Ask Your Question

mariusleu's profile - activity

2018-11-12 12:45:45 -0500 received badge  Notable Question (source)
2018-11-12 08:15:29 -0500 asked a question Return (ack) packets are not seen in the network node

Hi, I have an Openstack Rocky installation.

The external bridge (br-ex) is only on the network node, while the compute nodes only have the tunnel bridge (br-tun). So SNAT and DNAT is done by the network node, which is in dvr_snat mode (east-west is handled by compute nodes using dvr).

While performing some download / iperf tests on a VM, I am doing also tcpdump on the qruouter namespace of the network node and of the compute node.

In the network node qrouter namespace I can only see "seq" or data packets like this:

16:06:33.822051 IP 94.130.38.154.http > 10.0.0.11.44970: Flags [.], seq 154487540:154506412, ack 1, win 235, options [nop,nop,TS val 1323375434 ecr 1831090179], length 18872: HTTP

While in the compute node in qrouter namespace I can only see the "ack" packets:

16:06:30.722865 IP 10.0.0.11.44970 > 94.130.38.154.http: Flags [.], ack 19614749, win 1382, options [nop,nop,TS val 1831087121 ecr 1323374661], length 0

Is this normal ? I am also facing lower download speed on the VM than the host (about half the speed).

2018-11-12 08:08:40 -0500 commented answer Instance has weaker internet speed than the host

One thing that is really strange to me, while performing the wget/iperf tests I am also doing tcpdump on the qr-* (qrouter) namespace. In the qrouter namespace of the network node I see the "seq" packets and on the qrouter of the compute I see the "ack" packets.

2018-11-12 08:03:54 -0500 commented answer Instance has weaker internet speed than the host

mtu is already at 1450 (lowered it to 1400 but no effect). iperf however does much better than wget, against the same server: VM - 120 Mbits/sec - 150 Mbits/sec; Host - 250+ Mbits/sec

2018-11-12 06:21:10 -0500 received badge  Popular Question (source)
2018-11-11 05:43:05 -0500 asked a question Instance has weaker internet speed than the host

I am running an Openstack Rocky with openvswitch agent and vxlan tenant networks. VMs are created in a vxlan network and have associated public floating IPs.

For example, the following download test results in dramatic download speed difference:

wget -O /dev/null http://www.ovh.net/files/100Mio.dat

VM - 5MB/s

Network node - 30MB/s

I've noticed if I run download tests from my city/country, the download speed in the VM increases (looks like as far the server is / as many hops are in between, the download speed in the VM decreases).

I've tried disabling the offloads using ethtool but no luck.

I can't find a reasonable explanation about this.

2016-04-25 11:53:09 -0500 received badge  Famous Question (source)
2016-03-15 17:05:30 -0500 answered a question DVR - pinging the floating ip and receiving response from the private
2016-03-15 10:06:02 -0500 received badge  Notable Question (source)
2016-03-15 05:59:34 -0500 commented answer DVR - pinging the floating ip and receiving response from the private

Yes, I have the same behavior when I use tcpdump. But the problem is that TCP requests don't work.

2016-03-14 17:05:24 -0500 commented question DVR - pinging the floating ip and receiving response from the private

its a single node deployment. l3 agent is in dvr_snat mode

2016-03-14 17:04:10 -0500 received badge  Popular Question (source)
2016-03-14 09:26:08 -0500 asked a question DVR - pinging the floating ip and receiving response from the private

Hello,

I have a liberty with dvr deployment.

I have two machines connected in the same VXLAN network.

VM1 is 10.0.0.2 and VM2 10.0.0.3.

VM1 has a floating ip assigned (let's say 2.2.2.2).

The problem is: if VM2 has no floating ip assigned (so traffic goes through SNAT namespace), I cannot access 2.2.2.2 (but any other requests i.e curl google.com works). If VM2 has floating IP assigned, I can access 2.2.2.2

Scenarios:

  • From VM2 without floating ip, if I ping 2.2.2.2, I receive response from 10.0.0.2 (VM1 IP).
  • From VM2 with floating ip, if I ping 2.2.2.2, I receive response from 2.2.2.2 (VM1 floating IP).
  • From VM2 without floating ip, if I curl 2.2.2.2, it freezes saying (connecting).
  • From VM2 without floating ip, if I curl 10.0.0.2, it works.
  • If I assign a floating IP to VM2, curl 2.2.2.2 works.
  • Also, in VM2, any other curl (i.e google.com) works, so I have internet access from VM2, but only when I try to do tcp traffic to other floating IP it doesn't work.

The MTU of my machines is 1450.

2016-02-16 09:53:36 -0500 received badge  Student (source)
2016-02-05 11:10:19 -0500 received badge  Notable Question (source)
2016-02-05 11:10:19 -0500 received badge  Famous Question (source)
2016-01-29 09:15:17 -0500 received badge  Famous Question (source)
2015-12-28 21:15:43 -0500 received badge  Famous Question (source)
2015-12-28 20:25:28 -0500 received badge  Popular Question (source)
2015-12-23 11:40:18 -0500 received badge  Notable Question (source)
2015-12-23 08:38:10 -0500 received badge  Teacher (source)
2015-12-23 05:36:36 -0500 answered a question Steps after changing swift source code

Run sudo swift-init restart main

For development I also recommend to use this https://github.com/swiftstack/vagrant-swift-all-in-one (https://github.com/swiftstack/vagrant...)

2015-12-22 11:29:16 -0500 received badge  Commentator
2015-12-22 11:29:16 -0500 commented question Is there any way to use DVR with external network provider (flat) ?

The local_ip are set ok ? Can you ping controller on local_ip from compute node ?

2015-12-22 07:38:43 -0500 commented question How to configure glance to store images created by "glance image-create" in a remote machine which have nfs server?

Did you try to write something to /images as a normal user ? Maybe glance doesn't have permissions to /images.

2015-12-22 06:59:14 -0500 commented question How to configure glance to store images created by "glance image-create" in a remote machine which have nfs server?

is the glance service running ? can't you see anything in the glance logs ?

2015-12-22 06:34:33 -0500 commented question Is there any way to use DVR with external network provider (flat) ?

what exactly did you modify in the config files after adding the eth2 ?

2015-12-21 16:42:16 -0500 received badge  Famous Question (source)
2015-12-21 16:33:04 -0500 received badge  Notable Question (source)
2015-12-21 16:31:28 -0500 received badge  Popular Question (source)
2015-12-21 16:25:23 -0500 commented answer VM without floating ip, connection problem in some cases

It's already 1454 on the guest OS. However, the Host OS (controller node running snat router) has MTU 1500 on the router gateway nic.

2015-12-21 16:18:47 -0500 commented question VM without floating ip, connection problem in some cases

The VM is able to open the socket on port 53 and send packets, but the returning packets are not coming, i think.

2015-12-21 16:14:44 -0500 commented question VM without floating ip, connection problem in some cases

I have 8.8.8.8 in VM /etc/resolv.conf and I can ping 8.8.8.8. I have google .com in the dns cache and I can ping google .com, but if I try to ping google .de for example, it doesn't work because my machine can't access 8.8.8.8 on port 53 do query the dns server.

2015-12-21 16:10:26 -0500 commented question VM without floating ip, connection problem in some cases

I can ping anything. The problem comes when I try to do TCP traffic through different ports such as 443 or 80.

2015-12-21 12:40:15 -0500 asked a question VM without floating ip, connection problem in some cases

Hello,

I am running a setup with Neutron DVR, having 1 controller node (with l3 agent in dvr_snat mode) and other compute nodes with l3 agent in dvr mode.

The external traffic (SNAT) made by VMs without a floating IP is routed through the controller node (dvr_snat router).
The external traffic (DNAT/SNAT) made by VMs with a floating IP is routed through the compute node (dvr router).

So let's say I create a VM with a private only IP.
- wget https://my.atlassian.com - doesn't work; the request stays on hold
- wget https://whoer.net - works, but I can see a delay
- apt-get update also doesn't work for all the repositories

After I associate a floating IP all the external requests works smoothly.

Before associating the floating IP, I went to the SNAT namespace in the controller node and tried these wget commands. All worked smoothly, so my IP is not banned. There might be a connection problem between the compute nodes and the controller node.

Can you help me with some instructions how to debug this?

Thanks.

2015-12-17 04:27:27 -0500 received badge  Popular Question (source)
2015-12-17 03:03:00 -0500 commented answer LBaaS / Octavia and Neutron DVR

Reagarding 4.: I am using neutron DVR, meaning that I don't have a network node. My Floating IPs and inter-vm traffic is distributed across the compute nodes, therefore I want to run the lbaas-agent on each compute node. Is neutron able to distribute the load balancers uniform across the nodes?

2015-12-16 10:25:39 -0500 asked a question LBaaS / Octavia and Neutron DVR

Hello,

I have a Liberty deployment using DVR scenario. So I have 1 controller (which includes l3 agent in dvr_snat mode) and multiple compute nodes (which includes l3 agent in dvr mode).

I want to add LBaaS service to this deployment, but I am a bit confused about how it will integrate. Would it work if I run the LBaaS agent on each compute node ? (compute nodes handles DNAT and floating ips) What about Octavia ? Is it stable enough ? Can you recommend some installation instructions for octavia ?

Thank you.

2015-12-14 02:50:30 -0500 received badge  Editor (source)
2015-12-14 02:49:21 -0500 asked a question Neutron DVR - Different external network for Compute and Network nodes

I have the following setup:

  • controller: l3-agent (dvr_snat mode), ovs-plugin, dhcp-agent, metadata-agent
  • compute1: l3-agent (dvr mode), ovs-plugin, metadata-agent

Each node has eth0 (public nics), and eth1 (private nics in the same VLAN).

From my hosting provider I am able to route a subnet to a node (but not a subnet to multiple nodes). So for instance I've assigned a subnet like 1.1.1.0/29 to the compute1 node.

When I create a virtual machine, there are namespaces "snat-xxxx" "qdhcp-xxxx" in the controller node having interfaces with IPs assigned from the 1.1.1.0/29 subnet. I suppose those namespaces are intended to do SNAT. Being that 1.1.1.0/29 is assigned to compute1, the SNAT won't work.

Is it possible to assign another subnet to the controller node only for SNAT ? So I can use my 1.1.1.0/29 for floating IPs.