<div dir="ltr"><div class="gmail_default" style="font-family:'courier new',monospace;font-size:small;color:rgb(0,0,0)">Hi guys, we are deploying: </div><div class="gmail_default" style="font-family:'courier new',monospace;font-size:small;color:rgb(0,0,0)">
<br></div><div class="gmail_default" style="font-family:'courier new',monospace;font-size:small;color:rgb(0,0,0)">havana + OVS on vlan mode + neutron using this EXACT production schema : </div><div class="gmail_default" style="font-family:'courier new',monospace;font-size:small;color:rgb(0,0,0)">
<br></div><div class="gmail_default" style="font-family:'courier new',monospace;font-size:small;color:rgb(0,0,0)"><a href="http://docs.openstack.org/network-admin/admin/content/figures/2/figures/under-the-hood-scenario-2-ovs-compute.png">http://docs.openstack.org/network-admin/admin/content/figures/2/figures/under-the-hood-scenario-2-ovs-compute.png</a><br>
</div><div class="gmail_default" style="font-family:'courier new',monospace;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:'courier new',monospace;font-size:small;color:rgb(0,0,0)">
Since we are using this schema, im gonna reffer about devices as they are named in the picture.</div><div class="gmail_default" style="font-family:'courier new',monospace;font-size:small;color:rgb(0,0,0)">When an instance gets created, the network defined uses the GW where the vlan is created on a switch, so when the VM tries to access any other network packets go through all the taps, and bridges inside de compute and get to the default gw where it gets routed.</div>
<div class="gmail_default" style="font-family:'courier new',monospace;font-size:small;color:rgb(0,0,0)"><br></div><div class="gmail_default"><font color="#000000" face="courier new, monospace">Regarding metadata, the instances cant access the metadata, so i issue the regular DNAT iptables rule to be able to acces it :</font></div>
<div class="gmail_default"><font color="#000000" face="courier new, monospace"><br></font></div><div class="gmail_default"><font color="#000000" face="courier new, monospace">iptables -t nat -A neutron-openvswi-PREROUTING -d <a href="http://169.254.169.254/32">169.254.169.254/32</a> -p tcp -m tcp --dport 80 -j DNAT --to-destination [CONTROLLER-IP]:8775<br>
</font></div><div class="gmail_default"><font color="#000000" face="courier new, monospace"><br></font></div><div class="gmail_default"><span style="color:rgb(0,0,0);font-family:'courier new',monospace">I see the original package exit the TAP, the DNATED package incoming the qbrXXX but the package never hits the qvbXXXX interface </span><span style="color:rgb(0,0,0);font-family:'courier new',monospace">and we dont have an idea why, since it doesnt seems to be an iptables issue.</span></div>
<div class="gmail_default"><span style="color:rgb(0,0,0);font-family:'courier new',monospace"><br></span></div><div class="gmail_default"><font color="#000000" face="courier new, monospace">can anyone help me ?</font></div>
<div><div><font><b><div class="gmail_default" style="font-family:'courier new',monospace;font-size:small;color:rgb(0,0,0);display:inline"></div></b></font></div></div><div><font><b><div class="gmail_default" style="font-family:'courier new',monospace;font-size:small;color:rgb(0,0,0);display:inline">
alejandrito @catintheroof</div></b></font></div>
</div>