<div dir="ltr">They might be not perfect but from my little experience they are able to forward traffic and do SNAT/DNAT without too many issues.<div><br></div><div>If your deployment is failing to properly configure routing, you should be getting errors in the l3 agent logs - sharing them might help.</div><div>Trying to ping the internal interface (192.168.123.1) from the network namespace (it should be qdhcp-bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d might also provide useful debug informations).</div><div><br></div><div>I am assuming you are running Neutron in its default configuration (ie:ML2 with OVS driver and the 'standard' l3 plugin)</div><div>Rossella from the Neutron core team gave a presentation at the latest OpenStack summit on how to debug Neutron [1]. Hopefully you might find this resource useful.</div><div><br></div><div>Salvatore</div><div><br></div><div>[1] <a href="https://www.openstack.org/summit/tokyo-2015/videos/presentation/i-cant-ping-my-vm-learn-how-to-debug-neutron-and-solve-common-problems">https://www.openstack.org/summit/tokyo-2015/videos/presentation/i-cant-ping-my-vm-learn-how-to-debug-neutron-and-solve-common-problems</a></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 15 March 2016 at 04:55, Christopher Hull <span dir="ltr"><<a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><span style="font-family:monospace,monospace"><font size="1">Attempt number 5 to set this up. I suppose seeing as instances work on all nets I'll just have to config my own Linux based router.<br><br></font></span></div><span style="font-family:monospace,monospace"><font size="1">Has ANYONE managed to get this to work? <br><br><br><br>------------------------------------------------------------------------------------------------------------------------<br>Server Net<br>Doing the same thing with all ADMIN, result same. PORT is DOWN!!!<br><br><br><br><br><br><br>[sleestack@maersk src]$ neutron net-create server-net --shared <br>Created a new network:<br>+---------------------------+--------------------------------------+<br>| Field | Value |<br>+---------------------------+--------------------------------------+<br>| admin_state_up | True |<br>| id | bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d |<br>| mtu | 0 |<br>| name | server-net |<br>| port_security_enabled | True |<br>| provider:network_type | vxlan |<br>| provider:physical_network | |<br>| provider:segmentation_id | 82 |<br>| router:external | False |<br>| shared | True |<br>| status | ACTIVE |<br>| subnets | |<br>| tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |<br>+---------------------------+--------------------------------------+<br>[sleestack@maersk src]$ neutron subnet-create server-net <a href="http://192.168.123.0/24" target="_blank">192.168.123.0/24</a> \<br>> --name server-net --dns-nameserver 172.22.10.254 --gateway 192.168.123.1<br>Created a new subnet:<br>+-------------------+------------------------------------------------------+<br>| Field | Value |<br>+-------------------+------------------------------------------------------+<br>| allocation_pools | {"start": "192.168.123.2", "end": "192.168.123.254"} |<br>| cidr | <a href="http://192.168.123.0/24" target="_blank">192.168.123.0/24</a> |<br>| dns_nameservers | 172.22.10.254 |<br>| enable_dhcp | True |<br>| gateway_ip | 192.168.123.1 |<br>| host_routes | |<br>| id | 29e93c6a-8ff1-439a-8e84-66a2bb8e6298 |<br>| ip_version | 4 |<br>| ipv6_address_mode | |<br>| ipv6_ra_mode | |<br>| name | server-net |<br>| network_id | bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d |<br>| subnetpool_id | |<br>| tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |<br>+-------------------+------------------------------------------------------+<br>[sleestack@maersk src]$ source admin-openrc.sh <br>[sleestack@maersk src]$ neutron net-update public --router:external <br>Updated network: public<br>[sleestack@maersk src]$ neutron router-create server-router <br>Created a new router:<br>+-----------------------+--------------------------------------+<br>| Field | Value |<br>+-----------------------+--------------------------------------+<br>| admin_state_up | True |<br>| distributed | False |<br>| external_gateway_info | |<br>| ha | False |<br>| id | 00590829-e34a-4773-b3f1-0636bc3ff482 |<br>| name | server-router |<br>| routes | |<br>| status | ACTIVE |<br>| tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |<br>+-----------------------+--------------------------------------+<br>[sleestack@maersk src]$ neutron router-interface-add server-router server-net <br>Added interface 1b0d3bb6-a455-4165-8e81-af5f45a1e1c1 to router server-router.<br>[sleestack@maersk src]$ neutron router-gateway-set server-router public <br>Set gateway for router server-router<br>[sleestack@maersk src]$ p netns<br>bash: p: command not found...<br>[sleestack@maersk src]$ ip netns<br>qrouter-00590829-e34a-4773-b3f1-0636bc3ff482 (id: 3)<br>qdhcp-bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d (id: 1)<br>qdhcp-43f09f04-c7ca-4df9-bc74-516dd134313f (id: 2)<br>qdhcp-f1309195-e346-4748-b223-d2875204cab8 (id: 0)<br>[sleestack@maersk src]$ neutron router-port-list server-router <br>+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+<br>| id | name | mac_address | fixed_ips |<br>+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+<br>| 11f56b25-1389-40a4-8d72-05b1d9d3ed66 | | fa:16:3e:5a:6c:1e | {"subnet_id": "fdf2bf4b-e0ef-4843-85a2-e88f9aa674b5", "ip_address": "172.22.10.16"} |<br>| 1b0d3bb6-a455-4165-8e81-af5f45a1e1c1 | | fa:16:3e:e7:f6:53 | {"subnet_id": "29e93c6a-8ff1-439a-8e84-66a2bb8e6298", "ip_address": "192.168.123.1"} |<br>+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+<br>[sleestack@maersk src]$ neutron port-show 11f56b25-1389-40a4-8d72-05b1d9d3ed66<br>+-----------------------+--------------------------------------------------------------------------------------------------------------+<br>| Field | Value |<br>+-----------------------+--------------------------------------------------------------------------------------------------------------+<br>| admin_state_up | True |<br>| allowed_address_pairs | |<br>| binding:host_id | maersk |<br>| binding:profile | {} |<br>| binding:vif_details | {"port_filter": true} |<br>| binding:vif_type | bridge |<br>| binding:vnic_type | normal |<br>| device_id | 00590829-e34a-4773-b3f1-0636bc3ff482 |<br>| device_owner | network:router_gateway |<br>| dns_assignment | {"hostname": "host-172-22-10-16", "ip_address": "172.22.10.16", "fqdn": "host-172-22-10-16.openstacklocal."} |<br>| dns_name | |<br>| extra_dhcp_opts | |<br>| fixed_ips | {"subnet_id": "fdf2bf4b-e0ef-4843-85a2-e88f9aa674b5", "ip_address": "172.22.10.16"} |<br>| id | 11f56b25-1389-40a4-8d72-05b1d9d3ed66 |<br>| mac_address | fa:16:3e:5a:6c:1e |<br>| name | |<br>| network_id | 43f09f04-c7ca-4df9-bc74-516dd134313f |<br>| port_security_enabled | False |<br>| security_groups | |<br>| status | DOWN !!!!!!!! WHY??????????? |<br>| tenant_id | |<br>+-----------------------+--------------------------------------------------------------------------------------------------------------+<br>[sleestack@maersk src]$ neutron port-show 1b0d3bb6-a455-4165-8e81-af5f45a1e1c1<br>+-----------------------+-----------------------------------------------------------------------------------------------------------------+<br>| Field | Value |<br>+-----------------------+-----------------------------------------------------------------------------------------------------------------+<br>| admin_state_up | True |<br>| allowed_address_pairs | |<br>| binding:host_id | maersk |<br>| binding:profile | {} |<br>| binding:vif_details | {"port_filter": true} |<br>| binding:vif_type | bridge |<br>| binding:vnic_type | normal |<br>| device_id | 00590829-e34a-4773-b3f1-0636bc3ff482 |<br>| device_owner | network:router_interface |<br>| dns_assignment | {"hostname": "host-192-168-123-1", "ip_address": "192.168.123.1", "fqdn": "host-192-168-123-1.openstacklocal."} |<br>| dns_name | |<br>| extra_dhcp_opts | |<br>| fixed_ips | {"subnet_id": "29e93c6a-8ff1-439a-8e84-66a2bb8e6298", "ip_address": "192.168.123.1"} |<br>| id | 1b0d3bb6-a455-4165-8e81-af5f45a1e1c1 |<br>| mac_address | fa:16:3e:e7:f6:53 |<br>| name | |<br>| network_id | bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d |<br>| port_security_enabled | False |<br>| security_groups | |<br>| status | ACTIVE |<br>| tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |<br>+-----------------------+-----------------------------------------------------------------------------------------------------------------+<br><br><br>[sleestack@maersk src]$ <br>[sleestack@maersk src]$ ping 172.22.10.16<br>PING 172.22.10.16 (172.22.10.16) 56(84) bytes of data.<br> From 172.22.10.99 icmp_seq=1 Destination Host Unreachable<br>From 172.22.10.99 icmp_seq=2 Destination Host Unreachable<br>From 172.22.10.99 icmp_seq=3 Destination Host Unreachable<br>From 172.22.10.99 icmp_seq=4 Destination Host Unreachable<br><br> <br><br><br></font></span><div><div><span style="font-family:monospace,monospace"><font size="1"><br><br><br><br><br><br><br><br><br><br><br clear="all"></font></span><div><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><div><span style="font-family:monospace,monospace"><font size="1">- Christopher T. Hull<br></font></span></div><div><span style="font-family:monospace,monospace"><font size="1">I am presently seeking a new career opportunity Please see career page<br></font></span></div><div><span style="font-family:monospace,monospace"><font size="1"><a href="http://chrishull.com/career" target="_blank">http://chrishull.com/career</a><br></font></span></div><div><span style="font-family:monospace,monospace"><font size="1">333 Orchard Ave, Sunnyvale CA. 94085<br>(415) 385 4865<br></font></span></div><div><span style="font-family:monospace,monospace"><font size="1"><a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a><br></font></span></div><span style="font-family:monospace,monospace"><font size="1"><a href="http://chrishull.com" target="_blank">http://chrishull.com</a><br><br></font></span></div></div><div><div><span style="font-family:monospace,monospace"><font size="1"><br></font></span></div></div></div></div></div></div></div></div></div>
</div></div></div>
<br>_______________________________________________<br>
OpenStack-operators mailing list<br>
<a href="mailto:OpenStack-operators@lists.openstack.org">OpenStack-operators@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
<br></blockquote></div><br></div>