2014-02-13 02:36:50 -0500 answered a question Floating IP , External network relationship

many guys are confused by dhcp role in neutron. In neutron, the dhcp server (dnsmasq) is a guided one, I.E. neutron will wirte the IP and mac pair into dnsmasq's configure file, and then dnsmasq can just allocate the IP according to the requester's mac. So the instance's IP is totally controlled by neutron, instead of dnsmasq.

I think floatingip must be along with the router's gateway port's IP at the same subnet. i.e. the system should not select subnet ramdonly for floatingip. I have to check wether it is a bug.

2014-02-13 02:27:47 -0500 answered a question Error 400 while trying to create ext-net (GRE)

can u enable debug: debug=True in neutron.conf and paste out the actual options values in log here?

2014-02-12 04:18:32 -0500 answered a question Floating IP , External network relationship

IMHO, network is the abstract of the whole network space in physical realitity. In general one tenant needs only one neutron network. With one network, tenant can create subnets just like traditional ways as normal.

regarding floatingip's subnets, it depends on ip allocation algorithm in neutron. currently, we will choose a IP randomly from all subnets in the external network.

for launching instance, you can specify the IP address, which equals to select subnet.

hope this helps.

2014-02-08 15:18:27 -0500 answered a question Neutron - DHCP Agent is unable to enable dhcp

I think you have to use namespace enabled kernel and iproute package from RDO, otherwise you have to disable namespace.

2014-01-13 07:24:22 -0500 answered a question How to enable gre/vxlan/vlan/flat network at one cloud at the same time ?

currently, there is no way to do network aware scheduling in nova scheduler or neutron scheduler. we are assuming all of compute nodes and network nodes are using same networks.

2014-01-13 07:14:00 -0500 answered a question Something wrong with the flow tables after openvswitch initialized??

it seems the flow rules on br-tun bridge are missing some. In table 21, we should have more besides: cookie=0x0, duration=43.648s, table=21, n_packets=0, n_bytes=0, idle_age=43, priority=0 actions=drop

what is your configuration when your start the OpenView agent? I mean enable the debug=True, and paste the configurations here.

2014-01-09 02:22:17 -0500 answered a question Problem with adding our plugin to execute

remove your test codes and try to write a very simple test case.

2014-01-09 02:15:54 -0500 answered a question Neutron Port Create
def _ovs_add_port(self, bridge, device_name, port_id, mac_address,
    cmd = ['ovs-vsctl', '--', '--may-exist',
           'add-port', bridge, device_name]
    if internal:
        cmd += ['--', 'set', 'Interface', device_name, 'type=internal']
    cmd += ['--', 'set', 'Interface', device_name,
            'external-ids:iface-id=%s' % port_id,
            '--', 'set', 'Interface', device_name,
            '--', 'set', 'Interface', device_name,
            'external-ids:attached-mac=%s' % mac_address]
    utils.execute(cmd, self.root_helper)
2014-01-03 09:51:57 -0500 answered a question How to forbit to plug instances to external network directly?

why u set it 'shared' at the first place?

2014-01-03 09:51:00 -0500 answered a question Why packets from instance cannot make into linux bridge when configure a different IP
  1. disable the security group [securitygroup]

    sample firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Firewall driver for realizing neutron security group function.

firewall_driver = neutron.agent.firewall.NoopFirewallDriver

or 2. update port's allowed_address_pairs attr: neutron port-update portid --allowed_address_pairs xxx

2014-01-03 09:43:28 -0500 answered a question How to configure DHCP agent when I'm using openvswitch and linux bridge in cloud at the same time

that depends on which l2 agent u are running on network node.

Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP,


interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

Name of Open vSwitch bridge to use

ovs_integration_bridge = br-int

Use veth for an OVS interface or not.

Support kernels with limited namespace support

(e.g. RHEL 6.5) so long as ovs_use_veth is set to True.

ovs_use_veth = False

Example of interface_driver option for LinuxBridge

interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

2013-12-16 02:14:37 -0500 answered a question 虚拟机单网卡安装openstack无法ping 虚拟机的浮动ip

have u enabled icmp in security group?

2013-12-07 08:29:26 -0500 answered a question slow ping into gre tunnel

what version of openvswitch are u using? u can get it from ovs-vsctl show

2013-11-16 01:23:44 -0500 answered a question Unable to ping from one network to other

I think it is the sg blocks the ping traffic. so you need to add related sg rules.

2013-11-12 03:08:09 -0500 answered a question Neutron Vpnaas

it seems file vpnaas.filters is not under /etc/neutron/rootwrap.d/

2013-11-12 02:33:17 -0500 answered a question lbaas Unable to retrieve ready devices

can u try to increase the rpc_response_timeout in neutron.conf and have a try then?

how many compute nodes in your system? how many neutron agents in all? This should not happen in light load system.

to reduce the rpc message, try to increase report_interval and agent_down_time.

2013-11-12 02:28:10 -0500 answered a question I have undergone Neutron training and now want to dig into the code to understand work-flow of the Neutron framework, Kindly suggest how to proceed , one thing i have in mind is to understand the code-flow of a command say "quantum net-create"

This is the slides I talked on hk summit: ( inside it, there is some slides about debugging neutron.

2013-11-02 09:04:31 -0500 answered a question failed to create network by dashboard

aren't u are using keystone as authentication module?

neutron.conf: [DEFAULT] auth_strategy = keystone

2013-10-17 05:49:08 -0500 answered a question why dhcp_lease_time default value is 120s?

The long time will have a side effect: If I update the port's IP via API, and the VM will not be updated until the long timeout.

2013-10-14 01:31:55 -0500 answered a question Grizzly+Quantum: Could not find Service or Region in Service Catalog

the service type of quantum should be network.

2013-10-14 01:16:44 -0500 answered a question why doesn't dnsmasq update metastore with hostname

host-10-0-0-2.bfsopenstack is from neutron, testmachine.novalocal is from nova metadata. now nova does not pass neutron the vm name.

I think we can file a bug for it.

2013-10-12 06:34:25 -0500 answered a question LibvirtOpenVswitchDriver vs LibvirtHybridOVSBridgeDriver

It is at!127&app=PowerPoint&authkey=!AK0Y3KWzD6o3WVI (

2013-08-22 04:19:08 -0500 answered a question quantum metadata agent and namespaces

Yes, the metadata agent can be used without namespace.

2013-08-20 02:26:52 -0500 answered a question quantum agents

metadata agent must be along with L3 or dhcp agent dhcp, l3 agents must have an openvswitch agent (l2 agent) with it.

2013-07-24 06:21:32 -0500 answered a question neutron agents registering as 'localhost'

two solutions: 1. make sure your hostname works 2. add host=<anydifferentvlaue> into your neutron.conf

2013-07-03 14:54:19 -0500 answered a question What is the use of the Dead VLAN tag 4095 on quantum openvswitch plugin?

I think it is just for the sake of 'safety'. we don't want the quantum components to make mistake. but I am not sure.

2013-07-03 14:51:08 -0500 answered a question Explain the difference between quantum quota-list and quota-show commands

it seems the quotas of demo are still default values. These two commands can help: quantum quota-update --tenant-id 6b7d64126a3c4b019cf35b8f8418b818 --port 70 quantum quota-list

2013-07-03 10:08:00 -0500 answered a question Explain the difference between quantum quota-list and quota-show commands

$ quantum quota-show -h usage: quantum quota-show [-h] [-f {shell,table}] [-c COLUMN] [--variable VARIABLE] [--prefix PREFIX] [--request-format {json,xml}] [--tenant-id tenant-id]

Show quotas of a given tenant

quota-show is used to show the 'quotas' of a given tenant, the quota-list is used to show the 'defined quotas' of tenants.

so quota-list will be empty if there are no tenants have defined quotas. i.e. quota-list does not list the quotas of tenants who does not have defined quotas.

quota-update is used to define quotas of a tenant if u want the tenant not to use default quotas.

2013-07-03 10:02:54 -0500 answered a question Selecting the right image

I don't think the RAW iso file is usable for normal VM creation. Besides, this question should be asked in nova.

2013-07-01 14:22:27 -0500 answered a question Need clarity on why quota-update is throwing 403 even for admin account

to enable quota per tenant, use quota_driver = quantum.db.quota_db.DbQuotaDriver in quantum.conf

2013-07-01 14:21:43 -0500 answered a question Need clarity on why quota-update is throwing 403 even for admin account

$ quantum ext-show quotas +-------------+------------------------------------------------------------+ | Field | Value | +-------------+------------------------------------------------------------+ | alias | quotas | | description | Expose functions for quotas management | | links | | | name | Quota management support | | namespace | ( | | updated | 2012-07-29T10:00:00-00:00 | +-------------+------------------------------------------------------------+

when the quotas is named as 'Expose functions for quotas management', it means u cannot update quota even with admin.

$ quantum ext-show quotas +-------------+------------------------------------------------------------+ | Field | Value | +-------------+------------------------------------------------------------+ | alias | quotas | | description | Expose functions for quotas management per tenant | | links | | | name | Quota management support | | namespace | ( | | updated | 2012-07-29T10:00:00-00:00 | +-------------+------------------------------------------------------------+ when the quotas is named as 'Expose functions for quotas management per tenant', it means u update quota with admin.

2013-06-30 00:40:36 -0500 answered a question How to write l3-Plugin?
  1. you can implement an agent like l3_agent to communicate with neutron server and your third party virtual router / appliance or,
  2. you can write a plugin simulating the OVSQuantumPluginV2 to control your third party virtual router / appliance
2013-06-28 23:29:07 -0500 answered a question How to write l3-Plugin?

We have already a virtual router in neutron. following are the commands of neutron client: router-create router-interface-add router-port-list router-delete router-interface-delete router-show router-gateway-clear router-list router-update router-gateway-set router-list-on-l3-agent

and please have a look at (

in which, we have: class OVSQuantumPluginV2(db_base_plugin_v2.QuantumDbPluginV2, extraroute_db.ExtraRoute_db_mixin, l3_gwmode_db.L3_NAT_db_mixin, sg_db_rpc.SecurityGroupServerRpcMixin, agentschedulers_db.AgentSchedulerDbMixin, portbindings_db.PortBindingMixin):

l3_gwmode_db.L3_NAT_db_mixin is our virtual router.

in addition please see our admin guide

2013-06-28 23:26:38 -0500 answered a question Fail scheduling network

can u have a test with rabbitmq? or update your codes with

2013-06-27 23:51:14 -0500 answered a question Fail scheduling network

can u enable the debug = True and paste out the log of quantum server?

2013-06-27 04:13:02 -0500 answered a question [TOX] can't pass tox on clean build

try to remove your current oslo module in system and then install: ( .

For example: cd /usr/local/lib/python2.7/dist-packages/ rm -rf oslo pip install (

and then remove your .tox and then do tox -e py27

2013-06-14 07:56:16 -0500 answered a question Http Forbidden while creating port on network shared by a different Tenant

we need to create a port in shared network owner tenant or admin context wth fixed_ips like this: quantum port-create net1 --fixed-ips subnet_id=40f2fe99-e0ed-4547-9a28-4d9207921ea1 list=true type=dict --tenant-id=8f0175ccbe7e45599ac37b2e870439b0

8f0175ccbe7e45599ac37b2e870439b0 is the port owner.

2013-06-14 02:36:00 -0500 answered a question Creating a VM to act as a router

so your router VM has a IP on INT-X which is the gateway of VM IM pinging from, right? and router VM has another IP on INT-Y which connects other VMs your are ping to. have u enabled the 'forward' by 'sysctl -w net.ipv4.ip_forward=1'?

2013-06-14 02:26:56 -0500 answered a question Externel networking problem

have u enabled the security group, if enabled, u can first disable it and have a try. if not, can u paste out the ovs-vsctrl show on both compute and controller nodes?

2013-06-14 02:16:22 -0500 answered a question Detailed description of admin_state_up and status attributes? (

simply put: admin_state_up can be managed by Admin via REST api, while the status reflects the actual status of the resources. Port's status is updated by agent in LB and OVS plugin.

2013-06-14 02:11:09 -0500 answered a question Http Forbidden while creating port on network shared by a different Tenant

I cannot reproduce this issue:

switch to tenant 51c051a17638408d8969ada0ae5b9b95 and make its net1 shared: $ quantum net-update net1 --shared Updated network: net1 gongysh@gongysh-ThinkPad-T530:~$ quantum net-show net1 +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 90fe3569-160c-48e0-b1fb-af451264a1e8 | | name | net1 | | provider:network_type | gre | | provider:physical_network | | | provider:segmentation_id | 1 | | router:external | False | | shared | True | | status | ACTIVE | | subnets | 40f2fe99-e0ed-4547-9a28-4d9207921ea1 | | tenant_id | 51c051a17638408d8969ada0ae5b9b95 | +---------------------------+--------------------------------------+

switch to tenant 8f0175ccbe7e45599ac37b2e870439b0 and create port on the shared net1:

$ quantum port-create net1 Created a new port: +-----------------+----------------------------------------------------------------------------------+ | Field | Value | +-----------------+----------------------------------------------------------------------------------+ | admin_state_up | True | | device_id | | | device_owner | | | fixed_ips | {"subnet_id": "40f2fe99-e0ed-4547-9a28-4d9207921ea1", "ip_address": ""} | | id | 151c3c4c-d17e-4a46-a1bc-9e6813f53d76 | | mac_address | fa:16:3e:9c:60:4c | | name | | | network_id | 90fe3569-160c-48e0-b1fb-af451264a1e8 | | security_groups | f6797b71-c0ec-4e6d-893d-1a91f27e5aef | | status | DOWN | | tenant_id | 8f0175ccbe7e45599ac37b2e870439b0 | +-----------------+----------------------------------------------------------------------------------+

2013-06-07 00:51:51 -0500 answered a question [Quantum] Control the public IP address assigned to a router by quantum router-gateway-set

It makes sense, I created a bug for it.

2013-06-06 07:26:09 -0500 answered a question Can multiple l3-agent instances run on one host?

one host can have only one l3 agent. the host is defined by host configuration configuration file, not physical one. what do u mean by send message to the agent directly? we need to schedule.