[Openstack-operators] [Neutron][Linuxbridge] Problem with configuring linux bridge agent with vxlan networks

Sławek Kapłoński slawek at kaplonski.pl
Sat Oct 3 10:40:43 UTC 2015


Hello,

I'm configuring it manually. DHCP is not working because vxlan tunnels
are not working at all :/
Compute nodes and network nodes con ping each other:

admin at network:~$ ping 10.1.0.4
PING 10.1.0.4 (10.1.0.4) 56(84) bytes of data.
64 bytes from 10.1.0.4: icmp_seq=1 ttl=64 time=8.83 ms
64 bytes from 10.1.0.4: icmp_seq=2 ttl=64 time=0.282 ms
^C
--- 10.1.0.4 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.282/4.560/8.838/4.278 ms


-- 
Best regards / Pozdrawiam
Sławek Kapłoński
slawek at kaplonski.pl

On Sat, 03 Oct 2015, James Denton wrote:

> Are your instances getting their ip from DHCP server or are you manually configuring them? Can the network node ping the compute node at 10.1.0.4 and vice-versa?
> 
> Sent from my iPhone
> 
> > On Oct 3, 2015, at 3:55 AM, Sławek Kapłoński <slawek at kaplonski.pl> wrote:
> > 
> > This vlan bridge_mapping I set just to be sure if it will not help for
> > some reason :) Before I tested it without this mapping configured. And
> > in fact I'm not using vlan networks at all (at least now) - I only want
> > to have local vxlan network between instances :)
> > When I booted one instance on host in brqXXX bridge I got vxlan-10052
> > port and tapXXX port (10052 is vni used assigned to network in neutron).
> > After boot second vm I got in same bridge second tap interface so it
> > looks like:
> > 
> > root at compute-2:~# brctl show
> > bridge name    bridge id        STP enabled    interfaces
> > brq8fe8a32f-e6        8000.ce544d0c0e5d    no        tap691a138a-6c
> >                            tapbc1e5179-53
> >                            vxlan-10052
> > virbr0        8000.5254007611ab    yes        virbr0-nic
> > 
> > 
> > So it looks fine for me. I have no idea what is this vibr0 bridge - maybe it
> > should be used somehow?
> > 
> > One more think. Those two vms on one host are pinging each other. So bridge
> > looks that is working fine. Problem is with vxlan tunnels.
> > 
> > About security groups: by default there is rule to allow traffic from different
> > vms using same SG. All my instances are using same security group so it should
> > be no problem IMHO.
> > 
> > -- 
> > Best regards / Pozdrawiam
> > Sławek Kapłoński
> > slawek at kaplonski.pl
> > 
> >> On Fri, 02 Oct 2015, James Denton wrote:
> >> 
> >> If eth1 is used for the vxlan tunnel end points, it can't also be used in a bridge ala provider_bridge_mappings. You should have a dedicated interface or a vlan interface off eth1 (i.e. Eth1.20) that is dedicated to the overlay traffic. Move the local_ip address to that interface on respective nodes. Verify that you can ping between nodes at each address. If this doesn't work, the Neutron pieces won't work. You shouldn't have to restart any neutron services, since the IP isn't changing.
> >> 
> >> Once you create a vxlan tenant network and boot some instances, verify that the vxlan interface is being setup and placed in the respective bridge. You can use 'brctl show' to look at the brq bridge that corresponds to the network. You should see a vxlan interface and the tap interfaces of your instances. 
> >> 
> >> As always, verify your security groups first when troubleshooting instance to instance communication.
> >> 
> >> James
> >> 
> >> Sent from my iPhone
> >> 
> >>> On Oct 2, 2015, at 3:48 PM, Sławek Kapłoński <slawek at kaplonski.pl> wrote:
> >>> 
> >>> Hello,
> >>> 
> >>> I'm trying to configure small openstack infra (one network node, 2
> >>> compute nodes) with linux bridge and vxlan tenant networks. I don't know
> >>> what I'm doing wrong but my instances have no connection between
> >>> each other. On compute hosts I run neutron-plugin-linuxbrigde-agent
> >>> with config like:
> >>> 
> >>> ------------------
> >>> [ml2_type_vxlan]
> >>> # (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples
> >>> # enumerating
> >>> # ranges of VXLAN VNI IDs that are available for tenant network
> >>> # allocation.
> >>> #
> >>> vni_ranges = 10000:20000
> >>> 
> >>> # (StrOpt) Multicast group for the VXLAN interface. When configured,
> >>> # will
> >>> # enable sending all broadcast traffic to this multicast group. When
> >>> # left
> >>> # unconfigured, will disable multicast VXLAN mode.
> >>> #
> >>> # vxlan_group =
> >>> # Example: vxlan_group = 239.1.1.1
> >>> 
> >>> [securitygroup]
> >>> # Controls if neutron security group is enabled or not.
> >>> # It should be false when you use nova security group.
> >>> enable_security_group = True
> >>> 
> >>> # Use ipset to speed-up the iptables security groups. Enabling ipset
> >>> # support
> >>> # requires that ipset is installed on L2 agent node.
> >>> enable_ipset = True
> >>> 
> >>> firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
> >>> 
> >>> [ovs]
> >>> local_ip = 10.1.0.4
> >>> 
> >>> [agent]
> >>> tunnel_types = vxlan
> >>> 
> >>> [linuxbridge]
> >>> physical_interface_mappings = physnet1:eth1
> >>> 
> >>> [vxlan]
> >>> local_ip = 10.1.0.4
> >>> l2_population = True
> >>> enable_vxlan = True
> >>> -------------------
> >>> 
> >>> Eth1 is my "tunnel network" which should be used for tunnels. When I
> >>> spawn vms on compute 1 and 2 and after configuring network manually on
> >>> both vms (dhcp is not working also because of broken tunnels probably)
> >>> it not pings.
> >>> Even when I started two instances on same host and they are both
> >>> connected to one bridge:
> >>> 
> >>> -------------------
> >>> root at compute-2:/usr/lib/python2.7/dist-packages/neutron# brctl show
> >>> bridge name    bridge id        STP enabled    interfaces
> >>> brq8fe8a32f-e6        8000.ce544d0c0e5d    no        tap691a138a-6c
> >>>                           tapbc1e5179-53
> >>>                           vxlan-10052
> >>> virbr0        8000.5254007611ab    yes        virbr0-nic
> >>> -------------------
> >>> 
> >>> those 2 vms are not pinging each other :/
> >>> I don't have any expeirence with linux bridge in fact (For now I was always
> >>> using ovs). Maybe someone of You will know what I should check or what I should
> >>> configure wrong :/ Generally I was installing this openstack according to
> >>> official openstack documentation but in this docs there is info about ovs+gre
> >>> tunnels and that is what I changed. I'm using Ubuntu 14.04 and Openstack Kilo
> >>> installed from cloud archive repo.
> >>> 
> >>> -- 
> >>> Best regards / Pozdrawiam
> >>> Sławek Kapłoński
> >>> slawek at kaplonski.pl
> >>> 
> >>> _______________________________________________
> >>> OpenStack-operators mailing list
> >>> OpenStack-operators at lists.openstack.org
> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20151003/a5d9ab94/attachment.pgp>


More information about the OpenStack-operators mailing list