Ask Your Question

rvarghese's profile - activity

2017-03-25 23:34:04 -0500 received badge  Famous Question (source)
2015-08-18 03:50:14 -0500 received badge  Famous Question (source)
2015-07-20 08:20:14 -0500 answered a question New Kilo install - Unable to launch instance, no useful errors found

I am also facing same issue. May I know if this resolved?

2015-07-07 02:37:52 -0500 received badge  Notable Question (source)
2015-07-06 11:57:31 -0500 received badge  Popular Question (source)
2015-07-06 11:57:29 -0500 answered a question Not able to reach instance through floating IP - Kilo

Issue resolved by setting the br-ex for the external_network_bridge and repopulating the database.

[root@network ~]# grep -v ^# /etc/neutron/l3_agent.ini | grep -v ^$
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge = br-ex
router_delete_namespaces = True
verbose = True
2015-07-06 11:54:06 -0500 answered a question Cause for strange network config?

I had faced same issue but resolved by setting the external_network_bridge to br-ex. As per the documentation "The external_network_bridge option intentionally lacks a value to enable multiple external networks on a single agent."

After changing this I dropped the database and recreated it.

My configuration.

[root@network ~]# grep -v ^# /etc/neutron/l3_agent.ini | grep -v ^$
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge = br-ex
router_delete_namespaces = True
verbose = True
2015-07-01 12:59:04 -0500 asked a question Not able to reach instance through floating IP - Kilo

Hello,

I created a 3 node setup with neutron node in Kilo, but facing an issue with the instance floating IP reachability Instance can ping the qrouter interface and instance is reachable through namespace. Security groups are configured to allow all traffic.

One thing I noticed is the qg-c3e2cbcf-5a interface is created in br-int. Compared with a juno setup and I could see that interface was showing in br-ex.

Tried a port mirroring and see if the traffic is reaching br-int, but it is not.

Please see the OVS configuration

[root@network ~]# ovs-vsctl show
f9d088fd-ef7a-4dff-820d-35e6796a96ae
    Bridge br-int
        fail_mode: secure
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qr-7055d1c9-0e"
            tag: 2
            Interface "qr-7055d1c9-0e"
                type: internal
        Port "tape9bbd694-98"
            tag: 2
            Interface "tape9bbd694-98"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "snooper0"
            Interface "snooper0"
        Port "qg-c3e2cbcf-5a"
            tag: 1
            Interface "qg-c3e2cbcf-5a"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port "gre-0a0a6466"
            Interface "gre-0a0a6466"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="10.10.100.101", out_key=flow, remote_ip="10.10.100.102"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    ovs_version: "2.3.1"

Name space details

[root@network ~]# ip netns list
qdhcp-6641ac5a-8983-43ca-bd59-9d3849c1821c
qrouter-ce3605dd-5381-41c3-a595-4cfe0e8d1f14
[root@network ~]# ip netns exec qrouter-ce3605dd-5381-41c3-a595-4cfe0e8d1f14 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
9: qr-7055d1c9-0e: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:cb:e8:cb brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.1/24 brd 172.16.0.255 scope global qr-7055d1c9-0e
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fecb:e8cb/64 scope link 
       valid_lft forever preferred_lft forever
10: qg-c3e2cbcf-5a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:02:f5:4a brd ff:ff:ff:ff:ff:ff
    inet 100.100.100.3/24 brd 100.100.100.255 scope global qg-c3e2cbcf-5a
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe02:f54a/64 scope link 
       valid_lft forever preferred_lft forever
root@network ~]# ip netns exec qrouter-ce3605dd-5381-41c3-a595-4cfe0e8d1f14 iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-c3e2cbcf-5a ! -o qg-c3e2cbcf-5a -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -o qg-c3e2cbcf-5a -j SNAT --to-source 100.100.100.3
-A neutron-l3-agent-snat -m mark ! --mark 0x2 -m ...
(more)
2015-05-16 14:27:40 -0500 received badge  Notable Question (source)
2015-05-09 15:49:42 -0500 received badge  Famous Question (source)
2015-05-01 22:22:38 -0500 commented answer VNC port not open in firewall

I was trying the fully manual installation and was missing the firewall part.

2015-04-30 11:39:04 -0500 received badge  Popular Question (source)
2015-04-29 22:23:14 -0500 answered a question VNC port not open in firewall

The issue was caused by the firewalld on Centos7. I disabled it and then VNC console start working.

2015-04-29 22:20:55 -0500 asked a question How Tenant traffic separation happens in GRE

Hello Stackers,

I would like to have an in depth view on how the tenant isolation is achieved in Openstack with a GRE/VXLAN overlay. Any good document/links are welcome

  1. How each tenants traffic is differentiated in the tunnel?
  2. Is there any limitation in 4096 vlans?

Thanks Ravargs

2015-04-20 09:23:36 -0500 commented question Instance private ip not pingable

One more thing I notices is rarely I get a echo reply back on the tap interface listening on tap46205ef2-c5, link-type EN10MB (Ethernet), capture size 65535 bytes 07:32:19.271629 ARP, Request who-has 192.168.1.9 tell 192.168.1.1, length 28 07:32:19.273245 ARP, Reply 192.168.1.9 is-at fa:16:3e:44:01

2015-04-20 08:52:08 -0500 commented question Instance private ip not pingable

-A neutron-openvswi-o46205ef2-c -p icmp -m set --match-set IPv44fd0adff-08a2-4b77-a dst -j RETURN -A neutron-openvswi-oef72706a-f -p icmp -m set --match-set IPv44fd0adff-08a2-4b77-a dst -j RETURN

2015-04-20 08:50:02 -0500 commented question Instance private ip not pingable

root@compute:~# tcpdump -i qvoef72706a-fc tcpdump: WARNING: qvoef72706a-fc: no IPv4 address assigned listening on qvoef72706a-fc, link-type EN10MB (Ethernet), capture size 65535 bytes 06:55:43.441318 IP 192.168.1.1 > 192.168.1.10: ICMP echo request, id 4006, seq 60, length 64

2015-04-20 08:50:02 -0500 received badge  Commentator
2015-04-20 08:47:42 -0500 commented question Instance private ip not pingable

I can see the icmp echo request coming till the qbr and qvo interfaces but no reply. Also verified the firewall rules.

root@compute:~# tcpdump -i qbref72706a-fc
tcpdump: WARNING: qbref72706a-fc: no IPv4 address assigned
06:55:35.351904 ARP, Request who-has 192.168.1.10 tell 192.168.1.1, length 28
2015-04-20 01:20:10 -0500 commented question Instance private ip not pingable

Here is the routes

root@network:~# ip netns list qdhcp-e26fda3a-1072-482a-afd6-275d59cabdc8 qrouter-099a7bd9-a73d-4561-b7a5-14c2b557dc15

root@network:~# ip netns exec qrouter-099a7bd9-a73d-4561-b7a5-14c2b557dc15 ip ro
default via 100.100.100.1 dev qg-a9288394-e8 
100.100.100.0/24 dev qg-a9288394-e8
2015-04-17 11:11:53 -0500 received badge  Notable Question (source)
2015-04-17 10:04:17 -0500 received badge  Editor (source)
2015-04-17 09:59:43 -0500 answered a question Instance private ip not pingable

Please see the configurations

root@compute:~# cat /etc/neutron/neutron.conf
[DEFAULT]
lock_path = $state_path/lock
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = xxx
auth_strategy = keystone
verbose = True
[matchmaker_redis]
[matchmaker_ring]
[quotas]
[agent]
root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = neutron
admin_password = xxx
[database]
#connection = sqlite:////var/lib/neutron/neutron.sqlite
[service_providers]
service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default
service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default
root@compute:~#
root@compute:~# ifconfig
br-int    Link encap:Ethernet  HWaddr ae:38:87:0e:a9:42
          inet6 addr: fe80::4804:69ff:fe66:5116/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:90 (90.0 B)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr e6:ed:33:a9:a3:40
          inet6 addr: fe80::941b:66ff:fe60:c5f4/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 00:50:56:bb:5f:c9
          inet addr:192.168.33.202  Bcast:192.168.33.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:febb:5fc9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:176 errors:0 dropped:5 overruns:0 frame:0
          TX packets:249 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:16156 (16.1 KB)  TX bytes:26530 (26.5 KB)

eth1      Link encap:Ethernet  HWaddr 00:50:56:bb:84:60
          inet addr:192.168.35.202  Bcast:192.168.35.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:febb:8460/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:733 errors:0 dropped:5 overruns:0 frame:0
          TX packets:948 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:142005 (142.0 KB)  TX bytes:164420 (164.4 KB)

eth2      Link encap:Ethernet  HWaddr 00:50:56:bb:04:3b
          inet addr:192.168.36.202  Bcast:192.168.36.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:febb:43b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1124 (1.1 KB)  TX bytes:1680 (1.6 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP ...
(more)
2015-04-17 05:53:54 -0500 answered a question Instance private ip not pingable

root@compute:~# cat /etc/neutron/neutron.conf [DEFAULT] lock_path = $state_path/lock core_plugin = ml2 service_plugins = router allow_overlapping_ips = True rpc_backend = rabbit rabbit_host = controller rabbit_password = ntslab auth_strategy = keystone verbose = True [matchmaker_redis] [matchmaker_ring] [quotas] [agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = neutron admin_password = ntslab [database]

connection = sqlite:////var/lib/neutron/neutron.sqlite

[service_providers] service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default root@compute:~# root@compute:~# ifconfig br-int Link encap:Ethernet HWaddr ae:38:87:0e:a9:42 inet6 addr: fe80::4804:69ff:fe66:5116/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:1 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:90 (90.0 B) TX bytes:648 (648.0 B)

br-tun Link encap:Ethernet HWaddr e6:ed:33:a9:a3:40 inet6 addr: fe80::941b:66ff:fe60:c5f4/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:648 (648.0 B)

eth0 Link encap:Ethernet HWaddr 00:50:56:bb:5f:c9 inet addr:192.168.33.202 Bcast:192.168.33.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:febb:5fc9/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:176 errors:0 dropped:5 overruns:0 frame:0 TX packets:249 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:16156 (16.1 KB) TX bytes:26530 (26.5 KB)

eth1 Link encap:Ethernet HWaddr 00:50:56:bb:84:60 inet addr:192.168.35.202 Bcast:192.168.35.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:febb:8460/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:733 errors:0 dropped:5 overruns:0 frame:0 TX packets:948 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:142005 (142.0 KB) TX bytes:164420 (164.4 KB)

eth2 Link encap:Ethernet HWaddr 00:50:56:bb:04:3b inet addr:192.168.36.202 Bcast:192.168.36.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:febb:43b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:11 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1124 (1.1 KB) TX bytes:1680 (1.6 KB)

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 ... (more)

2015-04-17 03:45:10 -0500 answered a question Instance private ip not pingable

Blockquote

Please see the configs [DEFAULT] lock_path = $state_path/lock core_plugin = ml2 rpc_backend = rabbit rabbit_host = controller rabbit_password = ntslab auth_strategy = keystone core_plugin = ml2 service_plugins = router allow_overlapping_ips = True verbose = True [matchmaker_redis] [matchmaker_ring]

root@network:~# ifconfig br-ex Link encap:Ethernet HWaddr 00:50:56:bb:d1:71 inet6 addr: fe80::e8a1:c9ff:fe05:aec7/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:534 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:49135 (49.1 KB) TX bytes:648 (648.0 B)

br-int Link encap:Ethernet HWaddr 46:00:56:04:d8:4c inet6 addr: fe80::3457:ccff:fe2e:2f32/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:22 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1780 (1.7 KB) TX bytes:648 (648.0 B)

br-tun Link encap:Ethernet HWaddr c2:59:bc:9f:eb:45 inet6 addr: fe80::dc3d:1fff:fe51:8e6c/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:648 (648.0 B)

eth0 Link encap:Ethernet HWaddr 00:50:56:bb:c9:cf inet addr:192.168.33.201 Bcast:192.168.33.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:febb:c9cf/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:167 errors:0 dropped:8 overruns:0 frame:0 TX packets:266 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:14937 (14.9 KB) TX bytes:28634 (28.6 KB)

eth1 Link encap:Ethernet HWaddr 00:50:56:bb:c5:35 inet addr:192.168.35.201 Bcast:192.168.35.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:febb:c535/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:559 errors:0 dropped:7 overruns:0 frame:0 TX packets:627 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:67584 (67.5 KB) TX bytes:100374 (100.3 KB)

eth2 Link encap:Ethernet HWaddr 00:50:56:bb:31:1c inet addr:192.168.36.201 Bcast:192.168.36.255 Mask:255.255.255.0 inet6 addr: fe80::250:56ff:febb:311c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10 errors:0 dropped:0 overruns:0 frame:0 TX packets:23 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1032 (1.0 KB) TX bytes:2012 (2.0 KB)

eth3 Link encap:Ethernet HWaddr 00:50:56:bb:d1:71 inet6 addr: fe80::250:56ff:febb:d171/64 Scope:Link ... (more)

2015-04-16 22:20:38 -0500 received badge  Popular Question (source)
2015-04-16 09:24:46 -0500 asked a question Instance private ip not pingable

Hi,

I have successfully installed the Juno release on Ubuntu. Everything works fine except the instances are neither pining or cant reach through SSH(I am using the name space to ping it). But instance can ping each other and even ping the gateway IP set on the br-ex on neutorn node. I checked the security rules, tried changing the MTU sizes but none of them helped. I can see the packets reaching the compute node but not coming back.

Any thoughts?

Thanks Ravargs

2015-03-10 12:28:42 -0500 received badge  Famous Question (source)
2015-02-18 11:16:39 -0500 received badge  Notable Question (source)
2015-02-11 07:14:34 -0500 received badge  Famous Question (source)
2015-02-05 02:59:31 -0500 received badge  Taxonomist
2015-01-30 04:55:52 -0500 received badge  Popular Question (source)
2015-01-28 07:40:43 -0500 commented question VNC port not open in firewall

No, selinux is enabled and iptables in on. I believe these are required since compute dynamically create rules.

2015-01-27 23:50:03 -0500 asked a question VNC port not open in firewall

Hello,

I trying to setup a 3 node juno on CentOS and most part it is successful. Issue what I am facing is the VNC console access through the Horizon dashboard. I figured the issue is with the iptables on compute node refusing the connection. The workaround I used is to put a firewall rule on compute node to allow the ports 5900-5999.

iptables -A IN_public_allow -p tcp --match multiport --dports 5900:5999 -j ACCEPT

But my question is this should be added to the rules dynamically by nova, right? Am I missing something?

Thanks RV

2015-01-27 07:42:43 -0500 commented answer VNC Console in Dashboard fails to connect ot server (code: 1006)

Hi,

I am facing same issue on Juno 3 node configuration. Ports are listening but it is not open in the firewall. Shouldn't these ports allowed by default by nova?

2014-10-31 10:03:13 -0500 marked best answer Add a physical interface to instance

Hello,

I am using Icehouse with neutron. Is it possible to add a physical interface to the instance from the compute. I am trying to achieve the SRIOV feature in VMware. This interface will have a VLAN tag also.

Thanks Rvarghese

2014-10-20 09:02:52 -0500 received badge  Notable Question (source)
2014-10-15 02:07:52 -0500 commented answer neutron - not able to trunk vlan tags in to Virtual Machines

Hi Thota,

I am trying to achive the same on my 3 node (Controler, neutron and compute) icehouse setup without much success. Can you please share your neutorn configurations so that I can have a look at it.

Thanks RV