Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time.

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network network. but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time.

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network. network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time.

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time.

[update 1]

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time.

[update 1]

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time.time. Add

[update 1]UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "203.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "203.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "203.64.91.200"} "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "203.64.91.200"} "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

ps: my instance have dufault and global_http.

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

ps: my instance have dufault and global_http.

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-39726063-ac
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-ce447b71-b5
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-39726063-ac

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) ping xxx.64.91.126

PING 203.64.91.126 (203.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

ps: my instance have dufault and global_http.

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-39726063-ac
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-ce447b71-b5
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-39726063-ac

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) ping xxx.64.91.126

PING 203.64.91.126 (203.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable

[update 5]

ubuntu@cemo:~$ curl http://169.254.169.254/latest/meta-data

ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
ramdisk-id
reservation-id

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

ps: my instance have dufault and global_http.

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-39726063-ac
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-ce447b71-b5
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-39726063-ac

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) ping xxx.64.91.126

PING 203.64.91.126 (203.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable

[update 5]

ubuntu@cemo:~$ curl http://169.254.169.254/latest/meta-data

ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
ramdisk-id
reservation-id

[update 6]

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.046 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.037 ms

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-26228fa7-bb
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-b5076984-10
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-26228fa7-bb

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:10 errors:0 dropped:0 overruns:0 frame:0
      TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:840 (840.0 B)  TX bytes:840 (840.0 B)

qg-26228fa7-bb Link encap:Ethernet  HWaddr fa:16:3e:5a:d9:85
      inet addr:xxx.64.91.200  Bcast:xxx.64.91.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe5a:d985/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1551 errors:0 dropped:8 overruns:0 frame:0
      TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:176918 (176.9 KB)  TX bytes:1216 (1.2 KB)

qr-b5076984-10 Link encap:Ethernet  HWaddr fa:16:3e:09:e3:83
      inet addr:10.0.89.1  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe09:e383/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:201 errors:0 dropped:0 overruns:0 frame:0
      TX packets:134 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:18906 (18.9 KB)  TX bytes:16890 (16.8 KB)

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

ps: my instance have dufault and global_http.

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-39726063-ac
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-ce447b71-b5
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-39726063-ac

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) ping xxx.64.91.126

PING 203.64.91.126 (203.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable

[update 5]

ubuntu@cemo:~$ curl http://169.254.169.254/latest/meta-data

ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
ramdisk-id
reservation-id

[update 6]

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.046 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.037 ms

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-26228fa7-bb
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-b5076984-10
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-26228fa7-bb

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:10 errors:0 dropped:0 overruns:0 frame:0
      TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:840 (840.0 B)  TX bytes:840 (840.0 B)

qg-26228fa7-bb Link encap:Ethernet  HWaddr fa:16:3e:5a:d9:85
      inet addr:xxx.64.91.200  Bcast:xxx.64.91.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe5a:d985/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1551 errors:0 dropped:8 overruns:0 frame:0
      TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:176918 (176.9 KB)  TX bytes:1216 (1.2 KB)

qr-b5076984-10 Link encap:Ethernet  HWaddr fa:16:3e:09:e3:83
      inet addr:10.0.89.1  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe09:e383/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:201 errors:0 dropped:0 overruns:0 frame:0
      TX packets:134 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:18906 (18.9 KB)  TX bytes:16890 (16.8 KB)

[update 7]

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.363 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.049 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.038 ms

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.89.1       0.0.0.0         UG    0      0        0 tap6f1ad2f7-d0
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 tap6f1ad2f7-d0

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tap6f1ad2f7-d0 Link encap:Ethernet  HWaddr fa:16:3e:d3:b4:9c
      inet addr:10.0.89.3  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fed3:b49c/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1740 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1737 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:311840 (311.8 KB)  TX bytes:333454 (333.4 KB)

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

ps: my instance have dufault and global_http.

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-39726063-ac
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-ce447b71-b5
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-39726063-ac

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) ping xxx.64.91.126

PING 203.64.91.126 (203.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable

[update 5]

ubuntu@cemo:~$ curl http://169.254.169.254/latest/meta-data

ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
ramdisk-id
reservation-id

[update 6]

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.046 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.037 ms

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-26228fa7-bb
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-b5076984-10
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-26228fa7-bb

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:10 errors:0 dropped:0 overruns:0 frame:0
      TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:840 (840.0 B)  TX bytes:840 (840.0 B)

qg-26228fa7-bb Link encap:Ethernet  HWaddr fa:16:3e:5a:d9:85
      inet addr:xxx.64.91.200  Bcast:xxx.64.91.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe5a:d985/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1551 errors:0 dropped:8 overruns:0 frame:0
      TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:176918 (176.9 KB)  TX bytes:1216 (1.2 KB)

qr-b5076984-10 Link encap:Ethernet  HWaddr fa:16:3e:09:e3:83
      inet addr:10.0.89.1  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe09:e383/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:201 errors:0 dropped:0 overruns:0 frame:0
      TX packets:134 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:18906 (18.9 KB)  TX bytes:16890 (16.8 KB)

[update 7]

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.363 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.049 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.038 ms

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.89.1       0.0.0.0         UG    0      0        0 tap6f1ad2f7-d0
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 tap6f1ad2f7-d0

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tap6f1ad2f7-d0 Link encap:Ethernet  HWaddr fa:16:3e:d3:b4:9c
      inet addr:10.0.89.3  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fed3:b49c/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1740 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1737 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:311840 (311.8 KB)  TX bytes:333454 (333.4 KB)

[update 8] ubuntu@cemos:~$ ping -c 3 xxx.64.91.200

PING 203.64.91.200 (203.64.91.200) 56(84) bytes of data.
64 bytes from 203.64.91.200: icmp_seq=1 ttl=64 time=0.848 ms
64 bytes from 203.64.91.200: icmp_seq=2 ttl=64 time=0.697 ms
64 bytes from 203.64.91.200: icmp_seq=3 ttl=64 time=0.686 ms

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

ps: my instance have dufault and global_http.

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-39726063-ac
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-ce447b71-b5
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-39726063-ac

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) ping xxx.64.91.126

PING 203.64.91.126 (203.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable

[update 5]

ubuntu@cemo:~$ curl http://169.254.169.254/latest/meta-data

ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
ramdisk-id
reservation-id

[update 6]

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.046 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.037 ms

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-26228fa7-bb
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-b5076984-10
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-26228fa7-bb

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:10 errors:0 dropped:0 overruns:0 frame:0
      TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:840 (840.0 B)  TX bytes:840 (840.0 B)

qg-26228fa7-bb Link encap:Ethernet  HWaddr fa:16:3e:5a:d9:85
      inet addr:xxx.64.91.200  Bcast:xxx.64.91.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe5a:d985/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1551 errors:0 dropped:8 overruns:0 frame:0
      TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:176918 (176.9 KB)  TX bytes:1216 (1.2 KB)

qr-b5076984-10 Link encap:Ethernet  HWaddr fa:16:3e:09:e3:83
      inet addr:10.0.89.1  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe09:e383/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:201 errors:0 dropped:0 overruns:0 frame:0
      TX packets:134 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:18906 (18.9 KB)  TX bytes:16890 (16.8 KB)

[update 7]

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.363 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.049 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.038 ms

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.89.1       0.0.0.0         UG    0      0        0 tap6f1ad2f7-d0
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 tap6f1ad2f7-d0

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tap6f1ad2f7-d0 Link encap:Ethernet  HWaddr fa:16:3e:d3:b4:9c
      inet addr:10.0.89.3  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fed3:b49c/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1740 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1737 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:311840 (311.8 KB)  TX bytes:333454 (333.4 KB)

[update 8] ubuntu@cemos:~$ ping -c 3 xxx.64.91.200

PING 203.64.91.200 (203.64.91.200) xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from 203.64.91.200: xxx.64.91.200: icmp_seq=1 ttl=64 time=0.848 ms
64 bytes from 203.64.91.200: xxx.64.91.200: icmp_seq=2 ttl=64 time=0.697 ms
64 bytes from 203.64.91.200: xxx.64.91.200: icmp_seq=3 ttl=64 time=0.686 ms

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

ps: my instance have dufault and global_http.

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-39726063-ac
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-ce447b71-b5
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-39726063-ac

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) ping xxx.64.91.126

PING 203.64.91.126 (203.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable

[update 5]

ubuntu@cemo:~$ curl http://169.254.169.254/latest/meta-data

ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
ramdisk-id
reservation-id

[update 6]

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.046 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.037 ms

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-26228fa7-bb
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-b5076984-10
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-26228fa7-bb

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:10 errors:0 dropped:0 overruns:0 frame:0
      TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:840 (840.0 B)  TX bytes:840 (840.0 B)

qg-26228fa7-bb Link encap:Ethernet  HWaddr fa:16:3e:5a:d9:85
      inet addr:xxx.64.91.200  Bcast:xxx.64.91.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe5a:d985/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1551 errors:0 dropped:8 overruns:0 frame:0
      TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:176918 (176.9 KB)  TX bytes:1216 (1.2 KB)

qr-b5076984-10 Link encap:Ethernet  HWaddr fa:16:3e:09:e3:83
      inet addr:10.0.89.1  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe09:e383/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:201 errors:0 dropped:0 overruns:0 frame:0
      TX packets:134 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:18906 (18.9 KB)  TX bytes:16890 (16.8 KB)

[update 7]

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.363 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.049 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.038 ms

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.89.1       0.0.0.0         UG    0      0        0 tap6f1ad2f7-d0
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 tap6f1ad2f7-d0

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tap6f1ad2f7-d0 Link encap:Ethernet  HWaddr fa:16:3e:d3:b4:9c
      inet addr:10.0.89.3  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fed3:b49c/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1740 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1737 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:311840 (311.8 KB)  TX bytes:333454 (333.4 KB)

[update 8] ubuntu@cemos:~$ ping -c 3 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.848 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.697 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.686 ms

[update 9]

ubuntu@cemos:~$ ping -c 3 xxx.64.91.126

PING xxx.64.91.126 (xxx.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=3 Destination Host Unreachable

ubuntu@cemos:~$ ping -c 3 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

ps: my instance have dufault and global_http.

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-39726063-ac
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-ce447b71-b5
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-39726063-ac

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) ping xxx.64.91.126

PING 203.64.91.126 (203.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable

[update 5]

ubuntu@cemo:~$ curl http://169.254.169.254/latest/meta-data

ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
ramdisk-id
reservation-id

[update 6]

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.046 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.037 ms

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-26228fa7-bb
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-b5076984-10
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-26228fa7-bb

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:10 errors:0 dropped:0 overruns:0 frame:0
      TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:840 (840.0 B)  TX bytes:840 (840.0 B)

qg-26228fa7-bb Link encap:Ethernet  HWaddr fa:16:3e:5a:d9:85
      inet addr:xxx.64.91.200  Bcast:xxx.64.91.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe5a:d985/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1551 errors:0 dropped:8 overruns:0 frame:0
      TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:176918 (176.9 KB)  TX bytes:1216 (1.2 KB)

qr-b5076984-10 Link encap:Ethernet  HWaddr fa:16:3e:09:e3:83
      inet addr:10.0.89.1  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe09:e383/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:201 errors:0 dropped:0 overruns:0 frame:0
      TX packets:134 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:18906 (18.9 KB)  TX bytes:16890 (16.8 KB)

[update 7]

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.363 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.049 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.038 ms

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.89.1       0.0.0.0         UG    0      0        0 tap6f1ad2f7-d0
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 tap6f1ad2f7-d0

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tap6f1ad2f7-d0 Link encap:Ethernet  HWaddr fa:16:3e:d3:b4:9c
      inet addr:10.0.89.3  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fed3:b49c/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1740 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1737 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:311840 (311.8 KB)  TX bytes:333454 (333.4 KB)

[update 8] ubuntu@cemos:~$ ping -c 3 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.848 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.697 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.686 ms

[update 9]

ubuntu@cemos:~$ ping -c 3 xxx.64.91.126

PING xxx.64.91.126 (xxx.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=3 Destination Host Unreachable

ubuntu@cemos:~$ ping -c 3 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms

[update 10]

auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet manual
    up ifconfig $IFACE 0.0.0.0 up
    down ifconfig $IFACE down

auto br-ex
iface br-ex inet static
    address xxx.64.91.55
    netmask 255.255.255.128
    network xxx.64.91.0
    broadcast xxx.64.91.127
    gateway xxx.64.91.126
    dns-nameservers 8.8.8.8

auto eth1
iface eth1 inet static
    address 10.0.1.2
    netmask 255.255.255.0
click to hide/show revision 18
No.18 Revision

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

ps: my instance have dufault and global_http.

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-39726063-ac
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-ce447b71-b5
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-39726063-ac

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) ping xxx.64.91.126

PING 203.64.91.126 (203.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable

[update 5]

ubuntu@cemo:~$ curl http://169.254.169.254/latest/meta-data

ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
ramdisk-id
reservation-id

[update 6]

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.046 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.037 ms

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-26228fa7-bb
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-b5076984-10
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-26228fa7-bb

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:10 errors:0 dropped:0 overruns:0 frame:0
      TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:840 (840.0 B)  TX bytes:840 (840.0 B)

qg-26228fa7-bb Link encap:Ethernet  HWaddr fa:16:3e:5a:d9:85
      inet addr:xxx.64.91.200  Bcast:xxx.64.91.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe5a:d985/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1551 errors:0 dropped:8 overruns:0 frame:0
      TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:176918 (176.9 KB)  TX bytes:1216 (1.2 KB)

qr-b5076984-10 Link encap:Ethernet  HWaddr fa:16:3e:09:e3:83
      inet addr:10.0.89.1  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe09:e383/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:201 errors:0 dropped:0 overruns:0 frame:0
      TX packets:134 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:18906 (18.9 KB)  TX bytes:16890 (16.8 KB)

[update 7]

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.363 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.049 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.038 ms

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.89.1       0.0.0.0         UG    0      0        0 tap6f1ad2f7-d0
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 tap6f1ad2f7-d0

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tap6f1ad2f7-d0 Link encap:Ethernet  HWaddr fa:16:3e:d3:b4:9c
      inet addr:10.0.89.3  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fed3:b49c/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1740 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1737 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:311840 (311.8 KB)  TX bytes:333454 (333.4 KB)

[update 8] ubuntu@cemos:~$ ping -c 3 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.848 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.697 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.686 ms

[update 9]

ubuntu@cemos:~$ ping -c 3 xxx.64.91.126

PING xxx.64.91.126 (xxx.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=3 Destination Host Unreachable

ubuntu@cemos:~$ ping -c 3 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms

[update 10]

auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet manual
    up ifconfig $IFACE 0.0.0.0 up
up <=== error here B.D.
    down ifconfig $IFACE down

auto br-ex
iface br-ex inet static
    address xxx.64.91.55
    netmask 255.255.255.128
    network xxx.64.91.0
    broadcast xxx.64.91.127
    gateway xxx.64.91.126
    dns-nameservers 8.8.8.8

auto eth1
iface eth1 inet static
    address 10.0.1.2
    netmask 255.255.255.0
click to hide/show revision 19
No.19 Revision

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

ps: my instance have dufault and global_http.

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-39726063-ac
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-ce447b71-b5
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-39726063-ac

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) ping xxx.64.91.126

PING 203.64.91.126 (203.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable

[update 5]

ubuntu@cemo:~$ curl http://169.254.169.254/latest/meta-data

ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
ramdisk-id
reservation-id

[update 6]

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.046 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.037 ms

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-26228fa7-bb
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-b5076984-10
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-26228fa7-bb

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:10 errors:0 dropped:0 overruns:0 frame:0
      TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:840 (840.0 B)  TX bytes:840 (840.0 B)

qg-26228fa7-bb Link encap:Ethernet  HWaddr fa:16:3e:5a:d9:85
      inet addr:xxx.64.91.200  Bcast:xxx.64.91.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe5a:d985/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1551 errors:0 dropped:8 overruns:0 frame:0
      TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:176918 (176.9 KB)  TX bytes:1216 (1.2 KB)

qr-b5076984-10 Link encap:Ethernet  HWaddr fa:16:3e:09:e3:83
      inet addr:10.0.89.1  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe09:e383/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:201 errors:0 dropped:0 overruns:0 frame:0
      TX packets:134 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:18906 (18.9 KB)  TX bytes:16890 (16.8 KB)

[update 7]

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.363 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.049 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.038 ms

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.89.1       0.0.0.0         UG    0      0        0 tap6f1ad2f7-d0
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 tap6f1ad2f7-d0

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tap6f1ad2f7-d0 Link encap:Ethernet  HWaddr fa:16:3e:d3:b4:9c
      inet addr:10.0.89.3  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fed3:b49c/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1740 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1737 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:311840 (311.8 KB)  TX bytes:333454 (333.4 KB)

[update 8] ubuntu@cemos:~$ ping -c 3 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.848 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.697 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.686 ms

[update 9]

ubuntu@cemos:~$ ping -c 3 xxx.64.91.126

PING xxx.64.91.126 (xxx.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=3 Destination Host Unreachable

ubuntu@cemos:~$ ping -c 3 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms

[update 10]

auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet manual
    up ifconfig $IFACE 0.0.0.0 up <=== error here B.D.
     down ifconfig $IFACE down

auto br-ex
iface br-ex inet static
    address xxx.64.91.55
    netmask 255.255.255.128
    network xxx.64.91.0
    broadcast xxx.64.91.127
    gateway xxx.64.91.126
    dns-nameservers 8.8.8.8

auto eth1
iface eth1 inet static
    address 10.0.1.2
    netmask 255.255.255.0

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

ps: my instance have dufault and global_http.

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-39726063-ac
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-ce447b71-b5
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-39726063-ac

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) ping xxx.64.91.126

PING 203.64.91.126 (203.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable

[update 5]

ubuntu@cemo:~$ curl http://169.254.169.254/latest/meta-data

ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
ramdisk-id
reservation-id

[update 6]

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.046 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.037 ms

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-26228fa7-bb
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-b5076984-10
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-26228fa7-bb

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:10 errors:0 dropped:0 overruns:0 frame:0
      TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:840 (840.0 B)  TX bytes:840 (840.0 B)

qg-26228fa7-bb Link encap:Ethernet  HWaddr fa:16:3e:5a:d9:85
      inet addr:xxx.64.91.200  Bcast:xxx.64.91.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe5a:d985/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1551 errors:0 dropped:8 overruns:0 frame:0
      TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:176918 (176.9 KB)  TX bytes:1216 (1.2 KB)

qr-b5076984-10 Link encap:Ethernet  HWaddr fa:16:3e:09:e3:83
      inet addr:10.0.89.1  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe09:e383/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:201 errors:0 dropped:0 overruns:0 frame:0
      TX packets:134 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:18906 (18.9 KB)  TX bytes:16890 (16.8 KB)

[update 7]

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.363 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.049 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.038 ms

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.89.1       0.0.0.0         UG    0      0        0 tap6f1ad2f7-d0
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 tap6f1ad2f7-d0

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tap6f1ad2f7-d0 Link encap:Ethernet  HWaddr fa:16:3e:d3:b4:9c
      inet addr:10.0.89.3  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fed3:b49c/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1740 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1737 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:311840 (311.8 KB)  TX bytes:333454 (333.4 KB)

[update 8] ubuntu@cemos:~$ ping -c 3 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.848 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.697 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.686 ms

[update 9]

ubuntu@cemos:~$ ping -c 3 xxx.64.91.126

PING xxx.64.91.126 (xxx.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=3 Destination Host Unreachable

ubuntu@cemos:~$ ping -c 3 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms

[update 10]

auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet manual
    up ifconfig $IFACE 0.0.0.0 up 
    down ifconfig $IFACE down

auto br-ex
iface br-ex inet static
    address xxx.64.91.55
    netmask 255.255.255.128
    network xxx.64.91.0
    broadcast xxx.64.91.127
    gateway xxx.64.91.126
    dns-nameservers 8.8.8.8

auto eth1
iface eth1 inet static
    address 10.0.1.2
    netmask 255.255.255.0

[update 11]---solution of my problem

problem describe: instance can not ping internet (like 8.8.8.8)

solution is two part.

check steps:

1.instance can ping vRouter gateway

2.instance can ping vRouter external gateway

3.instance can not ping external net gateway

4.ip netns exec qrouter-xxx ping external net gateway is not work!

part one:

There's two different ways to connect a router to its external network.

The old approach, using br-ex,is also my using.

But,I decide to use another approach,provider networks, so that the external leg of a router is connected back to br-int, and flows are installed on br-int connecting it to a bridge, which is connected to a physical NIC.

detail: https://bugzilla.redhat.com/show_bug.cgi?id=1054857#c6

So,I modified part of ml2_conf.ini.

[ml2]

type_drivers = local,flat,vlan,gre,vxlan

[ml2_type_flat]

flat_networks = external

[ovs]

bridge_mappings = external:br-ex

part two:

Recreate external net and change ip address range and netmask.

This part may be caused that I using physical mechine and physical ip address.

neutron net-create ext-net --router:external True --provider:physical_network external --provider:network_type flat

neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.xx.91.41,end=xxx.xx.91.54 --disable-dhcp --gateway xxx.xx.91.126 xxx.xx.91.0/25

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

ps: my instance have dufault and global_http.

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-39726063-ac
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-ce447b71-b5
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-39726063-ac

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) ping xxx.64.91.126

PING 203.64.91.126 (203.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable

[update 5]

ubuntu@cemo:~$ curl http://169.254.169.254/latest/meta-data

ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
ramdisk-id
reservation-id

[update 6]

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.046 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.037 ms

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-26228fa7-bb
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-b5076984-10
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-26228fa7-bb

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:10 errors:0 dropped:0 overruns:0 frame:0
      TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:840 (840.0 B)  TX bytes:840 (840.0 B)

qg-26228fa7-bb Link encap:Ethernet  HWaddr fa:16:3e:5a:d9:85
      inet addr:xxx.64.91.200  Bcast:xxx.64.91.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe5a:d985/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1551 errors:0 dropped:8 overruns:0 frame:0
      TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:176918 (176.9 KB)  TX bytes:1216 (1.2 KB)

qr-b5076984-10 Link encap:Ethernet  HWaddr fa:16:3e:09:e3:83
      inet addr:10.0.89.1  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe09:e383/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:201 errors:0 dropped:0 overruns:0 frame:0
      TX packets:134 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:18906 (18.9 KB)  TX bytes:16890 (16.8 KB)

[update 7]

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.363 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.049 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.038 ms

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.89.1       0.0.0.0         UG    0      0        0 tap6f1ad2f7-d0
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 tap6f1ad2f7-d0

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tap6f1ad2f7-d0 Link encap:Ethernet  HWaddr fa:16:3e:d3:b4:9c
      inet addr:10.0.89.3  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fed3:b49c/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1740 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1737 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:311840 (311.8 KB)  TX bytes:333454 (333.4 KB)

[update 8] ubuntu@cemos:~$ ping -c 3 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.848 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.697 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.686 ms

[update 9]

ubuntu@cemos:~$ ping -c 3 xxx.64.91.126

PING xxx.64.91.126 (xxx.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=3 Destination Host Unreachable

ubuntu@cemos:~$ ping -c 3 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms

[update 10]

auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet manual
    up ifconfig $IFACE 0.0.0.0 up 
    down ifconfig $IFACE down

auto br-ex
iface br-ex inet static
    address xxx.64.91.55
    netmask 255.255.255.128
    network xxx.64.91.0
    broadcast xxx.64.91.127
    gateway xxx.64.91.126
    dns-nameservers 8.8.8.8

auto eth1
iface eth1 inet static
    address 10.0.1.2
    netmask 255.255.255.0

[update 11]---solution of my problem

problem describe: instance can not ping internet (like 8.8.8.8)

solution is two part.

check steps:

1.instance can ping vRouter gateway

2.instance can ping vRouter external gateway

3.instance can not ping external net gateway

4.ip netns exec qrouter-xxx ping external net gateway is not work!

part one:

There's two different ways to connect a router to its external network.

The old approach, using br-ex,is also my using.

But,I decide to use another approach,provider networks, so that the external leg of a router is connected back to br-int, and flows are installed on br-int connecting it to a bridge, which is connected to a physical NIC.

detail: https://bugzilla.redhat.com/show_bug.cgi?id=1054857#c6

So,I modified part of ml2_conf.ini.

[ml2]

type_drivers = local,flat,vlan,gre,vxlan

[ml2_type_flat]

flat_networks = external

[ovs]

bridge_mappings = external:br-ex

part two:

Recreate external net and change ip address range and netmask.

This part may be caused that I using physical mechine and physical ip address.

neutron net-create ext-net --router:external True --provider:physical_network external --provider:network_type flat

neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.xx.91.41,end=xxx.xx.91.54 --disable-dhcp --gateway xxx.xx.91.126 xxx.xx.91.0/25

router gateway port binding_fail and DOWN

OS: ubuntu 14.03LTS openstack version: juno network type: vxlan

port-id = 4432fc7e-793e-47c2-8f74-d1bde3549ec3 this port is connecting between public(external network) and private network.

but problem one: I found port's status is DOWN and binding:vif_type is binding_fail.

I look for neutron-server.log. but,I don't find any errror message. what is the problem caused ?

problem two:

I can not ping 8.8.8.8

the solution is in update 11 field.

info:

neutron port-show 4432fc7e-793e-47c2-8f74-d1bde3549ec3

| Field                 | Value                                                           |         
+-----------------------+-------------------------------------------------------------------------+
| admin_state_up        | True                                                               
| allowed_address_pairs |                                                                    
| binding:host_id       | openstack1                                                       
| binding:profile       | {}                                                                    
| binding:vif_details   | {}                                                                    
| binding:vif_type      | binding_failed                                
| device_id             | 620bb1bc-c694-41e2-90bf-4be282921dd4         
| device_owner          | network:router_gateway                         
| extra_dhcp_opts       |                                           
| fixed_ips             | {"subnet_id": "83516ff4-890a-4df7-9e32-6c66b971135f", "ip_address": "203.64.91.204"} |
| id                    | 4432fc7e-793e-47c2-8f74-d1bde3549ec3                 
| mac_address           | fa:16:3e:2d:dd:49                                   
| name                  |                                                                 
| network_id            | 66d58f14-ae21-463b-a889-cce33d23a1b0        
| security_groups       |                                                           
| status                | DOWN                                                     
| tenant_id             |                                                    
+-----------------------+---------------------------------------------------------+

Please,help me. I am confused for a long time. Add

UPDATE1 : CLI for creating external network and router gateway.

admin:

 neutron net-create ext-net --router:external True 
 neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.64.91.200,end=xxx.64.91.220 --gateway xxx.64.91.126 xxx.64.91.0/24

demo:

neutron net-create cemoNet
neutron subnet-create cemoNet --name cemoSubnet 10.0.92.0/24
neutron router-create cemoRouter
neutron router-interface-add cemoRouter cemoSubnet
neutron router-gateway-set cemoRouter ext-net

UPDATE 2 : Create OVS bridge br-ex and OVS port on Network Node

ovs-vsctl show

  Bridge br-ex
    Port br-ex
        Interface br-ex
            type: internal
    Port "eth0"
        Interface "eth0"
    Port "tapf7a7ed91-64"
        Interface "tapf7a7ed91-64"
Bridge br-tun
    fail_mode: secure
    Port "vxlan-0a000103"
        Interface "vxlan-0a000103"
            type: vxlan
            options: {df_default="true", in_key=flow, local_ip="10.0.1.2", out_key=flow, remote_ip="10.0.1.3"}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
Bridge br-int
    fail_mode: secure
    Port "tapb08604a6-7e"
        tag: 1
        Interface "tapb08604a6-7e"
    Port br-int
        Interface br-int
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
ovs_version: "2.0.2"

UPDATE 3 : Creating security rules.

nova secgroup-list-rules global_http

 +-------------+-----------+---------+-----------+--------------+
 | IP Protocol | From Port | To Port | IP Range  | Source Group |
 +-------------+-----------+---------+-----------+--------------+
 | tcp         | 80        | 80      | 0.0.0.0/0 |              |
 | tcp         | 443       | 443     | 0.0.0.0/0 |              |
 +-------------+-----------+---------+-----------+--------------+

[update 4]

nova secgroup-list-rules default

ps: my instance have dufault and global_http.

+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

ifconfig

br-ex     Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet addr:xxx.64.91.55  Bcast:xxx.64.91.127  Mask:255.255.255.128
      inet6 addr: fe80::9070:9dff:fed7:f842/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:8222832 errors:0 dropped:39723 overruns:0 frame:0
      TX packets:906114 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:1000716448 (1.0 GB)  TX bytes:498762330 (498.7 MB)

br-int    Link encap:Ethernet  HWaddr 5e:07:dd:f0:34:41
      inet6 addr: fe80::ec57:aeff:fea5:3070/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:2862 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:795974 (795.9 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 3a:dd:9a:2f:cf:48
      inet6 addr: fe80::c4da:5fff:fe63:b11b/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 20:cf:30:5a:c6:6c
      inet6 addr: fe80::22cf:30ff:fe5a:c66c/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:8450451 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1084850 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:1017667231 (1.0 GB)  TX bytes:510163619 (510.1 MB)

eth1      Link encap:Ethernet  HWaddr 20:cf:30:5a:c5:08
      inet addr:10.0.1.2  Bcast:10.0.1.255  Mask:255.255.255.0
      inet6 addr: fe80::22cf:30ff:fe5a:c508/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:45822 errors:0 dropped:0 overruns:0 frame:0
      TX packets:43793 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8685050 (8.6 MB)  TX bytes:7803845 (7.8 MB)

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:8336595 errors:0 dropped:0 overruns:0 frame:0
      TX packets:8336595 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:2385289750 (2.3 GB)  TX bytes:2385289750 (2.3 GB)

(user:demo)neutron router-list

| id                                   | name       | external_gateway_info |                                                                                                                                                                                                 
+--------------------------------------+------------+---------------------------+
| 5314630c-6463-4311-bc5a-55907e3c3891 | cemoRouter | {"network_id": "be74f636-c                                                                          b50-43e1-9fe9-22676014bfbf", "enable_snat": true, "external_fixed_ips": [{"subne                                                                          t_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"}]}  |
+--------------------------------------+------------+---------------------------

(user:admin)neutron router-port-list cemoRouter

+--------------------------------------+------+-------------------+---------------------------+
| id                                   | name | mac_address       | fixed_ips                    |
+--------------------------------------+------+-------------------+--------------------------+
| 39726063-ac20-4dec-ada8-03f80e4c6cdf |      | fa:16:3e:29:a7:7f | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| ce447b71-b5a2-4877-adef-22cf8589a7ec |      | fa:16:3e:80:f5:84 | {"subnet_id": "9569c5a7-2141-489c-ba5c-bf7adad16721", "ip_address": "10.0.89.1"}     |
+----------------

ps:(user:demo) 39726063-ac20-4dec-ada8-03f80e4c6cdf is not shown. I must change user to admin ,then it exists.

(user:admin)neutron port-show 39726063-ac20-4dec-ada8-03f80e4c6cdf

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       | openstack1                                                                           |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                       |
| binding:vif_type      | ovs                                                                                  |
| binding:vnic_type     | normal                                                                               |
| device_id             | 5314630c-6463-4311-bc5a-55907e3c3891                                                 |
| device_owner          | network:router_gateway                                                               |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "fe7b58db-7150-4fa5-87f1-59ff488a8522", "ip_address": "xxx.64.91.200"} |
| id                    | 39726063-ac20-4dec-ada8-03f80e4c6cdf                                                 |
| mac_address           | fa:16:3e:29:a7:7f                                                                    |
| name                  |                                                                                      |
| network_id            | be74f636-cb50-43e1-9fe9-22676014bfbf                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-39726063-ac
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-ce447b71-b5
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-39726063-ac

sudo ip netns exec qrouter-5314630c-6463-4311-bc5a-55907e3c3891(cemoRouter) ping xxx.64.91.126

PING 203.64.91.126 (203.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable

[update 5]

ubuntu@cemo:~$ curl http://169.254.169.254/latest/meta-data

ami-id
ami-launch-index
ami-manifest-path
block-device-mapping/
hostname
instance-action
instance-id
instance-type
kernel-id
local-hostname
local-ipv4
placement/
public-hostname
public-ipv4
public-keys/
ramdisk-id
reservation-id

[update 6]

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.037 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.046 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.037 ms

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.64.91.126   0.0.0.0         UG    0      0        0 qg-26228fa7-bb
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 qr-b5076984-10
xxx.64.91.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-26228fa7-bb

sudo ip netns exec qrouter-798c6b22-3d51-4214-bedc-23c360828dc7 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:10 errors:0 dropped:0 overruns:0 frame:0
      TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:840 (840.0 B)  TX bytes:840 (840.0 B)

qg-26228fa7-bb Link encap:Ethernet  HWaddr fa:16:3e:5a:d9:85
      inet addr:xxx.64.91.200  Bcast:xxx.64.91.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe5a:d985/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1551 errors:0 dropped:8 overruns:0 frame:0
      TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:176918 (176.9 KB)  TX bytes:1216 (1.2 KB)

qr-b5076984-10 Link encap:Ethernet  HWaddr fa:16:3e:09:e3:83
      inet addr:10.0.89.1  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fe09:e383/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:201 errors:0 dropped:0 overruns:0 frame:0
      TX packets:134 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:18906 (18.9 KB)  TX bytes:16890 (16.8 KB)

[update 7]

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ping -c 5 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.363 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from xxx.64.91.200: icmp_seq=4 ttl=64 time=0.049 ms
64 bytes from xxx.64.91.200: icmp_seq=5 ttl=64 time=0.038 ms

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.89.1       0.0.0.0         UG    0      0        0 tap6f1ad2f7-d0
10.0.89.0       0.0.0.0         255.255.255.0   U     0      0        0 tap6f1ad2f7-d0

sudo ip netns exec qdhcp-0291928c-a981-4445-98c3-7115e4ad5a25 ifconfig

lo        Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tap6f1ad2f7-d0 Link encap:Ethernet  HWaddr fa:16:3e:d3:b4:9c
      inet addr:10.0.89.3  Bcast:10.0.89.255  Mask:255.255.255.0
      inet6 addr: fe80::f816:3eff:fed3:b49c/64 Scope:Link
      UP BROADCAST RUNNING  MTU:1500  Metric:1
      RX packets:1740 errors:0 dropped:0 overruns:0 frame:0
      TX packets:1737 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:311840 (311.8 KB)  TX bytes:333454 (333.4 KB)

[update 8] ubuntu@cemos:~$ ping -c 3 xxx.64.91.200

PING xxx.64.91.200 (xxx.64.91.200) 56(84) bytes of data.
64 bytes from xxx.64.91.200: icmp_seq=1 ttl=64 time=0.848 ms
64 bytes from xxx.64.91.200: icmp_seq=2 ttl=64 time=0.697 ms
64 bytes from xxx.64.91.200: icmp_seq=3 ttl=64 time=0.686 ms

[update 9]

ubuntu@cemos:~$ ping -c 3 xxx.64.91.126

PING xxx.64.91.126 (xxx.64.91.126) 56(84) bytes of data.
From xxx.64.91.200 icmp_seq=1 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=2 Destination Host Unreachable
From xxx.64.91.200 icmp_seq=3 Destination Host Unreachable

ubuntu@cemos:~$ ping -c 3 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms

[update 10]

auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet manual
    up ifconfig $IFACE 0.0.0.0 up 
    down ifconfig $IFACE down

auto br-ex
iface br-ex inet static
    address xxx.64.91.55
    netmask 255.255.255.128
    network xxx.64.91.0
    broadcast xxx.64.91.127
    gateway xxx.64.91.126
    dns-nameservers 8.8.8.8

auto eth1
iface eth1 inet static
    address 10.0.1.2
    netmask 255.255.255.0

[update 11]---solution of my problem

problem describe: instance can not ping internet (like 8.8.8.8)

solution is two part.

check steps:

1.instance can ping vRouter gateway

2.instance can ping vRouter external gateway

3.instance can not ping external net gateway

4.ip netns exec qrouter-xxx ping external net gateway is not work!

part one:

There's two different ways to connect a router to its external network.

The old approach, using br-ex,is also my using.

But,I decide to use another approach,provider networks, so that the external leg of a router is connected back to br-int, and flows are installed on br-int connecting it to a bridge, which is connected to a physical NIC.

detail: https://bugzilla.redhat.com/show_bug.cgi?id=1054857#c6

So,I modified part of ml2_conf.ini.

[ml2]

type_drivers = local,flat,vlan,gre,vxlan

[ml2_type_flat]

flat_networks = external

[ovs]

bridge_mappings = external:br-ex

part two:

Recreate external net and change ip address range and netmask.

This part may be caused that I using physical mechine and physical ip address.

neutron net-create ext-net --router:external True --provider:physical_network external --provider:network_type flat

neutron subnet-create ext-net --name ext-subnet --allocation-pool start=xxx.xx.91.41,end=xxx.xx.91.54 --disable-dhcp --gateway xxx.xx.91.126 xxx.xx.91.0/25