Openstack instances cannot access to Internet [linuxbridge]

Jaime jsaezdeb at ucm.es
Thu Feb 11 11:44:42 UTC 2021


I am having serious issues in the deployment of the Openstack scenario 
related to the Linux Bridge.
This is the scenario:

- Controller machine:
     - Management Interface `enp2s0`: 138.100.10.25.
- Compute machine:
     - Management Interface `enp2s0`: 138.100.10.26.
     - Provider Interface `enp0s20f0u4`: 138.100.10.27.

Openstack Train scenario has been successfully deployed in Centos 8, 
choosing networking option 2 (self-service network).

To verify the functionality, an image has been uploaded, created an 
Openstack flavor and security group, and launched a couple of cirrOS 
instances for connection testing.
We have created a provider network following [this 
tutorial](https://docs.openstack.org/newton/install-guide-rdo/launch-instance-networks-provider.html) 
and a selfservice network following [this 
one](https://docs.openstack.org/newton/install-guide-rdo/launch-instance-networks-selfservice.html).

The network scenario is the next one:



As can be seen in the network topology, an external network 
138.100.10.0/21 (provider) and an internal network 192.168.1.1 
(selfservice) have been created, connected through a router by the 
interfaces 138.100.10.198 and 192.168.1.1, both active.

Our problem is that our Linux bridge is not working as expected: the 
Openstack cirrOS instances has no internet access.

This is the controller `ip a` and `brctl show` command output:



This is the compute `ip a` and `brctl show` command output:


(The output of `ovs-vsctl show` command is empty in both machines).

**Are the Linux Bridges correctly created?**

These are the Linux bridge configuration files:

* Controller `/etc/neutron/plugins/ml2/linuxbridge_agent.ini`:
```
[linux_bridge]
physical_interface_mappings = provider:enp2s0     # enp2s0 is the 
interface associated to 138.100.10.25

[vxlan]
enable_vxlan = true
local_ip = 138.100.10.25    # controller has only 1 IP
l2_population = true
```

* Compute `/etc/neutron/plugins/ml2/linuxbridge_agent.ini`:
```
[linux_bridge]
physical_interface_mappings = provider:enp0s20f0u4        # interface 
associated to 138.100.10.26

[vxlan]

enable_vxlan = true
local_ip = 138.100.10.27
l2_population = true
```

An **observation** to keep in mind is that compute management interface 
(`138.100.10.26`) is inaccessible from anywhere, which I think is not 
correct since this prevents us, for example, from accessing the instance 
console through the URL.

I have made some conection tests and these are the results:

* Cirros_a `ip a` command output:


* Cirros_b `ip a` command output:


- There is **connection** between Cirros A and Cirros B (in both 
directions).
- There is **connection** between Cirros A/B and self-service gateway 
(192.168.1.1) (in both directions).
- There is **connection** between Cirros A/B and provider gateway 
(138.100.10.198) (in both directions).
- There is **connection** between Cirros A/B and controller management 
interface (138.100.10.25) (in both directions).
- There is **no connection** between Cirros A/B and compute management 
interface (138.100.10.26). This interface is not accessible.
- There is **connection** between Cirros A/B and compute provider 
interface (138.100.10.27) (in both directions).


I do not know if there is a problem on linux bridge configuration files, 
or maybe I need another network interface on controller machine.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210211/67b89be3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ihlnoanbhaaanjgh.png
Type: image/png
Size: 36370 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210211/67b89be3/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: idfojfmflpcapgel.png
Type: image/png
Size: 235213 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210211/67b89be3/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jipbmmkaojbcclif.png
Type: image/png
Size: 284301 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210211/67b89be3/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dcfkombmkoalcchb.png
Type: image/png
Size: 34702 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210211/67b89be3/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nlkobopjmngpchfb.png
Type: image/png
Size: 58970 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210211/67b89be3/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kopoaaemiodmcpab.png
Type: image/png
Size: 57162 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210211/67b89be3/attachment-0011.png>


More information about the openstack-discuss mailing list