Revision history [back]

click to hide/show revision 1
initial version

connectivity chain diagnose

Hello everyone.

I need some help to diagnose my openstack connectivity.
here is my network architecture with addresses. Openstack is installed inside 192.168.2.48 host.
From the local network 192.168.3.46 : I can ping all the elements of network (GW, DNS, 192.168.2.48)
From 192.168.2.48 : I can ping DNS, GW, Host A, router 192.168..3.205.
From router : I can ping instance and 192.168.3.205 but not outside the host (DNS, GW, Host A and internet).
Thanks in advance for your suggestions :)

    +----------------+    +----------------+       +-----------------+
    |      Host A    |    | GW:192.168.2.1 |       | DNS:192.168.2.1 |
    |  192.168.3.46  |    +----------------+       +-----------------+
    +----------------+            |                      |
            |                     |                      | network 192.168.2.0/23
 --------------------------------------------------------------------------------      
                               |
                    +----------------------+
                    |     192.168.2.48     |
                    |          |           |
                    |          |           |
                    |          |           |
                    |  +----------------+  |
                    |  |   ----------   |  |
                    |  |     BRIDGE     |  |
                    |  +----------------+  |
                    |          |           |
                    |          |           |
                    |  +----------------+  |
                    |  | 192.168.3.205  |  |
                    |  |    router      |  |
                    |  |   10.0.2.1     |  |
                    |  +----------------+  |
                    |          |           |
                    |          |           |
                    |          |           |
                    |  +----------------+  |
                    |  |    10.0.2.3    |  |
                    |  |    Instance    |  |
                    |  +----------------+  |
                    |                      |
                    +----------------------+

connectivity chain diagnose

Hello everyone.everyone. THE UPDATE IS DOWN : the situation can be understood alone

I need some help to diagnose my openstack OpenStack connectivity.
here is my network architecture with addresses. Openstack is installed inside 192.168.2.48 host.
From the local network 192.168.3.46 : I can ping all the elements of network (GW, DNS, 192.168.2.48)
From 192.168.2.48 : I can ping DNS, GW, Host A, router 192.168..3.205.
From router : I can ping instance and 192.168.3.205 but not outside the host (DNS, GW, Host A and internet).
Thanks in advance for your suggestions :)

    +----------------+    +----------------+       +-----------------+
    |      Host A    |    | GW:192.168.2.1 |       | DNS:192.168.2.1 |
    |  192.168.3.46  |    +----------------+       +-----------------+
    +----------------+            |                      |
            |                     |                      | network 192.168.2.0/23
 --------------------------------------------------------------------------------      
                               |
                    +----------------------+
                    |     192.168.2.48     |
                    |          |           |
                    |          |           |
                    |          |           |
                    |  +----------------+  |
                    |  |   ----------   |  |
                    |  |     BRIDGE     |  |
                    |  +----------------+  |
                    |          |           |
                    |          |           |
                    |  +----------------+  |
                    |  | 192.168.3.205  |  |
                    |  |    router      |  |
                    |  |   10.0.2.1     |  |
                    |  +----------------+  |
                    |          |           |
                    |          |           |
                    |          |           |
                    |  +----------------+  |
                    |  |    10.0.2.3    |  |
                    |  |    Instance    |  |
                    |  +----------------+  |
                    |                      |
                    +----------------------+



[UPDATE 1] I have the environment as shown in the scheme below :

 - Physical host  @192.168.3.46 :
 - Virtual host  @192.168.2.48 : where RDO all in one is deployed
 - OpenStack env :
              - External net : 192.168.2.0/23
              - Tenant subnet : 10.0.1.1/24
              - Router between them : 192.168.3.203, 10.0.1.1


From the local network 192.168.3.46 : I can ping all the elements of network (GW, DNS, 192.168.2.48)
From 192.168.2.48 : I can ping DNS, GW, Host A, router 192.168..3.205.
From router : I cannot outside the host (DNS, GW, Host A and internet). By tcpdumping i figured out that the interface eth0 listens to my icmp request but br-ex does not. i dont understand even if the ports are all connected to the bridge br-ex. here are the figures that may be relevant .. I wonder how it cannot work and I passed a lot of time with this situation tried solutions but nothing happen the same situation.


Thanks for any help you suggest to me :)

    +----------------+    +----------------+       +-----------------+
    |      Host A    |    | GW:192.168.2.1 |       | DNS:192.168.2.1 |
    |  192.168.3.46  |    +----------------+       +-----------------+
    +----------------+            |                      |
            |                     |                      | network 192.168.2.0/23
 --------------------------------------------------------------------------------      
                               |
                    +----------------------+
                    |     192.168.2.48     |
                    |          |           |
                    |          |           |
                    |          |           |
                    |  +----------------+  |
                    |  |   ----------   |  |
                    |  |     BRIDGE     |  |
                    |  +----------------+  |
                    |          |           |
                    |          |           |
                    |  +----------------+  |
                    |  | 192.168.3.203  |  |
                    |  |    router      |  |
                    |  |   10.0.1.1     |  |
                    |                      |
                    +----------------------+

Configuration files :


/etc/neutron/plugin.ini

[ml2]
type_drivers = vxlan,flat,vlan
tenant_network_types = vxlan
mechanism_drivers =openvswitch

[ml2_type_flat]
flat_networks = *

[ml2_type_vlan]

[ml2_type_gre]

[ml2_type_vxlan]
vni_ranges =10:100
vxlan_group =224.0.0.1

[ml2_type_geneve]

[securitygroup]
enable_security_group = True


/etc/neutron/plugins/ml2/openvswitch_agent.ini

[ovs]
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip =192.168.2.48
bridge_mappings = physnet1:br-ex
enable_tunneling=True

[agent]
polling_interval = 2
tunnel_types =vxlan, gre
vxlan_udp_port =4789
l2_population = False
arp_responder = False
prevent_arp_spoofing = True
enable_distributed_routing = False
drop_flows_on_start=False

[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver



[root@localhost ~]# ip netns exec qrouter-6bb53c5a-4561-4bdf-ae6b-b23e73bfa98a ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.3.203 icmp_seq=10 Destination Host Unreachable
From 192.168.3.203 icmp_seq=11 Destination Host Unreachable
From 192.168.3.203 icmp_seq=12 Destination Host Unreachable
From 192.168.3.203 icmp_seq=13 Destination Host Unreachable
^C
--- 8.8.8.8 ping statistics ---
45 packets transmitted, 0 received, +4 errors, 100% packet loss, time 44014ms
pipe 4

TCPDUMP ON router namespace

[root@localhost ~]# ip netns exec qrouter-6bb53c5a-4561-4bdf-ae6b-b23e73bfa98a tcpdump -qnntpi any icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 1, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 2, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 3, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 4, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 5, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 6, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 7, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 8, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 9, length 64
IP 192.168.3.203 > 192.168.3.203: ICMP host 8.8.8.8 unreachable, length 92
IP 192.168.3.203 > 192.168.3.203: ICMP host 8.8.8.8 unreachable, length 92
IP 192.168.3.203 > 192.168.3.203: ICMP host 8.8.8.8 unreachable, length 92
IP 192.168.3.203 > 192.168.3.203: ICMP host 8.8.8.8 unreachable, length 92
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 14, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 15, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 16, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 17, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 18, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 19, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 20, length 64

TCPDUMP ON eth0

[root@localhost ~]# tcpdump -qnntpi eth0 icmp
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 1, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 2, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 3, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 4, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 5, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 6, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 7, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 8, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 9, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 14, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 15, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 16, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 17, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 18, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 19, length 64
IP 192.168.3.203 > 8.8.8.8: ICMP echo request, id 3495, seq 20, length 64

TCPDUMP ON : br-ex didnot hear anything

[root@localhost ~]# tcpdump -qnntpi br-ex icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-ex, link-type EN10MB (Ethernet), capture size 65535 bytes

OVS Architecture

[root@localhost ~]# ovs-vsctl show
ca71317d-dc86-492c-9e4a-5b8f9003676d
    Bridge br-tun
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-ex
        Port "eth0"
            Interface "eth0"
        Port br-ex
            Interface br-ex
                type: internal
        Port "qg-d70064fc-4f"
            Interface "qg-d70064fc-4f"
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-int
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port "qr-7b0b0bbb-dc"
            tag: 2
            Interface "qr-7b0b0bbb-dc"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qvo08948d95-fa"
            tag: 2
            Interface "qvo08948d95-fa"
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qvof1296929-0b"
            tag: 1
            Interface "qvof1296929-0b"
        Port "tap2a3169f5-c2"
            tag: 2
            Interface "tap2a3169f5-c2"
                type: internal
    ovs_version: "2.4.0"