[Openstack-operators] [neutron] Liberty - Do Neutron Routers actually work?

Akihiro Motoki amotoki at gmail.com
Tue Mar 15 09:26:35 UTC 2016


When you are using ML2 with OVS driver and (in-tree) L3 router plugin,
and if br-ex is used to connect to the external network,
the gateway port of the router can be DOWN even if it does work.

It seems you pinged from the root netns on your network node.
In a normal setup with ML2 OVS driver and the in-tree L3 router plugin,
we cannot reach an inside of a neutron network from the root namespace
(i.e., host namespace)
of the network node. You need to check network reachability from
the inside of the neutron network (for example, from a VM connected to
the network
or from the inside of a network namespace).


2016-03-15 16:36 GMT+09:00 Salvatore Orlando <salv.orlando at gmail.com>:
> They might be not perfect but from my little experience they are able to
> forward traffic and do SNAT/DNAT without too many issues.
>
> If your deployment is failing to properly configure routing,  you should be
> getting errors in the l3 agent logs - sharing them might help.
> Trying to ping the internal interface (192.168.123.1) from the network
> namespace (it should be qdhcp-bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d might
> also provide useful debug informations).
>
> I am assuming you are running Neutron in its default configuration (ie:ML2
> with OVS driver and the 'standard' l3 plugin)
> Rossella from the Neutron core team gave a presentation at the latest
> OpenStack summit on how to debug Neutron [1]. Hopefully you might find this
> resource useful.
>
> Salvatore
>
> [1]
> https://www.openstack.org/summit/tokyo-2015/videos/presentation/i-cant-ping-my-vm-learn-how-to-debug-neutron-and-solve-common-problems
>
>
> On 15 March 2016 at 04:55, Christopher Hull <chrishull42 at gmail.com> wrote:
>>
>> Attempt number 5 to set this up.   I suppose seeing as instances work on
>> all nets I'll just have to config my own Linux based router.
>>
>> Has ANYONE managed to get this to work?
>>
>>
>>
>>
>> ------------------------------------------------------------------------------------------------------------------------
>> Server Net
>> Doing the same thing with all ADMIN, result same.  PORT is DOWN!!!
>>
>>
>>
>>
>>
>>
>> [sleestack at maersk src]$ neutron net-create server-net --shared
>> Created a new network:
>> +---------------------------+--------------------------------------+
>> | Field                     | Value                                |
>> +---------------------------+--------------------------------------+
>> | admin_state_up            | True                                 |
>> | id                        | bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d |
>> | mtu                       | 0                                    |
>> | name                      | server-net                           |
>> | port_security_enabled     | True                                 |
>> | provider:network_type     | vxlan                                |
>> | provider:physical_network |                                      |
>> | provider:segmentation_id  | 82                                   |
>> | router:external           | False                                |
>> | shared                    | True                                 |
>> | status                    | ACTIVE                               |
>> | subnets                   |                                      |
>> | tenant_id                 | fdf3f98a9b0c4e9e94603d8a84ea41a8     |
>> +---------------------------+--------------------------------------+
>> [sleestack at maersk src]$ neutron subnet-create server-net 192.168.123.0/24
>> \
>> >      --name server-net --dns-nameserver 172.22.10.254 --gateway
>> > 192.168.123.1
>> Created a new subnet:
>>
>> +-------------------+------------------------------------------------------+
>> | Field             | Value
>> |
>>
>> +-------------------+------------------------------------------------------+
>> | allocation_pools  | {"start": "192.168.123.2", "end": "192.168.123.254"}
>> |
>> | cidr              | 192.168.123.0/24
>> |
>> | dns_nameservers   | 172.22.10.254
>> |
>> | enable_dhcp       | True
>> |
>> | gateway_ip        | 192.168.123.1
>> |
>> | host_routes       |
>> |
>> | id                | 29e93c6a-8ff1-439a-8e84-66a2bb8e6298
>> |
>> | ip_version        | 4
>> |
>> | ipv6_address_mode |
>> |
>> | ipv6_ra_mode      |
>> |
>> | name              | server-net
>> |
>> | network_id        | bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d
>> |
>> | subnetpool_id     |
>> |
>> | tenant_id         | fdf3f98a9b0c4e9e94603d8a84ea41a8
>> |
>>
>> +-------------------+------------------------------------------------------+
>> [sleestack at maersk src]$ source admin-openrc.sh
>> [sleestack at maersk src]$ neutron net-update public --router:external
>> Updated network: public
>> [sleestack at maersk src]$ neutron router-create server-router
>> Created a new router:
>> +-----------------------+--------------------------------------+
>> | Field                 | Value                                |
>> +-----------------------+--------------------------------------+
>> | admin_state_up        | True                                 |
>> | distributed           | False                                |
>> | external_gateway_info |                                      |
>> | ha                    | False                                |
>> | id                    | 00590829-e34a-4773-b3f1-0636bc3ff482 |
>> | name                  | server-router                        |
>> | routes                |                                      |
>> | status                | ACTIVE                               |
>> | tenant_id             | fdf3f98a9b0c4e9e94603d8a84ea41a8     |
>> +-----------------------+--------------------------------------+
>> [sleestack at maersk src]$ neutron router-interface-add server-router
>> server-net
>> Added interface 1b0d3bb6-a455-4165-8e81-af5f45a1e1c1 to router
>> server-router.
>> [sleestack at maersk src]$ neutron router-gateway-set server-router public
>> Set gateway for router server-router
>> [sleestack at maersk src]$ p netns
>> bash: p: command not found...
>> [sleestack at maersk src]$ ip netns
>> qrouter-00590829-e34a-4773-b3f1-0636bc3ff482 (id: 3)
>> qdhcp-bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d (id: 1)
>> qdhcp-43f09f04-c7ca-4df9-bc74-516dd134313f (id: 2)
>> qdhcp-f1309195-e346-4748-b223-d2875204cab8 (id: 0)
>> [sleestack at maersk src]$ neutron router-port-list server-router
>>
>> +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
>> | id                                   | name | mac_address       |
>> fixed_ips
>> |
>>
>> +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
>> | 11f56b25-1389-40a4-8d72-05b1d9d3ed66 |      | fa:16:3e:5a:6c:1e |
>> {"subnet_id": "fdf2bf4b-e0ef-4843-85a2-e88f9aa674b5", "ip_address":
>> "172.22.10.16"}  |
>> | 1b0d3bb6-a455-4165-8e81-af5f45a1e1c1 |      | fa:16:3e:e7:f6:53 |
>> {"subnet_id": "29e93c6a-8ff1-439a-8e84-66a2bb8e6298", "ip_address":
>> "192.168.123.1"} |
>>
>> +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
>> [sleestack at maersk src]$ neutron port-show
>> 11f56b25-1389-40a4-8d72-05b1d9d3ed66
>>
>> +-----------------------+--------------------------------------------------------------------------------------------------------------+
>> | Field                 | Value
>> |
>>
>> +-----------------------+--------------------------------------------------------------------------------------------------------------+
>> | admin_state_up        | True
>> |
>> | allowed_address_pairs |
>> |
>> | binding:host_id       | maersk
>> |
>> | binding:profile       | {}
>> |
>> | binding:vif_details   | {"port_filter": true}
>> |
>> | binding:vif_type      | bridge
>> |
>> | binding:vnic_type     | normal
>> |
>> | device_id             | 00590829-e34a-4773-b3f1-0636bc3ff482
>> |
>> | device_owner          | network:router_gateway
>> |
>> | dns_assignment        | {"hostname": "host-172-22-10-16", "ip_address":
>> "172.22.10.16", "fqdn": "host-172-22-10-16.openstacklocal."} |
>> | dns_name              |
>> |
>> | extra_dhcp_opts       |
>> |
>> | fixed_ips             | {"subnet_id":
>> "fdf2bf4b-e0ef-4843-85a2-e88f9aa674b5", "ip_address": "172.22.10.16"}
>> |
>> | id                    | 11f56b25-1389-40a4-8d72-05b1d9d3ed66
>> |
>> | mac_address           | fa:16:3e:5a:6c:1e
>> |
>> | name                  |
>> |
>> | network_id            | 43f09f04-c7ca-4df9-bc74-516dd134313f
>> |
>> | port_security_enabled | False
>> |
>> | security_groups       |
>> |
>> | status                | DOWN !!!!!!!!  WHY???????????
>> |
>> | tenant_id             |
>> |
>>
>> +-----------------------+--------------------------------------------------------------------------------------------------------------+
>> [sleestack at maersk src]$ neutron port-show
>> 1b0d3bb6-a455-4165-8e81-af5f45a1e1c1
>>
>> +-----------------------+-----------------------------------------------------------------------------------------------------------------+
>> | Field                 | Value
>> |
>>
>> +-----------------------+-----------------------------------------------------------------------------------------------------------------+
>> | admin_state_up        | True
>> |
>> | allowed_address_pairs |
>> |
>> | binding:host_id       | maersk
>> |
>> | binding:profile       | {}
>> |
>> | binding:vif_details   | {"port_filter": true}
>> |
>> | binding:vif_type      | bridge
>> |
>> | binding:vnic_type     | normal
>> |
>> | device_id             | 00590829-e34a-4773-b3f1-0636bc3ff482
>> |
>> | device_owner          | network:router_interface
>> |
>> | dns_assignment        | {"hostname": "host-192-168-123-1", "ip_address":
>> "192.168.123.1", "fqdn": "host-192-168-123-1.openstacklocal."} |
>> | dns_name              |
>> |
>> | extra_dhcp_opts       |
>> |
>> | fixed_ips             | {"subnet_id":
>> "29e93c6a-8ff1-439a-8e84-66a2bb8e6298", "ip_address": "192.168.123.1"}
>> |
>> | id                    | 1b0d3bb6-a455-4165-8e81-af5f45a1e1c1
>> |
>> | mac_address           | fa:16:3e:e7:f6:53
>> |
>> | name                  |
>> |
>> | network_id            | bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d
>> |
>> | port_security_enabled | False
>> |
>> | security_groups       |
>> |
>> | status                | ACTIVE
>> |
>> | tenant_id             | fdf3f98a9b0c4e9e94603d8a84ea41a8
>> |
>>
>> +-----------------------+-----------------------------------------------------------------------------------------------------------------+
>>
>>
>> [sleestack at maersk src]$
>> [sleestack at maersk src]$ ping 172.22.10.16
>> PING 172.22.10.16 (172.22.10.16) 56(84) bytes of data.
>>  From 172.22.10.99 icmp_seq=1 Destination Host Unreachable
>> From 172.22.10.99 icmp_seq=2 Destination Host Unreachable
>> From 172.22.10.99 icmp_seq=3 Destination Host Unreachable
>> From 172.22.10.99 icmp_seq=4 Destination Host Unreachable
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> - Christopher T. Hull
>> I am presently seeking a new career opportunity  Please see career page
>> http://chrishull.com/career
>> 333 Orchard Ave, Sunnyvale CA. 94085
>> (415) 385 4865
>> chrishull42 at gmail.com
>> http://chrishull.com
>>
>>
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>



More information about the OpenStack-operators mailing list