<html><head><meta http-equiv="Content-Type" content="text/html charset=euc-kr"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">currently.<div>l3_agent designed as serve all tenant's traffic or</div><div>per router per l3_agent by specify router_id in l3_agent.ini</div><div><br></div><div>so in current architecture. if you want deploy as production scale.</div><div>I think l3_agent must be dedicated to one router </div><div><br></div><div>or the another solution is needed(nvp, midonet, cisco ...) </div><div><br><div><div>2012. 11. 9., ¿ÀÈÄ 3:04, Sina Sadeghi <<a href="mailto:sina@aptira.com">sina@aptira.com</a>> ÀÛ¼º:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type">
<div bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">"I followed the instructions to add a
route from <a moz-do-not-send="true" href="http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_l3_agent_metadata.html" target="_blank">http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_l3_agent_metadata.html</a>
but I don't immediately see how the route add helped here - but it
has raised an eyebrow."<br>
<br>
Tell me about it!<br>
<br>
We wanted to use Quantum mostly so we could avoid being forced to
upgrade from nova-network later on. Once again the difference
between trunk (dev) and stable (ops) kills new OpenStack features
for early production adopters. There is no way we can offer this
to our customers. Are we expected to add a new route for every
subnet our customers create, across every compute node, on the fly
(including esoteric quantum port-list commands)?<br>
<br>
As for the idea of having one quantum-l3-agent that NATs traffic
for many compute nodes, I wasn't aware the concept of retro chic
applied to network topologies :(<br>
<br>
I shudder to think how this would operate at scale, so it looks
like we will be sticking to our nova-network VLAN configuration.<br>
<br>
<div class="moz-signature"><font face="Helvetica" size="2"><br>
--<br>
<b>Sina Sadeghi</b><br>
Lead Cloud Engineer<br>
<span><logo.jpg></span><br>
<b>Aptira Pty Ltd</b><br>
1800 APTIRA<br>
<a href="http://www.aptira.com/">aptira.com</a><br>
<a href="https://twitter.com/#/aptira">Follow @aptira</a><br>
</font><br>
</div>
On 08/11/12 22:54, Kevin Jackson wrote:<br>
</div>
<blockquote cite="mid:CACbLkckg3scBtNWoc6Ku6cAYSh67UHTjosQYC-SS6WCHSfHbgQ@mail.gmail.com" type="cite">Hi Stephen, <br>
This is what I get... (note change of namespace etc as this
machine is a VM that was recreated).<br>
<br>
root@openstack:~# ip netns list<br>
qdhcp-3f0a3d53-f3a4-4da8-a5e0-1a97b6e51424<br>
qrouter-f26858db-3ae8-431b-86a7-edab80834586<br>
<br>
root@openstack:~# ip netns exec
qrouter-f26858db-3ae8-431b-86a7-edab80834586 wget <a moz-do-not-send="true" href="http://172.16.0.210:8775/" target="_blank">http://172.16.0.210:8775/</a><br>
--2012-11-08 10:52:11-- <a moz-do-not-send="true" href="http://172.16.0.210:8775/" target="_blank">http://172.16.0.210:8775/</a><br>
Connecting to 172.16.0.210:8775... failed: No route to host.<br>
<br>
root@openstack:~# ip netns exec
qrouter-f26858db-3ae8-431b-86a7-edab80834586 ip
r <br>
default via 172.16.1.254 dev qg-c396e75e-38 <br>
<a moz-do-not-send="true" href="http://10.5.5.0/24" target="_blank">10.5.5.0/24</a> dev qr-031aafac-19 proto
kernel scope link src 10.5.5.1 <br>
<a moz-do-not-send="true" href="http://172.16.1.0/24" target="_blank">172.16.1.0/24</a> dev qg-c396e75e-38 proto
kernel scope link src 172.16.1.10 <br>
<br>
So it is a problem between my router and the physical network...
That <a moz-do-not-send="true" href="http://172.16.1.0/24" target="_blank">172.16.1.0/24</a> is an "ext-net" network
created with an external router. When I spin my instances up I
use the <a moz-do-not-send="true" href="http://10.5.5.0/24" target="_blank">10.5.5.0/24</a> "int-net" network.<br>
<br>
I followed the instructions to add a route from <a moz-do-not-send="true" href="http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_l3_agent_metadata.html" target="_blank">http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_l3_agent_metadata.html</a>
but I don't immediately see how the route add helped here - but it
has raised an eyebrow.<br>
<br>
The output of the port-list gave me 172.16.1.10 to use as the
$ROUTER_GW_IP - which is odd as that IP was set as my external
floating range start IP. Doing a traceroute to the 172.16.0.201
address from the router namespace went via 172.16.1.10... so I've
some things to play with for the time being...<br>
<br>
Thanks for your help so far. Is the Guardian looking at OpenStack
for any projects (I'm from TMG)?<br>
<br>
Cheers,<br>
Kev<br>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On 8 November 2012 10:49, Stephen Gran
<span dir="ltr"><<a moz-do-not-send="true" href="mailto:stephen.gran@guardian.co.uk" target="_blank">stephen.gran@guardian.co.uk</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>
Hi,
<div class="im"><br>
<br>
On Thu, 2012-11-08 at 10:02 +0000, Kevin Jackson wrote:<br>
<blockquote type="CITE"> Thanks for that - the namspace
thing is starting to make sense.<br>
So I see this rule in there now:<br>
<br>
Chain quantum-l3-agent-PREROUTING (1 references)<br>
pkts bytes target prot opt in out
source destination <br>
62 3720 DNAT tcp -- * * <a moz-do-not-send="true" href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>
169.254.169.254 tcp dpt:80 to:<a moz-do-not-send="true" href="http://172.16.0.201:8775/" target="_blank">172.16.0.201:8775</a><br>
<br>
But I never see a connection being made when I spin up
an instance. The instance reports no route to host.<br>
</blockquote>
<br>
</div>
It's unclear at this point if the problem is that your
instance can't reach it's gateway (the quantum router), or
if the quantum router can't reach the metadata server.<br>
<br>
try:<br>
ip netns exec qrouter-61245d6f-1195-4ca0-ba08-f0636f7d44c6
wget <a moz-do-not-send="true" href="http://172.16.0.201:8775/" target="_blank">http://172.16.0.201:8775/</a><br>
<br>
To rule out the latter so you know where to concentrate
your efforts.
<div>
<div class="h5"><br>
<table cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td>
<pre>--
Stephen Gran
Senior Systems Integrator - <a moz-do-not-send="true" href="http://guardian.co.uk/" target="_blank">guardian.co.uk</a>
</pre>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
<div class="HOEnZb">
<div class="h5">
<pre>Please consider the environment before printing this email.
------------------------------------------------------------------
Visit <a moz-do-not-send="true" href="http://guardian.co.uk/" target="_blank">guardian.co.uk</a> - website of the year
<a moz-do-not-send="true" href="http://www.guardian.co.uk/" target="_blank">www.guardian.co.uk</a> <a moz-do-not-send="true" href="http://www.observer.co.uk/" target="_blank">www.observer.co.uk</a> <a moz-do-not-send="true" href="http://www.guardiannews.com/" target="_blank">www.guardiannews.com</a>
On your mobile, visit <a moz-do-not-send="true" href="http://m.guardian.co.uk/" target="_blank">m.guardian.co.uk</a> or download the Guardian
iPhone app <a moz-do-not-send="true" href="http://www.guardian.co.uk/iphone" target="_blank">www.guardian.co.uk/iphone</a> and iPad edition <a moz-do-not-send="true" href="http://www.guardian.co.uk/iPad" target="_blank">www.guardian.co.uk/iPad</a>
Save up to 37% by subscribing to the Guardian and Observer - choose the papers you want and get full digital access.
Visit <a moz-do-not-send="true" href="http://guardian.co.uk/subscribe" target="_blank">guardian.co.uk/subscribe</a>
---------------------------------------------------------------------
This e-mail and all attachments are confidential and may also
be privileged. If you are not the named recipient, please notify
the sender and delete the e-mail and all attachments immediately.
Do not disclose the contents to another person. You may not use
the information for any purpose, or store, or copy, it in any way.
Guardian News & Media Limited is not liable for any computer
viruses or other material transmitted with or as part of this
e-mail. You should employ virus checking software.
Guardian News & Media Limited
A member of Guardian Media Group plc
Registered Office
PO Box 68164
Kings Place
90 York Way
London
N1P 2AP
Registered in England Number 908396
</pre>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
Kevin Jackson<br>
@itarchitectkev<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a>
More help : <a class="moz-txt-link-freetext" href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a>
</pre>
</blockquote>
<br>
</div>
_______________________________________________<br>Mailing list: <a href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a><br>Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>Unsubscribe : <a href="https://launchpad.net/~openstack">https://launchpad.net/~openstack</a><br>More help : <a href="https://help.launchpad.net/ListHelp">https://help.launchpad.net/ListHelp</a><br></blockquote></div><br></div></body></html>