Ask Your Question

highland's profile - activity

2016-05-12 05:26:13 -0500 received badge  Famous Question (source)
2016-05-12 05:26:13 -0500 received badge  Notable Question (source)
2015-12-08 06:49:04 -0500 received badge  Famous Question (source)
2015-11-05 04:25:48 -0500 received badge  Popular Question (source)
2015-10-27 22:24:45 -0500 received badge  Popular Question (source)
2015-10-27 22:24:45 -0500 received badge  Famous Question (source)
2015-10-27 22:24:45 -0500 received badge  Notable Question (source)
2015-10-24 03:08:14 -0500 received badge  Notable Question (source)
2015-10-23 20:35:01 -0500 received badge  Popular Question (source)
2015-10-18 08:04:47 -0500 asked a question neutron vxlan and discovery

Hello Team

One tenant, 10 compute nodes with multiple VMs on each, all of those VMs using one network_type = vxlan.

a. If i do understand correctly between each pair of nodes we need to build vxlan tunnel ? (45 tunnels in total)

b. how does the node1 knows to which node sent the packet ? (via which vxlan tunnel) ? Is it trying to ask all other nodes for mac addresses of all VMs and then sending unicast in data plane to specific vtep ? Or maybe use multicast for that ?


2015-10-18 08:00:13 -0500 commented answer neutron: network segmentation tenants vs inside tenant

So if we have 500 tenants and each uses 20 separate network segments we can not use vlans (4k limitation) ? Is there any option to use double tagging ? For example vxlan to describe tenant and vlan inside to describe which network segment within that tenant is that ?

2015-10-18 07:57:56 -0500 received badge  Supporter (source)
2015-10-18 07:57:54 -0500 received badge  Scholar (source)
2015-10-18 07:07:08 -0500 received badge  Editor (source)
2015-10-18 07:06:12 -0500 asked a question neutron: network segmentation tenants vs inside tenant

Hello Team,

I have a question regarding:

a. How can i segment/isolate traffic between tenants. If i do understand correctly it's via gre, vlan or vxlans. So every tenant can use different network with different type of encapsulation, for example:

neutron net-create tenant1-net1 --provider:network_type vlan --provider:segmentation-id 100 --tenant-id Tenant1

Will create a network used by tenant1 with vlan segmentation. Which i understand will use 802.1q encapsulation for traffic leaving ovs (and going to physical switch). This way we will be able to differentiate tenants.

b. How can i segment traffic between different segments for the same tenant. Let's say tenant1 has application and database vms and i would like to put them in different network segment (vlan) ?

Thanks, Michal

2015-09-07 00:16:18 -0500 asked a question devstack - ERROR: openstack image

Hello Team,

I am trying to run devstack (taken from git yesterday), i guess i have solved most of the issues but still having error when running ./

++ openstack --os-token 9c374de69899415680e66ba9be6c5160 --os-url image create cirros-0.3.4-x86_64-uec-kernel --public --container-format aki --disk-format aki
ERROR: openstack image
+ kernel_id=
+ '[' -n /tmp/devstack/files/images/cirros-0.3.4-x86_64-uec/cirros-0.3.4-x86_64-initrd ']'
++ get_field 2
++ local data field
++ read data
++ grep ' id '
++ openstack --os-token 9c374de69899415680e66ba9be6c5160 --os-url image create cirros-0.3.4-x86_64-uec-ramdisk --public --container-format ari --disk-format ari
ERROR: openstack image
+ ramdisk_id=
+ openstack --os-token 9c374de69899415680e66ba9be6c5160 --os-url image create cirros-0.3.4-x86_64-uec --public --container-format ami --disk-format ami
ERROR: openstack image

When i try to run manually i got the same error ( ERROR: openstack image) I can access "" via web browser.

I am not sure if that is related but found the following messages also:

2015-09-05 19:58:56.383108 2352 INFO keystone.common.wsgi [-] POST
2015-09-05 19:58:56.796882 2353 INFO keystone.middleware.core [-] Cannot find client issuer in env by the issuer attribute - SSL_CLIENT_I_DN.
2015-09-05 19:58:56.797112 2353 DEBUG keystone.middleware.core [-] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. process_request /opt/stack/keystone/keystone/middleware/

What is the problem ? How to troubleshoot it ?

Thanks, Michal