<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>I am having serious issues in the deployment of the Openstack
scenario related to the Linux Bridge.<br>
This is the scenario:<br>
<br>
- Controller machine:<br>
- Management Interface `enp2s0`: 138.100.10.25.<br>
- Compute machine:<br>
- Management Interface `enp2s0`: 138.100.10.26.<br>
- Provider Interface `enp0s20f0u4`: 138.100.10.27.<br>
<br>
Openstack Train scenario has been successfully deployed in Centos
8, choosing networking option 2 (self-service network).<br>
<br>
To verify the functionality, an image has been uploaded, created
an Openstack flavor and security group, and launched a couple of
cirrOS instances for connection testing.<br>
We have created a provider network following [this
tutorial](<a class="moz-txt-link-freetext" href="https://docs.openstack.org/newton/install-guide-rdo/launch-instance-networks-provider.html">https://docs.openstack.org/newton/install-guide-rdo/launch-instance-networks-provider.html</a>)
and a selfservice network following [this
one](<a class="moz-txt-link-freetext" href="https://docs.openstack.org/newton/install-guide-rdo/launch-instance-networks-selfservice.html">https://docs.openstack.org/newton/install-guide-rdo/launch-instance-networks-selfservice.html</a>).<br>
<br>
The network scenario is the next one: <br>
<br>
<img src="cid:part1.7E85FD10.BF3600CA@ucm.es" alt=""><br>
<br>
As can be seen in the network topology, an external network
138.100.10.0/21 (provider) and an internal network 192.168.1.1
(selfservice) have been created, connected through a router by the
interfaces 138.100.10.198 and 192.168.1.1, both active.<br>
<br>
Our problem is that our Linux bridge is not working as expected:
the Openstack cirrOS instances has no internet access.<br>
<br>
This is the controller `ip a` and `brctl show` command output:<br>
<br>
```<br>
[upm@modena ~]$ ip a<br>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UNKNOWN group default qlen 1000<br>
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br>
inet 127.0.0.1/8 scope host lo<br>
valid_lft forever preferred_lft forever<br>
inet6 ::1/128 scope host <br>
valid_lft forever preferred_lft forever<br>
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
fq_codel master brq84f65ccb-c9 state UP group default qlen 1000<br>
link/ether 24:4b:fe:7c:78:b8 brd ff:ff:ff:ff:ff:ff<br>
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500
qdisc noqueue state DOWN group default qlen 1000<br>
link/ether 52:54:00:15:5b:02 brd ff:ff:ff:ff:ff:ff<br>
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0<br>
valid_lft forever preferred_lft forever<br>
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel
master virbr0 state DOWN group default qlen 1000<br>
link/ether 52:54:00:15:5b:02 brd ff:ff:ff:ff:ff:ff<br>
17: tapa467f377-b1@if2: <BROADCAST,MULTICAST,UP,LOWER_UP>
mtu 1500 qdisc noqueue master brq84f65ccb-c9 state UP group
default qlen 1000<br>
link/ether d6:90:e8:fe:90:23 brd ff:ff:ff:ff:ff:ff link-netns
qdhcp-84f65ccb-c945-437b-9013-9c71422bb10e<br>
18: brq84f65ccb-c9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1500 qdisc noqueue state UP group default qlen 1000<br>
link/ether 24:4b:fe:7c:78:b8 brd ff:ff:ff:ff:ff:ff<br>
inet 138.100.10.25/21 brd 138.100.15.255 scope global
brq84f65ccb-c9<br>
valid_lft forever preferred_lft forever<br>
inet6 fe80::6c31:4cff:fe2d:7820/64 scope link <br>
valid_lft forever preferred_lft forever<br>
19: tap7a390547-5b@if2: <BROADCAST,MULTICAST,UP,LOWER_UP>
mtu 1450 qdisc noqueue master brqd811bcfa-94 state UP group
default qlen 1000<br>
link/ether 26:6d:a4:fc:73:51 brd ff:ff:ff:ff:ff:ff link-netns
qdhcp-d811bcfa-945a-4633-9266-60ccafa28d86<br>
20: vxlan-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450
qdisc noqueue master brqd811bcfa-94 state UNKNOWN group default
qlen 1000<br>
link/ether fa:cb:4e:e2:83:46 brd ff:ff:ff:ff:ff:ff<br>
21: brqd811bcfa-94: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1450 qdisc noqueue state UP group default qlen 1000<br>
link/ether 12:a8:05:bf:98:98 brd ff:ff:ff:ff:ff:ff<br>
inet6 fe80::88c2:ecff:fe72:761f/64 scope link <br>
valid_lft forever preferred_lft forever<br>
22: tap3eb4fbcf-41@if2: <BROADCAST,MULTICAST,UP,LOWER_UP>
mtu 1450 qdisc noqueue master brqd811bcfa-94 state UP group
default qlen 1000<br>
link/ether 12:a8:05:bf:98:98 brd ff:ff:ff:ff:ff:ff link-netns
qrouter-278c944f-7e75-4a93-affe-b9ff93f4c6a5<br>
23: tapfd2dca1f-f7@if3: <BROADCAST,MULTICAST,UP,LOWER_UP>
mtu 1500 qdisc noqueue master brq84f65ccb-c9 state UP group
default qlen 1000<br>
link/ether 86:cc:64:22:4d:db brd ff:ff:ff:ff:ff:ff link-netns
qrouter-278c944f-7e75-4a93-affe-b9ff93f4c6a5<br>
[upm@modena ~]$ brctl show<br>
bridge name bridge id STP enabled interfaces<br>
brq84f65ccb-c9 8000.244bfe7c78b8 no enp2s0<br>
tapa467f377-b1<br>
tapfd2dca1f-f7<br>
brqd811bcfa-94 8000.12a805bf9898 no
tap3eb4fbcf-41<br>
tap7a390547-5b<br>
vxlan-1<br>
virbr0 8000.525400155b02 yes virbr0-nic<br>
```<br>
<br>
This is the compute `ip a` and `brctl show` command output:<br>
<br>
```shell<br>
[upm@testarossa ~]$ ip a<br>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UNKNOWN group default qlen 1000<br>
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br>
inet 127.0.0.1/8 scope host lo<br>
valid_lft forever preferred_lft forever<br>
inet6 ::1/128 scope host <br>
valid_lft forever preferred_lft forever<br>
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
fq_codel state UP group default qlen 1000<br>
link/ether 24:4b:fe:7c:79:a0 brd ff:ff:ff:ff:ff:ff<br>
inet 138.100.10.26/21 brd 138.100.15.255 scope global
noprefixroute enp2s0<br>
valid_lft forever preferred_lft forever<br>
inet6 fe80::c461:f832:d690:c0a7/64 scope link noprefixroute <br>
valid_lft forever preferred_lft forever<br>
3: enp0s20f0u4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500
qdisc fq_codel master brq84f65ccb-c9 state UP group default qlen
1000<br>
link/ether 00:e0:4c:53:44:58 brd ff:ff:ff:ff:ff:ff<br>
inet6 fe80::ecff:62cc:d9e1:2e53/64 scope link noprefixroute <br>
valid_lft forever preferred_lft forever<br>
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500
qdisc noqueue state DOWN group default qlen 1000<br>
link/ether 52:54:00:66:84:5a brd ff:ff:ff:ff:ff:ff<br>
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0<br>
valid_lft forever preferred_lft forever<br>
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel
master virbr0 state DOWN group default qlen 1000<br>
link/ether 52:54:00:66:84:5a brd ff:ff:ff:ff:ff:ff<br>
6: brqd811bcfa-94: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1450 qdisc noqueue state UP group default qlen 1000<br>
link/ether 8e:94:21:5b:dc:f4 brd ff:ff:ff:ff:ff:ff<br>
inet 138.100.10.27/21 brd 138.100.15.255 scope global
noprefixroute brqd811bcfa-94<br>
valid_lft forever preferred_lft forever<br>
7: brq84f65ccb-c9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1500 qdisc noqueue state UP group default qlen 1000<br>
link/ether 00:e0:4c:53:44:58 brd ff:ff:ff:ff:ff:ff<br>
inet 138.100.10.27/21 brd 138.100.15.255 scope global
brq84f65ccb-c9<br>
valid_lft forever preferred_lft forever<br>
9: tap9d1c0de6-96: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1450 qdisc fq_codel master brqd811bcfa-94 state UNKNOWN group
default qlen 1000<br>
link/ether fe:16:3e:7d:14:63 brd ff:ff:ff:ff:ff:ff<br>
inet6 fe80::fc16:3eff:fe7d:1463/64 scope link <br>
valid_lft forever preferred_lft forever<br>
10: tapaf15e2f0-24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1500 qdisc fq_codel master brq84f65ccb-c9 state UNKNOWN group
default qlen 1000<br>
link/ether fe:16:3e:91:6d:ef brd ff:ff:ff:ff:ff:ff<br>
inet6 fe80::fc16:3eff:fe91:6def/64 scope link <br>
valid_lft forever preferred_lft forever<br>
11: vxlan-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450
qdisc noqueue master brqd811bcfa-94 state UNKNOWN group default
qlen 1000<br>
link/ether 8e:94:21:5b:dc:f4 brd ff:ff:ff:ff:ff:ff<br>
13: tapef3e95d6-7c: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1450 qdisc fq_codel master brqd811bcfa-94 state UNKNOWN group
default qlen 1000<br>
link/ether fe:16:3e:91:d1:1d brd ff:ff:ff:ff:ff:ff<br>
inet6 fe80::fc16:3eff:fe91:d11d/64 scope link <br>
valid_lft forever preferred_lft forever<br>
14: tap1a5d77c0-d4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1500 qdisc fq_codel master brq84f65ccb-c9 state UNKNOWN group
default qlen 1000<br>
link/ether fe:16:3e:4f:da:0f brd ff:ff:ff:ff:ff:ff<br>
inet6 fe80::fc16:3eff:fe4f:da0f/64 scope link <br>
valid_lft forever preferred_lft forever<br>
15: tap792bf660-2f: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1450 qdisc fq_codel master brqd811bcfa-94 state UNKNOWN group
default qlen 1000<br>
link/ether fe:16:3e:f1:df:5f brd ff:ff:ff:ff:ff:ff<br>
inet6 fe80::fc16:3eff:fef1:df5f/64 scope link <br>
valid_lft forever preferred_lft forever<br>
16: tapf42b8b2f-be: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu
1500 qdisc fq_codel master brq84f65ccb-c9 state UNKNOWN group
default qlen 1000<br>
link/ether fe:16:3e:9e:46:bb brd ff:ff:ff:ff:ff:ff<br>
inet6 fe80::fc16:3eff:fe9e:46bb/64 scope link <br>
valid_lft forever preferred_lft forever<br>
[upm@testarossa ~]$ brctl show<br>
bridge name bridge id STP enabled interfaces<br>
brq84f65ccb-c9 8000.00e04c534458 no enp0s20f0u4<br>
tap1a5d77c0-d4<br>
tapaf15e2f0-24<br>
tapf42b8b2f-be<br>
brqd811bcfa-94 8000.8e94215bdcf4 no
tap792bf660-2f<br>
tap9d1c0de6-96<br>
tapef3e95d6-7c<br>
vxlan-1<br>
virbr0 8000.52540066845a yes virbr0-nic<br>
```<br>
<br>
(The output of `ovs-vsctl show` command is empty in both
machines).<br>
<br>
**Are the Linux Bridges correctly created?**<br>
<br>
These are the Linux bridge configuration files:<br>
<br>
* Controller `/etc/neutron/plugins/ml2/linuxbridge_agent.ini`:<br>
```<br>
[linux_bridge]<br>
physical_interface_mappings = provider:enp2s0 # enp2s0 is the
interface associated to 138.100.10.25<br>
<br>
[vxlan]<br>
enable_vxlan = true<br>
local_ip = 138.100.10.25 # controller has only 1 IP<br>
l2_population = true<br>
```<br>
<br>
* Compute `/etc/neutron/plugins/ml2/linuxbridge_agent.ini`:<br>
```<br>
[linux_bridge]<br>
physical_interface_mappings = provider:enp0s20f0u4 #
interface associated to 138.100.10.26<br>
<br>
[vxlan]<br>
<br>
enable_vxlan = true<br>
local_ip = 138.100.10.27<br>
l2_population = true<br>
```<br>
<br>
An **observation** to keep in mind is that compute management
interface (`138.100.10.26`) is inaccessible from anywhere, which I
think is not correct since this prevents us, for example, from
accessing the instance console through the URL.<br>
<br>
I have made some conection tests and these are the results:<br>
<br>
* Cirros_a `ip a` command output:<br>
```<br>
$ ip a<br>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1<br>
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br>
inet 127.0.0.1/8 scope host lo<br>
valid_lft forever preferred_lft forever<br>
inet6 ::1/128 scope host <br>
valid_lft forever preferred_lft forever<br>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc
pfifo_fast qlen 1000<br>
link/ether fa:16:3e:91:d1:1d brd ff:ff:ff:ff:ff:ff<br>
inet 192.168.1.222/24 brd 192.168.1.255 scope global eth0<br>
valid_lft forever preferred_lft forever<br>
inet6 fe80::f816:3eff:fe91:d11d/64 scope link <br>
valid_lft forever preferred_lft forever<br>
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000<br>
link/ether fa:16:3e:4f:da:0f brd ff:ff:ff:ff:ff:ff<br>
```<br>
* Cirros_b `ip a` command output:<br>
```<br>
$ ip a<br>
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1<br>
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br>
inet 127.0.0.1/8 scope host lo<br>
valid_lft forever preferred_lft forever<br>
inet6 ::1/128 scope host <br>
valid_lft forever preferred_lft forever<br>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc
pfifo_fast qlen 1000<br>
link/ether fa:16:3e:f1:df:5f brd ff:ff:ff:ff:ff:ff<br>
inet 192.168.1.30/24 brd 192.168.1.255 scope global eth0<br>
valid_lft forever preferred_lft forever<br>
inet6 fe80::f816:3eff:fef1:df5f/64 scope link <br>
valid_lft forever preferred_lft forever<br>
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000<br>
link/ether fa:16:3e:9e:46:bb brd ff:ff:ff:ff:ff:ff<br>
```<br>
<br>
- There is **connection** between Cirros A and Cirros B (in both
directions).<br>
- There is **connection** between Cirros A/B and self-service
gateway (192.168.1.1) (in both directions).<br>
- There is **connection** between Cirros A/B and provider gateway
(138.100.10.198) (in both directions).<br>
- There is **connection** between Cirros A/B and controller
management interface (138.100.10.25) (in both directions).<br>
- There is **no connection** between Cirros A/B and compute
management interface (138.100.10.26). This interface is not
accessible.<br>
- There is **connection** between Cirros A/B and compute provider
interface (138.100.10.27) (in both directions).<br>
<br>
<br>
I do not know if there is a problem on linux bridge configuration
files, or maybe I need another network interface on controller
machine.<br>
<br>
</p>
</body>
</html>