[Openstack] OpenStack Liberty - can't ping router gateway ip

Joerg Streckfuss openstack at dirtyhack.org
Fri Jan 29 14:16:47 UTC 2016 

Dear list,

i got problems with a virtual router gateway ip.

I setup a 3-node openstack-setup (one controller, two compute nodes), 
using liberty on centos7 carefully following the instructions under 
http://docs.openstack.org/liberty/install-guide-rdo/.

I'm using self-service networks with one flat provider-network for 
external communication. I use VXLAN for overlay-networks. As mechanism 
drivers I use linuxbridge and l2population.
I can create project-networks and initiate instances, with will get ips 
from the dhcp-server.

So far, so good. When I try to create a virtual router to ssh to my vm, 
i can't ping the external gateway ip of the router on the controller node.

As you can see the router has a gateway-port with an external ip 
(10.11.200.1). The second one is the ip from the project network:

<snip>
[root at controller ~]# source admin-openrc.sh
[root at controller ~]# neutron router-port-list router
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | 
fixed_ips 
            |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| 89724c5b-d8eb-45ed-a45d-051412d9cf2d |      | fa:16:3e:71:d2:7c | 
{"subnet_id": "ec0d4301-53b2-4eab-90c9-a03e1b784717", "ip_address": 
"10.11.200.1"} |
| b1aeaf23-1bae-4f63-899d-30a50513c3c1 |      | fa:16:3e:d1:df:2e | 
{"subnet_id": "fc6a8af9-c510-4665-a083-b190989f75de", "ip_address": 
"172.16.1.1"}  |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
<snap>

This ip is not pingable neither from outside nor on the controller node. 
The needed netnamespaces are available:

<snip>
[root at controller ~]# ip netns show
qrouter-7236dab3-6653-4df7-90cc-b441df2ae75d
qdhcp-1ff83e09-1777-4d53-95d8-bc3251eddbb1
qdhcp-b7e5b2dd-0b8c-43ab-911a-107bf23858d6
<snap>

But I can ping the ip inside the router namespace:

<snip>
[root at controller ~]# ip netns exec 
qrouter-7236dab3-6653-4df7-90cc-b441df2ae75d ping -c1 10.11.200.1
PING 10.11.200.1 (10.11.200.1) 56(84) bytes of data.
64 bytes from 10.11.200.1: icmp_seq=1 ttl=64 time=0.049 ms
<snap>

In /var/log/neutron/server.log I found the following interesting logs 
when creating the external provider network:

<snip>
2016-01-29 13:35:58.842 8337 ERROR neutron.plugins.ml2.managers 
[req-6502530b-eb91-4c1d-85db-5555c9820e62 - - - - -] Failed to bind port 
041d3057-44a1-4aa5-ba00-aa97a28b3d64 on host 
controller.openstack.dfn-cert.de
2016-01-29 13:35:58.842 8337 ERROR neutron.plugins.ml2.managers 
[req-6502530b-eb91-4c1d-85db-5555c9820e62 - - - - -] Failed to bind port 
041d3057-44a1-4aa5-ba00-aa97a28b3d64 on host 
controller.openstack.dfn-cert.de
2016-01-29 13:35:58.864 8337 INFO neutron.plugins.ml2.plugin 
[req-6502530b-eb91-4c1d-85db-5555c9820e62 - - - - -] Attempt 2 to bind 
port 041d3057-44a1-4aa5-ba00-aa97a28b3d64
2016-01-29 13:36:00.230 8337 WARNING neutron.plugins.ml2.rpc 
[req-de947767-5bba-43f9-9313-26941c0a24d9 - - - - -] Device 
tap041d3057-44 requested by agent lb00221954bc3f on network 
1ff83e09-1777-4d53-95d8-bc3251eddbb1 not
bound, vif_type: binding_failed
<snap>

Here are the relevant configs:

<snip>
# cat /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = testnet

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = True
<snap>

<snip>
# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = testnet:eth0

[vxlan]
enable_vxlan = True
local_ip = 192.168.0.1
l2_population = True

[agent]
prevent_arp_spoofing = True

[securitygroup]
enable_security_group = True
firewall_driver = 
neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
<snap>

I guess there is somthing broken with a missing bridge. Perhaps a bridge 
which connects to the external, physical interface eth0.

When list the bridges on the controller I got this:

<snip>
[root at controller ~]# brctl show
bridge name     bridge id               STP enabled     interfaces
brqb7e5b2dd-0b          8000.0285d4793974       no      tap1f5c2967-bd
                                                         tapb1aeaf23-1b
                                                         vxlan-55
<snap>

As I mentioned I'm missing the external device eth0, which points to the 
external net.

somebody has an idea about this?

Many thanks in advance!

More information about the Openstack mailing list