Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Need help with neutron router

I have setup internal and external networks with neutron and connected them (I think) with a router with kilo, I have no connectivity between vms and the external net. The firewall appears to be wide open. The correct posts seem to be assigned. The vms can reach each other on the internal network. I mirrored an interface with ovs and did a tcpcump on pings from the vm and the external net. it looks like the external port is missing something.

Internal:
18:02:34.065694 IP 172.16.64.16 > 172.16.64.1: ICMP echo request, id 23297, seq 0, length 64
18:02:34.065784 IP 172.16.64.1 > 172.16.64.16: ICMP echo reply, id 23297, seq 0, length 64
18:02:35.065633 IP 172.16.64.16 > 172.16.64.1: ICMP echo request, id 23297, seq 1, length 64

Can hit external gateway:

18:00:45.744489 IP 172.16.64.16 > 10.17.0.1: ICMP echo request, id 23041, seq 0, length 64
18:00:45.745263 IP 10.17.0.1 > 172.16.64.16: ICMP echo reply, id 23041, seq 0, length 64
18:00:46.744484 IP 172.16.64.16 > 10.17.0.1: ICMP echo request, id 23041, seq 1, length 64
18:00:46.744956 IP 10.17.0.1 > 172.16.64.16: ICMP echo reply, id 23041, seq 1, length 64

But rom external nothing:

tcpdump -i snooper0
listening on snooper0, link-type EN10MB (Ethernet), capture size 65535 bytes
17:43:56.150193 IP n004 > 172.16.64.16: ICMP echo request, id 46403, seq 1, length 64
17:43:57.149449 IP n004 > 172.16.64.16: ICMP echo request, id 46403, seq 2, length 64
17:43:58.149452 IP n004 > 172.16.64.16: ICMP echo request, id 46403, seq 3, length 64

ovs-vsctl:

 ovs-vsctl show
573be45d-16ee-4aa8-a348-d253a0bc2800
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-0a11010e"
            Interface "vxlan-0a11010e"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.17.1.13", out_key=flow, remote_ip="10.17.1.14"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-0a110111"
            Interface "vxlan-0a110111"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.17.1.13", out_key=flow, remote_ip="10.17.1.17"}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "qg-cd06e66c-c9"
            Interface "qg-cd06e66c-c9"
                type: internal
        Port "bond0"
            Interface "eno2"
            Interface "eno1"
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-int
        fail_mode: secure
        Port "qr-ce0ee769-6f"
            tag: 1
            Interface "qr-ce0ee769-6f"
                type: internal
        Port "qvod38da273-bb"
            tag: 1
            Interface "qvod38da273-bb"
        Port "tap2e4598fe-f6"
            tag: 1
            Interface "tap2e4598fe-f6"
                type: internal
        Port "snooper0"
            Interface "snooper0"
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    ovs_version: "2.3.1"