<div dir="ltr"><div><div><div><div><div><div><div><div><div><div>Hi Keven / all;<br><br></div>Re: Getting a Neutron Router to work.  (set external_network_bridge = blank).  Apologies if this got sent twice.<br><br>Nope, not quite there yet re getting the damn router to work (week 3 on this issue).<br><br></div>The Liberty install instructions indeed say to set...<br></div>external_network_bridge =<br><br></div>I'm so desperate that I thought the blank space after the = might be the issue.  No.   Then I noticed these instructions in l3_agent.ini itself.<br>-----<br># When external_network_bridge is set, each L3 agent can be associated<br># with no more than one external network. This value should be set to the UUID<br># of that external network. To allow L3 agent support multiple external<br># networks, both the external_network_bridge and gateway_external_network_id<br># must be left empty.<br># gateway_external_network_id =<br>----<br><br></div>1: Should  gateway_external_network_id = be unoommented?<br></div>2: Should I reupdate the database after these changes?<br>su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \<br>  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron<br><br></div>3: Should external_network_bridge in fact be set to the UUID of the public network?<br><br></div>4. All instances Ports work just fine on public and private network.  WHAT is the difference between a Neutron router northbound port and an instance port on the public net.<br><br></div><div>Services restarted after config change (just removed space after = actually just in case sloppy Python coding was involved here).  In fact, I rebooted the box just to be sure.<br></div><div><br></div>Making my own instance based router is looking better and better all the time.   If Neutron Routers really work, maybe UFO's exist too.  :-)   j/k<br><br></div><div><div><div><br><div>Seriously.  Thank you for your help.     Hope to help the community soon too myself.  Trying to get my Gerrit account up and running but the OpenStack.org site won't allow me to sign the Contrib agreement with out getting a server error. <br><font size="1"><br><br><span style="font-family:monospace,monospace">====  Config Details ======<br>Issue   Neutron Router Northbound Port won't Ping, is Down  <br><br>[root@maersk src]# ./pluto.py show  -p /etc neutron  rootwrap.conf ml2_conf.ini l3_agent.ini linuxbridge_agent.ini dhcp_agent.ini<br>+-----------------------+------------------------------------+-------------------------------------------------+<br>| neutron: Section      | Key                                | Value                                           |<br>+-----------------------+------------------------------------+-------------------------------------------------+<br>| DEFAULT               | verbose                            | True                                            |<br>| DEFAULT               | nova_url                           | <a href="http://controller:8774/v2">http://controller:8774/v2</a>                       |<br>| DEFAULT               | notify_nova_on_port_data_changes   | True                                            |<br>| DEFAULT               | notify_nova_on_port_status_changes | True                                            |<br>| DEFAULT               | auth_strategy                      | keystone                                        |<br>| DEFAULT               | rpc_backend                        | rabbit                                          |<br>| DEFAULT               | allow_overlapping_ips              | True                                            |<br>| DEFAULT               | service_plugins                    | router                                          |<br>| DEFAULT               | core_plugin                        | ml2                                             |<br>| keystone_authtoken    | password                           | mk4968small23buggidntpass                       |<br>| keystone_authtoken    | username                           | neutron                                         |<br>| keystone_authtoken    | project_name                       | service                                         |<br>| keystone_authtoken    | user_domain_id                     | default                                         |<br>| keystone_authtoken    | project_domain_id                  | default                                         |<br>| keystone_authtoken    | auth_plugin                        | password                                        |<br>| keystone_authtoken    | auth_url                           | <a href="http://controller:35357">http://controller:35357</a>                         |<br>| keystone_authtoken    | auth_uri                           | <a href="http://controller:5000">http://controller:5000</a>                          |<br>| database              | connection                         | mysql://neutron:sleestack191@controller/neutron |<br>| nova                  | password                           | mk4968small23buggidntpass                       |<br>| nova                  | username                           | nova                                            |<br>| nova                  | project_name                       | service                                         |<br>| nova                  | region_name                        | RegionOne                                       |<br>| nova                  | user_domain_id                     | default                                         |<br>| nova                  | project_domain_id                  | default                                         |<br>| nova                  | auth_plugin                        | password                                        |<br>| nova                  | auth_url                           | <a href="http://controller:35357">http://controller:35357</a>                         |<br>| oslo_concurrency      | lock_path                          | /var/lib/neutron/tmp                            |<br>| oslo_messaging_rabbit | rabbit_password                    | open.g00dke232                                  |<br>| oslo_messaging_rabbit | rabbit_userid                      | openstack                                       |<br>| oslo_messaging_rabbit | rabbit_host                        | controller                                      |<br>+-----------------------+------------------------------------+-------------------------------------------------+<br>+-------------------+---------------------+--------------------------------------------------------------+<br>| rootwrap: Section | Key                 | Value                                                        |<br>+-------------------+---------------------+--------------------------------------------------------------+<br>| DEFAULT           | filters_path        | /etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap            |<br>| DEFAULT           | exec_dirs           | /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin |<br>| DEFAULT           | use_syslog          | False                                                        |<br>| DEFAULT           | syslog_log_facility | syslog                                                       |<br>| DEFAULT           | syslog_log_level    | ERROR                                                        |<br>+-------------------+---------------------+--------------------------------------------------------------+<br>+-------------------+----------------------+--------------------------+<br>| ml2_conf: Section | Key                  | Value                    |<br>+-------------------+----------------------+--------------------------+<br>| ml2               | extension_drivers    | port_security            |<br>| ml2               | mechanism_drivers    | linuxbridge,l2population |<br>| ml2               | tenant_network_types | vxlan                    |<br>| ml2               | type_drivers         | flat,vlan,vxlan          |<br>| ml2_type_flat     | flat_networks        | public                   |<br>| ml2_type_vxlan    | vni_ranges           | 1:1000                   |<br>| securitygroup     | enable_ipset         | True                     |<br>+-------------------+----------------------+--------------------------+<br>+-------------------+--------------------------+-----------------------------------------------------+<br>| l3_agent: Section | Key                      | Value                                               |<br>+-------------------+--------------------------+-----------------------------------------------------+<br>| DEFAULT           | external_network_bridge  |                                                     |<br>| DEFAULT           | verbose                  | True                                                |<br>| DEFAULT           | interface_driver         | neutron.agent.linux.interface.BridgeInterfaceDriver |<br>+-------------------+--------------------------+-----------------------------------------------------+<br>+----------------------------+-----------------------------+--------------------------------------------------------------+<br>| linuxbridge_agent: Section | Key                         | Value                                                        |<br>+----------------------------+-----------------------------+--------------------------------------------------------------+<br>| linux_bridge               | physical_interface_mappings | public:enp3s0                                                |<br>| vxlan                      | l2_population               | True                                                         |<br>| vxlan                      | local_ip                    | 172.22.10.99                                                 |<br>| vxlan                      | enable_vxlan                | True                                                         |<br>| agent                      | prevent_arp_spoofing        | True                                                         |<br>| securitygroup              | firewall_driver             | neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |<br>| securitygroup              | enable_security_group       | True                                                         |<br>+----------------------------+-----------------------------+--------------------------------------------------------------+<br>+---------------------+--------------------------+-----------------------------------------------------+<br>| dhcp_agent: Section | Key                      | Value                                               |<br>+---------------------+--------------------------+-----------------------------------------------------+<br>| DEFAULT             | dnsmasq_config_file      | /etc/neutron/dnsmasq-neutron.conf                   |<br>| DEFAULT             | verbose                  | True                                                |<br>| DEFAULT             | enable_isolated_metadata | True                                                |<br>| DEFAULT             | dhcp_driver              | neutron.agent.linux.dhcp.Dnsmasq                    |<br>| DEFAULT             | interface_driver         | neutron.agent.linux.interface.BridgeInterfaceDriver |<br>+---------------------+--------------------------+-----------------------------------------------------+<br><br></span><br><br><br><br></font></div><div><br><div><div><div><div><br><br><br></div></div></div></div></div></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div><div>- Christopher T. Hull<br></div><div>I am presently seeking a new career opportunity  Please see career page<br></div><div><a href="http://chrishull.com/career" target="_blank">http://chrishull.com/career</a><br></div><div>333 Orchard Ave, Sunnyvale CA. 94085<br>(415) 385 4865<br></div><div><a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a><br></div><a href="http://chrishull.com" target="_blank">http://chrishull.com</a><br><br></div></div><div><div><br></div></div></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Wed, Mar 23, 2016 at 8:50 AM,  <span dir="ltr"><<a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div>Thanks. Will check that.  </div><div>When I create an instance in the public or private nets they ping.  Why do router ports behave differently than instance ports?  Only the Northbound router port is down and won't ping.   Will check settings ASAP thanks </div><span class=""><div><br></div><div>Chris. <br><br>Sent from my iPhone</div></span><div><div class="h5"><div><br>On Mar 23, 2016, at 7:52 AM, Kevin Benton <<a href="mailto:kevin@benton.pub" target="_blank">kevin@benton.pub</a>> wrote:<br><br></div><blockquote type="cite"><div><p dir="ltr">Ok. The same settings should apply to Linux bridge. </p>
<p dir="ltr">Make sure you have external_network_bridge defined in your L3 agent as an empty value. </p>
<p dir="ltr">Then your external network should be created with the provider type of 'flat' and the physical network corresponding to the one you have defined in your bridge mappings in the L2 agent  that attaches to the bridge going to your external physical network. </p>
<div class="gmail_quote">On Mar 23, 2016 7:25 AM,  <<a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><div>Kevin;</div><div>Thank you Very much.  I'll check.   I did a manual Liberty install so I may have done something wrong.  I am using LinuxBridge (not OpenVSwitch) if that helps.  Will post results to list soon.  Would like to be able to use floating IPs, a more convenient form of ipTables basically.  </div><div><br></div><div>Chris. <br><br>Sent from my iPhone</div><div><br>On Mar 23, 2016, at 7:16 AM, Kevin Benton <<a href="mailto:kevin@benton.pub" target="_blank">kevin@benton.pub</a>> wrote:<br><br></div><blockquote type="cite"><div><p dir="ltr">Do you have external_network_bridge set to an empty value in the l3 agent config? If not, the l3 agent will use a legacy mode of wiring up the port and it's status field may not be ACTIVE. </p>
<p dir="ltr">The routers are tested thousands of times in the gate every day, so they work. It's just a matter of getting your configuration correct. </p>
<p dir="ltr">Yes, you can use a VM to route as well. </p>
<div class="gmail_quote">On Mar 23, 2016 7:06 AM,  <<a href="mailto:chrishull42@gmail.com" target="_blank">chrishull42@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi all;<br>
It appears that Liberty Neutron routers do not work.  The Northbound port is always Down.<br>
<br>
What I'd like to do is dedicate an instance (CentOS) to routing between the Public net and other nets.  Has anyone done this.  Setting up the router is trivial.  But I'm a little worried about interaction with Neutron Ports.  I need to assign fixed IPs so I can route from the Internet to a server instance.<br>
<br>
Ideas?<br>
<br>
Thanks<br>
- Chris.<br>
<br>
Sent from my iPhone<br>
_______________________________________________<br>
OpenStack-operators mailing list<br>
<a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
</blockquote></div>
</div></blockquote></div></blockquote></div>
</div></blockquote></div></div></div></blockquote></div><br></div></div>