but that did not work.

Could anybody provide a small guide on how to modify the network configuration (e.g. creating virtual NICs, linux bridges, etc) but still using that guide as reference?

Thanks in advance, Francesco.

UPDATE 13/07/2015

I have switched to CentOS 7.1 and I still have some doubts regarding the network configuration.

Both the machines (Controller/Network and Compute) are connected to the same private network 10.20.151.0/24, which is routed to Internet through the gw 10.20.151.1. On both machines, the NIC connected to this network is em1. DHCP is disabled on this network.

I would like to a have the VM instances connected to a different network (e.g. 192.168.1.0/24) and have IP addresses assigned through DHCP. I would also like each VM instance to be connected to Internet and being accessible via ssh from the Controller and/or computing node.

Could you please help me to figure out how to change the settings in the answer file to achieve that?

Thanks very much, Francesco.

UPDATE 14/07/2015 After setting up the networks, subnets and router as advised, I cannot ping/ssh any VM instances. Furthermore I cannot ping any external IP from the VMs other than the virtual router (10.20.151.20) and the Network/Controller node.

On the Controller/Network:

ovs-vsctl show
91296ee0-4e36-420e-ba86-06995f4dba69
    Bridge br-int
        fail_mode: secure
        Port "qr-c15092f4-bb"
            tag: 1
            Interface "qr-c15092f4-bb"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "tapf3d9ab30-3e"
            tag: 1
            Interface "tapf3d9ab30-3e"
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "em1"
            Interface "em1"
        Port "qg-b9d315ce-54"
            Interface "qg-b9d315ce-54"
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-tun
        fail_mode: secure                                                                                                                                    
        Port patch-int                                                                                                                                       
            Interface patch-int                                                                                                                              
                type: patch                                                                                                                                  
                options: {peer=patch-tun}                                                                                                                    
        Port br-tun                                                                                                                                          
            Interface br-tun                                                                                                                                 
                type: internal                                                                                                                               
        Port "vxlan-0a14972f"                                                                                                                                
            Interface "vxlan-0a14972f"                                                                                                                       
                type: vxlan                                                                                                                                  
                options: {df_default="true", in_key=flow, local_ip="10.20.151.48", out_key=flow, remote_ip="10.20.151.47"}                                   
    ovs_version: "2.3.1"



cat /etc/sysconfig/network-scripts/ifcfg-em1 
#HWADDR=74:E6:E2:DA:3A:61
DEVICE="em1"
ONBOOT=yes
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE="br-ex"
#BOOTPROTO=none
#IPADDR=10.20.151.48
#PREFIX=24
#GATEWAY=10.20.151.1
#DNS1=161.74.92.5
#DEFROUTE=yes
#IPV4_FAILURE_FATAL=no
IPV6INIT=no
#UUID=a9beca21-64aa-4415-8e40-21674e795606



cat /etc/sysconfig/network-scripts/ifcfg-br-ex 
DEVICE=br-ex
DEVICETYPE=ovs
#TYPE=OVSBridge
TYPE="OVSIntPort"
OVS_BRIDGE="br-ex"
BOOTPROTO=static
IPADDR=10.20.151.48
NETMASK=255.255.255.0
ONBOOT=yes
GATEWAY=10.20.151.1
DNS1=161.74.92.5
#DEFROUTE=yes

UPDATE 15/07/2015

~(keystone_admin)]# neutron subnet-list
+--------------------------------------+------+----------------+---------------------------------------------------+
| id                                   | name | cidr           | allocation_pools                                  |
+--------------------------------------+------+----------------+---------------------------------------------------+
| 62c1c4e1-f303-4d94-bc73-caf592a392b0 |      | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"}  |
| f2913e31-653b-4bd5-a9c0-605afe240c23 |      | 10.20.151.0/24 | {"start": "10.20.151.20", "end": "10.20.151.200"} |
+--------------------------------------+------+----------------+---------------------------------------------------+


~(keystone_admin)]# neutron subnet-show 62c1c4e1-f303-4d94-bc73-caf592a392b0
+-------------------+--------------------------------------------------+
| Field             | Value                                            |
+-------------------+--------------------------------------------------+
| allocation_pools  | {"start": "192.168.1.2", "end": "192.168.1.254"} |
| cidr              | 192.168.1.0/24                                   |
| dns_nameservers   | 8.8.8.8                                          |
| enable_dhcp       | True                                             |
| gateway_ip        | 192.168.1.1                                      |
| host_routes       |                                                  |
| id                | 62c1c4e1-f303-4d94-bc73-caf592a392b0             |
| ip_version        | 4                                                |
| ipv6_address_mode |                                                  |
| ipv6_ra_mode      |                                                  |
| name              |                                                  |
| network_id        | 57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6             |
| subnetpool_id     |                                                  |
| tenant_id         | 9cc0cb14b3cb44b2a56fd623b8bce027                 |
+-------------------+--------------------------------------------------+
~(keystone_admin)]# neutron subnet-show f2913e31-653b-4bd5-a9c0-605afe240c23
+-------------------+---------------------------------------------------+
| Field             | Value                                             |
+-------------------+---------------------------------------------------+
| allocation_pools  | {"start": "10.20.151.20", "end": "10.20.151.200"} |
| cidr              | 10.20.151.0/24                                    |
| dns_nameservers   |                                                   |
| enable_dhcp       | False                                             |
| gateway_ip        | 10.20.151.1                                       |
| host_routes       |                                                   |
| id                | f2913e31-653b-4bd5-a9c0-605afe240c23              |
| ip_version        | 4                                                 |
| ipv6_address_mode |                                                   |
| ipv6_ra_mode      |                                                   |
| name              |                                                   |
| network_id        | d658b932-3126-4118-bf77-3c8ad6ddb7f9              |
| subnetpool_id     |                                                   |
| tenant_id         | b9f2dfeea6184c4682e4b54e1f98897e                  |
+-------------------+---------------------------------------------------+


~(keystone_admin)]# source keystonerc_demo 
[root@Chopin ~(keystone_demo)]# neutron subnet-list
+--------------------------------------+------+----------------+--------------------------------------------------+
| id                                   | name | cidr           | allocation_pools                                 |
+--------------------------------------+------+----------------+--------------------------------------------------+
| 62c1c4e1-f303-4d94-bc73-caf592a392b0 |      | 192.168.1.0/24 | {"start": "192.168.1.2", "end": "192.168.1.254"} |
+--------------------------------------+------+----------------+--------------------------------------------------+




~(keystone_demo)]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

UPDATE 15/07/2015 - afternoon

~(keystone_demo)]# ip netns
qrouter-dff3861b-69d2-46c8-b990-0d218826955b
qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6


~(keystone_demo)]# ip netns exec qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 tapf3d9ab30-3e
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 tapf3d9ab30-3e


~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 24  bytes 2254 (2.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 24  bytes 2254 (2.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qg-b9d315ce-54: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.20.151.20  netmask 255.255.255.0  broadcast 10.20.151.255
        inet6 fe80::f816:3eff:fe0a:6a3a  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:0a:6a:3a  txqueuelen 0  (Ethernet)
        RX packets 24997  bytes 1729531 (1.6 MiB)
        RX errors 0  dropped 15843  overruns 0  frame 0
        TX packets 399  bytes 17833 (17.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qr-c15092f4-bb: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.1  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::f816:3eff:fe52:4cc  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:52:04:cc  txqueuelen 0  (Ethernet)
        RX packets 915  bytes 93688 (91.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 619  bytes 66593 (65.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0



 ~(keystone_demo)]# ip netns exec qdhcp-57d3cdfb-d6a7-4f2d-8d7b-19571d788cf6 ping 10.20.151.1
PING 10.20.151.1 (10.20.151.1) 56(84) bytes of data.
From 10.20.151.20 icmp_seq=1 Destination Host Unreachable
From 10.20.151.20 icmp_seq=2 Destination Host Unreachable
From 10.20.151.20 icmp_seq=3 Destination Host Unreachable
From 10.20.151.20 icmp_seq=4 Destination Host Unreachable
^C
--- 10.20.151.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms
pipe 4
~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b ping 10.20.151.1
PING 10.20.151.1 (10.20.151.1) 56(84) bytes of data.
From 10.20.151.20 icmp_seq=1 Destination Host Unreachable
From 10.20.151.20 icmp_seq=2 Destination Host Unreachable
From 10.20.151.20 icmp_seq=3 Destination Host Unreachable
From 10.20.151.20 icmp_seq=4 Destination Host Unreachable
^C
--- 10.20.151.1 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4000ms

I cannot figure out what the problem could be. I cannot ping the default gw from the namespaces. I'm struggling to find out what the problem could be but my knowledge on both SDN and Neutron is quite limited. Please can anybody help me? I would like to learn more about these topics. Thanks and regards, Francesco.

UPDATE 16/07/2015 I am trying to do some troubleshooting. When I try to ping the default gw of my external network 10.20.151.1 from inside a VM, tcpdump shows the following on the interface connected to the internal network:

~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b tcpdump -n -i qr-c15092f4-bb
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on qr-c15092f4-bb, link-type EN10MB (Ethernet), capture size 65535 bytes
11:06:11.283175 IP 192.168.1.8 > 10.20.151.1: ICMP echo request, id 23041, seq 0, length 64
11:06:12.282946 IP 192.168.1.8 > 10.20.151.1: ICMP echo request, id 23041, seq 1, length 64
11:06:13.283122 IP 192.168.1.8 > 10.20.151.1: ICMP echo request, id 23041, seq 2, length 64
11:06:14.283242 IP 192.168.1.8 > 10.20.151.1: ICMP echo request, id 23041, seq 3, length 64
11:06:14.287600 IP 10.20.151.20 > 192.168.1.8: ICMP host 10.20.151.1 unreachable, length 92
11:06:14.287621 IP 10.20.151.20 > 192.168.1.8: ICMP host 10.20.151.1 unreachable, length 92
11:06:14.287626 IP 10.20.151.20 > 192.168.1.8: ICMP host 10.20.151.1 unreachable, length 92
11:06:14.287631 IP 10.20.151.20 > 192.168.1.8: ICMP host 10.20.151.1 unreachable, length 92

on the interface connected to the external network:

~(keystone_demo)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b tcpdump -n -i qg-b9d315ce-54
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on qg-b9d315ce-54, link-type EN10MB (Ethernet), capture size 65535 bytes
11:08:36.168155 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60: 
        0x0000:  0800 0900 0302 0061 00ed 564e c091 3439  .......a..VN..49
        0x0010:  c600 948f be5c 6e13 77fb e7f0 11d9 eecb  .....\n.w.......
        0x0020:  9451 2d62 bc29 0000 0000 0000 0000       .Q-b.)........
11:08:36.297531 ARP, Request who-has 10.20.151.1 tell 10.20.151.20, length 28
11:08:37.299580 ARP, Request who-has 10.20.151.1 tell 10.20.151.20, length 28
11:08:39.296779 ARP, Request who-has 10.20.151.1 tell 10.20.151.20, length 28
11:08:40.299584 ARP, Request who-has 10.20.151.1 tell 10.20.151.20, length 28
11:08:41.169578 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60: 
        0x0000:  0800 0900 0302 0061 00ed 5653 c091 3439  .......a..VS..49
        0x0010:  c600 30d2 b731 f443 526d 03d1 daed 047d  ..0..1.CRm.....}

After setting by hand the ARP entry for the default gw 10.20.151.1 ICMP request are sent but replies are never received:

11:13:51.326651 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 460, length 64
11:13:52.326759 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 461, length 64
11:13:53.326883 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 462, length 64
11:13:54.070312 IP 10.20.151.1 > 224.0.0.13: PIMv2, Hello, length 34
11:13:54.327009 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 463, length 64
11:13:55.327099 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 464, length 64
11:13:56.169052 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60: 
        0x0000:  0800 0900 0302 0061 00ed 578e c091 3439  .......a..W...49
        0x0010:  c600 54c9 025c 0ddc 3eda cddd 1cf8 e2bd  ..T..\..>.......
        0x0020:  0b48 712a 47ec 0000 0000 0000 0000       .Hq*G.........
11:13:56.327192 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 465, length 64
11:13:57.327287 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 466, length 64
11:13:58.327378 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 467, length 64
11:13:59.327464 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 468, length 64
11:14:00.327575 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 469, length 64
11:14:01.170752 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60: 
        0x0000:  0800 0900 0302 0061 00ed 5793 c091 3439  .......a..W...49
        0x0010:  c600 eb69 1894 9eb8 1205 33b4 da55 2fa4  ...i......3..U/.
        0x0020:  08af a0e9 4fb3 0000 0000 0000 0000       ....O.........
11:14:01.327645 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 470, length 64
11:14:02.327710 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 471, length 64
11:14:03.327802 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 472, length 64
11:14:04.327929 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 473, length 64
11:14:05.328081 IP 10.20.151.20 > 10.20.151.1: ICMP echo request, id 23041, seq 474, length 64
11:14:06.168281 c0:91:34:39:d6:9f > 09:00:09:09:13:a6, ethertype Unknown (0x88b7), length 60:

I have tried to add a floating IP to the VM (10.20.151.21) and I am able to ping it from the router namespace. I can ping the IP 10.20.151.48 as well, which is assigned to br-ex on the Controller/Network node.

~(keystone_admin)]# ip netns exec qrouter-dff3861b-69d2-46c8-b990-0d218826955b ping 10.20.151.21
PING 10.20.151.21 (10.20.151.21) 56(84) bytes of data.
64 bytes from 10.20.151.21: icmp_seq=1 ttl=64 time=0.898 ms
64 bytes from 10.20.151.21: icmp_seq=2 ttl=64 time=0.610 ms

Can anybody help me to further investigate the issue? Thanks very much!

UPDATE 21/07/2015

FROM THE CONTROLLER:

cat ./neutron/plugins/ml2/ml2_conf.ini

[ml2]
# (ListOpt) List of network type driver entrypoints to be loaded from
# the neutron.ml2.type_drivers namespace.
#
# type_drivers = local,flat,vlan,gre,vxlan
type_drivers = vxlan
# Example: type_drivers = flat,vlan,gre,vxlan

# (ListOpt) Ordered list of network_types to allocate as tenant
# networks. The default value 'local' is useful for single-box testing
# but provides no connectivity between hosts.
#
# tenant_network_types = local
tenant_network_types = vxlan
# Example: tenant_network_types = vlan,gre,vxlan

# (ListOpt) Ordered list of networking mechanism driver entrypoints
# to be loaded from the neutron.ml2.mechanism_drivers namespace.
# mechanism_drivers =
mechanism_drivers =openvswitch
# Example: mechanism_drivers = openvswitch,mlnx
# Example: mechanism_drivers = arista
# Example: mechanism_drivers = cisco,logger
# Example: mechanism_drivers = openvswitch,brocade
# Example: mechanism_drivers = linuxbridge,brocade

# (ListOpt) Ordered list of extension driver entrypoints
# to be loaded from the neutron.ml2.extension_drivers namespace.
# extension_drivers =
# Example: extension_drivers = anewextensiondriver

# =========== items for MTU selection and advertisement =============
# (IntOpt) Path MTU.  The maximum permissible size of an unfragmented
# packet travelling from and to addresses where encapsulated Neutron
# traffic is sent.  Drivers calculate maximum viable MTU for
# validating tenant requests based on this value (typically,
# path_mtu - max encap header size).  If <=0, the path MTU is
# indeterminate and no calculation takes place.
# path_mtu = 0

# (IntOpt) Segment MTU.  The maximum permissible size of an
# unfragmented packet travelling a L2 network segment.  If <=0,
# the segment MTU is indeterminate and no calculation takes place.
# segment_mtu = 0

# (ListOpt) Physical network MTUs.  List of mappings of physical
# network to MTU value.  The format of the mapping is
# <physnet>:<mtu val>.  This mapping allows specifying a
# physical network MTU value that differs from the default
# segment_mtu value.
# physical_network_mtus =
# Example: physical_network_mtus = physnet1:1550, physnet2:1500
# ======== end of items for MTU selection and advertisement =========

[ml2_type_flat]
# (ListOpt) List of physical_network names with which flat networks
# can be created. Use * to allow flat networks with arbitrary
# physical_network names.
#
# flat_networks =
# Example:flat_networks = physnet1,physnet2
# Example:flat_networks = *

[ml2_type_vlan]
# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples
# specifying physical_network names usable for VLAN provider and
# tenant networks, as well as ranges of VLAN tags on each
# physical_network available for allocation as tenant networks.
#
# network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999,physnet2

[ml2_type_gre]
# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation
# tunnel_id_ranges =

[ml2_type_vxlan]
# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating
# ranges of VXLAN VNI IDs that are available for tenant network allocation.
#
# vni_ranges =
vni_ranges =1001:2000

# (StrOpt) Multicast group for the VXLAN interface. When configured, will
# enable sending all broadcast traffic to this multicast group. When left
# unconfigured, will disable multicast VXLAN mode.
#
# vxlan_group =
vxlan_group =239.1.1.2
# Example: vxlan_group = 239.1.1.1

[securitygroup]
# Controls if neutron security group is enabled or not.
# It should be false when you use nova security group.
# enable_security_group = True
enable_security_group = True

# Use ipset to speed-up the iptables security groups. Enabling ipset support
# requires that ipset is installed on L2 agent node.
# enable_ipset = True

cat /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

[ovs]
# Do not change this parameter unless you have a good reason to.
# This is the name of the OVS integration bridge. There is one per hypervisor.
# The integration bridge acts as a virtual "patch bay". All VM VIFs are
# attached to this bridge and then "patched" according to their network
# connectivity.
#
# integration_bridge = br-int
integration_bridge = br-int

# Only used for the agent if tunnel_id_ranges is not empty for
# the server.  In most cases, the default value should be fine.
#
# tunnel_bridge = br-tun
tunnel_bridge = br-tun

# Peer patch port in integration bridge for tunnel bridge
# int_peer_patch_port = patch-tun

# Peer patch port in tunnel bridge for integration bridge
# tun_peer_patch_port = patch-int

# Uncomment this line for the agent if tunnel_id_ranges is not
# empty for the server. Set local-ip to be the local IP address of
# this hypervisor.
#
# local_ip =
local_ip =10.20.151.48

# (ListOpt) Comma-separated list of <physical_network>:<bridge> tuples
# mapping physical network names to the agent's node-specific OVS
# bridge names to be used for flat and VLAN networks. The length of
# bridge names should be no more than 11. Each bridge must
# exist, and should have a physical network interface configured as a
# port. All physical networks configured on the server should have
# mappings to appropriate bridges on each agent.
#
# bridge_mappings =
bridge_mappings =physnet1:br-ex
# Example: bridge_mappings = physnet1:br-eth1

# (BoolOpt) Use veths instead of patch ports to interconnect the integration
# bridge to physical networks. Support kernel without ovs patch port support
# so long as it is set to True.
# use_veth_interconnection = False

# (StrOpt) Which OVSDB backend to use, defaults to 'vsctl'
# vsctl - The backend based on executing ovs-vsctl
# native - The backend based on using native OVSDB
# ovsdb_interface = vsctl

# (StrOpt) The connection string for the native OVSDB backend
# To enable ovsdb-server to listen on port 6640:
#   ovs-vsctl set-manager ptcp:6640:127.0.0.1
# ovsdb_connection = tcp:127.0.0.1:6640
enable_tunneling=True

[agent]
# Agent's polling interval in seconds
# polling_interval = 2
polling_interval = 2

# Minimize polling by monitoring ovsdb for interface changes
# minimize_polling = True

# When minimize_polling = True, the number of seconds to wait before
# respawning the ovsdb monitor after losing communication with it
# ovsdb_monitor_respawn_interval = 30

# (ListOpt) The types of tenant network tunnels supported by the agent.
# Setting this will enable tunneling support in the agent. This can be set to
# either 'gre' or 'vxlan'. If this is unset, it will default to [] and
# disable tunneling support in the agent.
# You can specify as many values here as your compute hosts supports.
#
# tunnel_types =
tunnel_types =vxlan
# Example: tunnel_types = gre
# Example: tunnel_types = vxlan
# Example: tunnel_types = vxlan, gre

# (IntOpt) The port number to utilize if tunnel_types includes 'vxlan'. By
# default, this will make use of the Open vSwitch default value of '4789' if
# not specified.
#
# vxlan_udp_port =
vxlan_udp_port =4789
# Example: vxlan_udp_port = 8472

# (IntOpt) This is the MTU size of veth interfaces.
# Do not change unless you have a good reason to.
# The default MTU size of veth interfaces is 1500.
# This option has no effect if use_veth_interconnection is False
# veth_mtu =
# Example: veth_mtu = 1504

# (BoolOpt) Flag to enable l2-population extension. This option should only be
# used in conjunction with ml2 plugin and l2population mechanism driver. It'll
# enable plugin to populate remote ports macs and IPs (using fdb_add/remove
# RPC calbbacks instead of tunnel_sync/update) on OVS agents in order to
# optimize tunnel management.
#
# l2_population = False
l2_population = False

# Enable local ARP responder. Requires OVS 2.1. This is only used by the l2
# population ML2 MechanismDriver.
#
# arp_responder = False
arp_responder = False

# Enable suppression of ARP responses that don't match an IP address that
# belongs to the port from which they originate.
# Note: This prevents the VMs attached to this agent from spoofing,
# it doesn't protect them from other devices which have the capability to spoof
# (e.g. bare metal or VMs attached to agents without this flag set to True).
# Requires a version of OVS that can match ARP headers.
#
# prevent_arp_spoofing = False

# (BoolOpt) Set or un-set the don't fragment (DF) bit on outgoing IP packet
# carrying GRE/VXLAN tunnel. The default value is True.
#
# dont_fragment = True

# (BoolOpt) Set to True on L2 agents to enable support
# for distributed virtual routing.
#
# enable_distributed_routing = False
enable_distributed_routing = False

# (IntOpt) Set new timeout in seconds for new rpc calls after agent receives
# SIGTERM. If value is set to 0, rpc timeout won't be changed"
#
# quitting_rpc_timeout = 10

[securitygroup]
# Firewall driver for realizing neutron security group function.
# firewall_driver = neutron.agent.firewall.NoopFirewallDriver
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
# Example: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

# Controls if neutron security group is enabled or not.
# It should be false when you use nova security group.
# enable_security_group = True

#-----------------------------------------------------------------------------
# Sample Configurations.
#-----------------------------------------------------------------------------
#
# 1. With VLANs on eth1.
# [ovs]
# integration_bridge = br-int
# bridge_mappings = default:br-eth1
#
# 2. With GRE tunneling.
# [ovs]
# integration_bridge = br-int
# tunnel_bridge = br-tun
# local_ip = 10.0.0.3
#
# 3. With VXLAN tunneling.
# [ovs]
# integration_bridge = br-int
# tunnel_bridge = br-tun
# local_ip = 10.0.0.3
# [agent]
# tunnel_types = vxlan

FROM THE COMPUTE NODE:

cat /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini

[ovs]
# Do not change this parameter unless you have a good reason to.
# This is the name of the OVS integration bridge. There is one per hypervisor.
# The integration bridge acts as a virtual "patch bay". All VM VIFs are
# attached to this bridge and then "patched" according to their network
# connectivity.
#
# integration_bridge = br-int
integration_bridge = br-int

# Only used for the agent if tunnel_id_ranges is not empty for
# the server.  In most cases, the default value should be fine.
#
# tunnel_bridge = br-tun
tunnel_bridge = br-tun

# Peer patch port in integration bridge for tunnel bridge
# int_peer_patch_port = patch-tun

# Peer patch port in tunnel bridge for integration bridge
# tun_peer_patch_port = patch-int

# Uncomment this line for the agent if tunnel_id_ranges is not
# empty for the server. Set local-ip to be the local IP address of
# this hypervisor.
#
# local_ip =
local_ip =10.20.151.47

# (ListOpt) Comma-separated list of <physical_network>:<bridge> tuples
# mapping physical network names to the agent's node-specific OVS
# bridge names to be used for flat and VLAN networks. The length of
# bridge names should be no more than 11. Each bridge must
# exist, and should have a physical network interface configured as a
# port. All physical networks configured on the server should have
# mappings to appropriate bridges on each agent.
#
# bridge_mappings =
bridge_mappings =physnet1:br-ex
# Example: bridge_mappings = physnet1:br-eth1

# (BoolOpt) Use veths instead of patch ports to interconnect the integration
# bridge to physical networks. Support kernel without ovs patch port support
# so long as it is set to True.
# use_veth_interconnection = False

# (StrOpt) Which OVSDB backend to use, defaults to 'vsctl'
# vsctl - The backend based on executing ovs-vsctl
# native - The backend based on using native OVSDB
# ovsdb_interface = vsctl

# (StrOpt) The connection string for the native OVSDB backend
# To enable ovsdb-server to listen on port 6640:
#   ovs-vsctl set-manager ptcp:6640:127.0.0.1
# ovsdb_connection = tcp:127.0.0.1:6640
enable_tunneling=True

[agent]
# Agent's polling interval in seconds
# polling_interval = 2
polling_interval = 2

# Minimize polling by monitoring ovsdb for interface changes
# minimize_polling = True

# When minimize_polling = True, the number of seconds to wait before
# respawning the ovsdb monitor after losing communication with it
# ovsdb_monitor_respawn_interval = 30

# (ListOpt) The types of tenant network tunnels supported by the agent.
# Setting this will enable tunneling support in the agent. This can be set to
# either 'gre' or 'vxlan'. If this is unset, it will default to [] and
# disable tunneling support in the agent.
# You can specify as many values here as your compute hosts supports.
#
# tunnel_types =
tunnel_types =vxlan
# Example: tunnel_types = gre
# Example: tunnel_types = vxlan
# Example: tunnel_types = vxlan, gre

# (IntOpt) The port number to utilize if tunnel_types includes 'vxlan'. By
# default, this will make use of the Open vSwitch default value of '4789' if
# not specified.
#
# vxlan_udp_port =
vxlan_udp_port =4789
# Example: vxlan_udp_port = 8472

# (IntOpt) This is the MTU size of veth interfaces.
# Do not change unless you have a good reason to.
# The default MTU size of veth interfaces is 1500.
# This option has no effect if use_veth_interconnection is False
# veth_mtu =
# Example: veth_mtu = 1504

# (BoolOpt) Flag to enable l2-population extension. This option should only be
# used in conjunction with ml2 plugin and l2population mechanism driver. It'll
# enable plugin to populate remote ports macs and IPs (using fdb_add/remove
# RPC calbbacks instead of tunnel_sync/update) on OVS agents in order to
# optimize tunnel management.
#
# l2_population = False
l2_population = False

# Enable local ARP responder. Requires OVS 2.1. This is only used by the l2
# population ML2 MechanismDriver.
#
# arp_responder = False
arp_responder = False

# Enable suppression of ARP responses that don't match an IP address that
# belongs to the port from which they originate.
# Note: This prevents the VMs attached to this agent from spoofing,
# it doesn't protect them from other devices which have the capability to spoof
# (e.g. bare metal or VMs attached to agents without this flag set to True).
# Requires a version of OVS that can match ARP headers.
#
# prevent_arp_spoofing = False

# (BoolOpt) Set or un-set the don't fragment (DF) bit on outgoing IP packet
# carrying GRE/VXLAN tunnel. The default value is True.
#
# dont_fragment = True

# (BoolOpt) Set to True on L2 agents to enable support
# for distributed virtual routing.
#
# enable_distributed_routing = False
enable_distributed_routing = False

# (IntOpt) Set new timeout in seconds for new rpc calls after agent receives
# SIGTERM. If value is set to 0, rpc timeout won't be changed"
#
# quitting_rpc_timeout = 10

[securitygroup]
# Firewall driver for realizing neutron security group function.
# firewall_driver = neutron.agent.firewall.NoopFirewallDriver
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
# Example: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

# Controls if neutron security group is enabled or not.
# It should be false when you use nova security group.
# enable_security_group = True

#-----------------------------------------------------------------------------
# Sample Configurations.
#-----------------------------------------------------------------------------
#
# 1. With VLANs on eth1.
# [ovs]
# integration_bridge = br-int
# bridge_mappings = default:br-eth1
#
# 2. With GRE tunneling.
# [ovs]
# integration_bridge = br-int
# tunnel_bridge = br-tun
# local_ip = 10.0.0.3
#
# 3. With VXLAN tunneling.
# [ovs]
# integration_bridge = br-int
# tunnel_bridge = br-tun
# local_ip = 10.0.0.3
# [agent]
# tunnel_types = vxlan