[Openstack-operators] Liberty Setup - Can't ping Demo Router
Christopher Hull
chrishull42 at gmail.com
Wed Mar 9 17:06:34 UTC 2016
Hi all;
Following the Neutron (Network Option 2 setup) instructions in Liberty. I
can't ping my demo router. However, I do recall there are new security
constraints that might prevent this in Liberty. Do I need to somehow
allow ICMP?
Here's what I did.
===========================================
Create virtual networks
http://docs.openstack.org/liberty/install-guide-rdo/launch-instance.html#create-virtual-networks
===========================================
Create Public Provider Network
http://docs.openstack.org/liberty/install-guide-rdo/launch-instance-networks-public.html
[root at maersk src]# source admin-openrc.sh
[root at maersk src]# neutron net-create public --shared
--provider:physical_network public \
> --provider:network_type flat
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | be6e920a-51aa-4293-bb95-7ac38aab9df6 |
| mtu | 0 |
| name | public |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | public |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |
+---------------------------+--------------------------------------+
[root at maersk src]#
--- Create a subnet on the network:
Replace START_IP_ADDRESS and END_IP_ADDRESS with the first and last IP
address of the range within
the subnet that you want to allocate for instances. This range must not
include any
existing active IP addresses.
Example
neutron subnet-create public 203.0.113.0/24 --name public \
--allocation-pool start=203.0.113.101,end=203.0.113.200 \
--dns-nameserver 8.8.4.4 --gateway 203.0.113.1
[root at maersk src]# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search attlocal.net
nameserver 172.22.10.254
cat ifcfg-enp3s0
GATEWAY=172.22.10.254
DNS1=172.22.10.254
neutron subnet-create public 172.22.10.0/24 --name public \
--allocation-pool start=172.22.10.10,end=172.22.10.90 \
--dns-nameserver 172.22.10.254 --gateway 172.22.10.254
Created a new subnet:
+-------------------+--------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------+
| allocation_pools | {"start": "172.22.10.10", "end": "172.22.10.90"} |
| cidr | 172.22.10.0/24 |
| dns_nameservers | 172.22.10.254 |
| enable_dhcp | True |
| gateway_ip | 172.22.10.254 |
| host_routes | |
| id | f227734a-eca3-4472-81f6-620e1bf1fac9 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | public |
| network_id | be6e920a-51aa-4293-bb95-7ac38aab9df6 |
| subnetpool_id | |
| tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |
+-------------------+--------------------------------------------------+
===========================================
Create the private project network
http://docs.openstack.org/liberty/install-guide-rdo/launch-instance-networks-private.html
source demo-openrc.sh
neutron net-create private
Created a new network:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| id | 28ca326a-8443-4c1c-b288-48920a1eefbe |
| mtu | 0 |
| name | private |
| port_security_enabled | True |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 7813be77b1de4196b1c6b77006afa21c |
+-----------------------+--------------------------------------+
[root at maersk src]# neutron subnet-create private 192.168.10.0/24 \
> --name private --dns-nameserver 172.22.10.254 --gateway 192.168.10.1
Created a new subnet:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| allocation_pools | {"start": "192.168.10.2", "end": "192.168.10.254"} |
| cidr | 192.168.10.0/24 |
| dns_nameservers | 172.22.10.254 |
| enable_dhcp | True |
| gateway_ip | 192.168.10.1 |
| host_routes | |
| id | eb5550e2-4de5-4ca5-9d7e-9d6ffe86ce92 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | private |
| network_id | 28ca326a-8443-4c1c-b288-48920a1eefbe |
| subnetpool_id | |
| tenant_id | 7813be77b1de4196b1c6b77006afa21c |
+-------------------+----------------------------------------------------+
====
Create a router
====
Private project networks connect to public provider networks using a
virtual router.
Each router contains an interface to at least one private project network
and a gateway
on a public provider network.
source admin
[root at maersk src]# source admin-openrc.sh
[root at maersk src]# neutron net-update public --router:external
Updated network: public
[root at maersk src]# source demo-openrc.sh
[root at maersk src]# neutron router-create router
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | 52ca91cb-df23-4593-bb95-ea9f1fc33e99 |
| name | router |
| routes | |
| status | ACTIVE |
| tenant_id | 7813be77b1de4196b1c6b77006afa21c |
+-----------------------+--------------------------------------+
[root at maersk src]# neutron router-interface-add router private
Added interface 5b25c4df-0c83-4ef2-bed6-6e854cf66af6 to router router.
[root at maersk src]# neutron router-gateway-set router public
Set gateway for router router
[root at maersk src]# source admin-openrc.sh
[root at maersk src]# ip netns
qrouter-52ca91cb-df23-4593-bb95-ea9f1fc33e99 (id: 2)
qdhcp-28ca326a-8443-4c1c-b288-48920a1eefbe (id: 1)
qdhcp-be6e920a-51aa-4293-bb95-7ac38aab9df6 (id: 0)
[root at maersk src]# neutron router-port-list router
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
| id | name | mac_address |
fixed_ips
|
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
| 5b25c4df-0c83-4ef2-bed6-6e854cf66af6 | | fa:16:3e:d5:62:14 |
{"subnet_id": "eb5550e2-4de5-4ca5-9d7e-9d6ffe86ce92", "ip_address":
"192.168.10.1"} |
| d1dfcc09-9da6-4366-8080-c73d48286036 | | fa:16:3e:b7:d2:22 |
{"subnet_id": "f227734a-eca3-4472-81f6-620e1bf1fac9", "ip_address":
"172.22.10.11"} |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
[root at maersk src]# ping -c 4 172.22.10.11
PING 172.22.10.11 (172.22.10.11) 56(84) bytes of data.
>From 172.22.10.99 icmp_seq=1 Destination Host Unreachable
>From 172.22.10.99 icmp_seq=2 Destination Host Unreachable
>From 172.22.10.99 icmp_seq=3 Destination Host Unreachable
>From 172.22.10.99 icmp_seq=4 Destination Host Unreachable
--- 172.22.10.11 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 2999ms
pipe 4
[root at maersk src]#
===== Config info.
I set LinuxBridgeAgent.ini linux_bridge physical_interface_mappings to
public:enp3s0 as this is what shows up for "eth0" when I ifconfig. Is
this correct?
[root at maersk src]# ./pluto.py show -p /etc ml2_conf.ini l3_agent.ini
plugin.ini linuxbridge_agent.ini
+-------------------+----------------------+--------------------------+
| ml2_conf: Section | Key | Value |
+-------------------+----------------------+--------------------------+
| ml2 | extension_drivers | port_security |
| ml2 | mechanism_drivers | linuxbridge,l2population |
| ml2 | tenant_network_types | vxlan |
| ml2 | type_drivers | flat,vlan,vxlan |
| ml2_type_flat | flat_networks | public |
| ml2_type_vxlan | vni_ranges | 1:1000 |
| securitygroup | enable_ipset | True |
+-------------------+----------------------+--------------------------+
+-------------------+--------------------------+-----------------------------------------------------+
| l3_agent: Section | Key |
Value |
+-------------------+--------------------------+-----------------------------------------------------+
| DEFAULT | external_network_bridge
| |
| DEFAULT | verbose |
True |
| DEFAULT | interface_driver |
neutron.agent.linux.interface.BridgeInterfaceDriver |
+-------------------+--------------------------+-----------------------------------------------------+
+-----------------+----------------------+--------------------------+
| plugin: Section | Key | Value |
+-----------------+----------------------+--------------------------+
| ml2 | extension_drivers | port_security |
| ml2 | mechanism_drivers | linuxbridge,l2population |
| ml2 | tenant_network_types | vxlan |
| ml2 | type_drivers | flat,vlan,vxlan |
| ml2_type_flat | flat_networks | public |
| ml2_type_vxlan | vni_ranges | 1:1000 |
| securitygroup | enable_ipset | True |
+-----------------+----------------------+--------------------------+
+----------------------------+-----------------------------+--------------------------------------------------------------+
| linuxbridge_agent: Section | Key |
Value |
+----------------------------+-----------------------------+--------------------------------------------------------------+
| linux_bridge | physical_interface_mappings |
public:enp3s0 |
| vxlan | l2_population |
True |
| vxlan | local_ip |
172.22.10.99 |
| vxlan | enable_vxlan |
True |
| agent | prevent_arp_spoofing |
True |
| securitygroup | firewall_driver |
neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
| securitygroup | enable_security_group |
True |
+----------------------------+-----------------------------+--------------------------------------------------------------+
- Christopher T. Hull
333 Orchard Ave, Sunnyvale CA. 94085
(415) 385 4865
chrishull42 at gmail.com
http://chrishull.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160309/230a3a13/attachment.html>
More information about the OpenStack-operators
mailing list