<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Hi, Robert<br>
    <br>
    Now I understands why it cannot ping external gateway.<br>
    l3-agent failed to set vlan tag on gateway ports on br-ex.<br>
    Now I can ping the ext gateway after running the command below.<br>
    ovs-vsctl set port qg-256b404e-50 tag=73<br>
    <br>
    Thanks<br>
    Tao<br>
    <div class="moz-cite-prefix">On 07/25/2014 09:39 AM, ZHOU TAO A
      wrote:<br>
    </div>
    <blockquote cite="mid:53D1B550.3060002@alcatel-lucent.com"
      type="cite">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      Hi, Robert<br>
      <br>
      I should have more introduction of my configuration.<br>
      <br>
      I have two physical switches.<br>
      <br>
      All eth0s connected to the first switch, all eth1s connected to
      the second switch.<br>
      <br>
      eth0 can connect to the external gateway through vlan 73, eth1 can
      connect to external gateway through vlan 74<br>
      <br>
      [root@ih-controller nova]# cat /proc/net/vlan/<br>
      config   eth1.74  <br>
      [root@ih-controller nova]# cat /proc/net/vlan/*<br>
      VLAN Dev name    | VLAN ID<br>
      Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD<br>
      eth1.74        | 74  | eth1<br>
      eth1.74  VID: 74         REORDER_HDR: 1  dev->priv_flags: 1<br>
               total frames received     28985786<br>
                total bytes received  26536401548<br>
            Broadcast/Multicast Rcvd     14856460<br>
      <br>
            total frames transmitted      7855954<br>
             total bytes transmitted    852065213<br>
                  total headroom inc            0<br>
                 total encap on xmit            0<br>
      Device: eth1<br>
      INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0<br>
       EGRESS priority mappings: <br>
      [root@ih-controller nova]# ip netns exec
      qrouter-e3119ff4-2fac-4226-9e63-009cfce8ac4c tcpdump<br>
      -enlpi qg-256b404e-50 arptcpdump: verbose output suppressed, use
      -v or -vv for full protocol decode<br>
      listening on usbmon1, link-type USB_LINUX_MMAPPED (USB with padded
      Linux header), capture size 65535 bytes<br>
      09:29:25.822677 CONTROL SUBMIT to 1:2:0<br>
      09:29:25.822838 CONTROL COMPLETE from 1:2:0<br>
      09:29:25.822869 CONTROL SUBMIT to 1:1:0<br>
      09:29:25.822869 CONTROL COMPLETE from 1:1:0<br>
      09:29:27.980731 INTERRUPT COMPLETE to 1:2:1<br>
      09:29:27.980735 CONTROL SUBMIT to 1:2:0<br>
      09:29:27.980908 CONTROL COMPLETE from 1:2:0<br>
      09:29:27.980964 CONTROL SUBMIT to 1:1:0<br>
      09:29:27.980969 CONTROL COMPLETE from 1:1:0<br>
      09:29:30.980679 INTERRUPT COMPLETE to 1:1:1<br>
      <br>
      Below is my /etc/neutron/plugin.ini<br>
      <br>
      [ml2]<br>
      type_drivers = vlan<br>
      tenant_network_types = vlan<br>
      mechanism_drivers = openvswitch<br>
      [ml2_type_flat]<br>
      [ml2_type_vlan]<br>
      network_vlan_ranges = physnet2:1:4000,physnet1<br>
      [ml2_type_gre]<br>
      [ml2_type_vxlan]<br>
      [securitygroup]<br>
      firewall_driver =
      neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver<br>
      enable_security_group = True<br>
      [ovs]<br>
      integration_bridge = br-int<br>
      bridge_mappings = physnet2:br-eth1,physnet1:br-ex<br>
      <br>
      Thanks<br>
      Tao<br>
      <div class="moz-forward-container"><br>
        <br>
        -------- Original Message --------
        <table class="moz-email-headers-table" border="0"
          cellpadding="0" cellspacing="0">
          <tbody>
            <tr>
              <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:

              </th>
              <td>Re: [Openstack] router cannot communicate with
                external</td>
            </tr>
            <tr>
              <th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date:
              </th>
              <td>Thu, 24 Jul 2014 23:22:43 +1200</td>
            </tr>
            <tr>
              <th align="RIGHT" nowrap="nowrap" valign="BASELINE">From:
              </th>
              <td>Robert Collins <a moz-do-not-send="true"
                  class="moz-txt-link-rfc2396E"
                  href="mailto:robertc@robertcollins.net"><robertc@robertcollins.net></a></td>
            </tr>
            <tr>
              <th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
              <td>ZHOU TAO A <a moz-do-not-send="true"
                  class="moz-txt-link-rfc2396E"
                  href="mailto:tao.a.zhou@alcatel-lucent.com"><tao.a.zhou@alcatel-lucent.com></a></td>
            </tr>
          </tbody>
        </table>
        <br>
        <br>
        <pre>On 24 July 2014 14:56, ZHOU TAO A <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:tao.a.zhou@alcatel-lucent.com"><tao.a.zhou@alcatel-lucent.com></a> wrote:
> Hi,
>
> I have installed icehouse with ovs vlan configuration.

We need to check your exterior bridge configuration. In icehouse when
using vlans the exterior bridge has to be layered on top of a tagging
device (e.g. a vconfig vlanXXXX device) - or you need to apply my
patch <a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://review.openstack.org/#/c/108494/">https://review.openstack.org/#/c/108494/</a> which teaches the l3
agent to setup an access port rather than an untagged port.

On the network node, please run
ip address
ovs-vsctl show
cat /proc/net/vlan/*

which should let us tell.

And/or we can also check by tcpdump:
ip netns exec qrouter-e3119ff4-2fac-4226-9e63-009cfce8ac4c tcpdump
-enlpi qg-256b404e-50 arp
and look at the frame types - you'll see .q tagged frames.

If you have a trunk port, you can use ovs-vsctl to do a quick manual fix:
ovs-vsctl set port qg-256b404e-50 tag=XX where XX is your vlan id, but
this will be lost if you fail the router over or the port is recreated
for any reason.

Alternatively you can remove whichever ethN device br-ex is on and add
a vconfig vlan port instead, or apply my patch above.

-Rob

> Network node and controller node coexists.
>
> The problem is I can ping the public IP address of my router but cannot ping
> external gateway from my instance.
>
> My instance has internal IP 192.48.1.51 and a floating IP 135.252.167.187.
> My router has subnet 192.48.1.0/24 and gateway 135.252.167.186
>
> [root@ih-controller neutron]# ip netns exec
> qrouter-e3119ff4-2fac-4226-9e63-009cfce8ac4c ping 135.252.167.1
> PING 135.252.167.1 (135.252.167.1) 56(84) bytes of data.
> From 135.252.167.186 icmp_seq=2 Destination Host Unreachable
> From 135.252.167.186 icmp_seq=3 Destination Host Unreachable
> From 135.252.167.186 icmp_seq=4 Destination Host Unreachable
>
>
> [root@ih-controller neutron]# neutron router-list
> +--------------------------------------+------------+-----------------------------------------------------------------------------+
> | id                                   | name       | external_gateway_info
> |
> +--------------------------------------+------------+-----------------------------------------------------------------------------+
> | e3119ff4-2fac-4226-9e63-009cfce8ac4c | router_ext | {"network_id":
> "0b78bc26-0374-47ed-8f0b-66d18e3bd86b", "enable_snat": true} |
> +--------------------------------------+------------+-----------------------------------------------------------------------------+
>
> ip netns exec qrouter-e3119ff4-2fac-4226-9e63-009cfce8ac4c ifconfig
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:4 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:448 (448.0 b)  TX bytes:448 (448.0 b)
>
> qg-256b404e-50 Link encap:Ethernet  HWaddr FA:16:3E:2A:D3:D0
>           inet addr:135.252.167.186  Bcast:135.252.167.255
> Mask:255.255.255.0
>           inet6 addr: fe80::f816:3eff:fe2a:d3d0/64 Scope:Link
>           UP BROADCAST RUNNING  MTU:1500  Metric:1
>           RX packets:191469 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1293 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:16274751 (15.5 MiB)  TX bytes:123922 (121.0 KiB)
>
> qr-c87773a3-79 Link encap:Ethernet  HWaddr FA:16:3E:03:42:C3
>           inet addr:192.48.1.254  Bcast:192.48.1.255  Mask:255.255.255.0
>           inet6 addr: fe80::f816:3eff:fe03:42c3/64 Scope:Link
>           UP BROADCAST RUNNING  MTU:1500  Metric:1
>           RX packets:1286 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:124478 (121.5 KiB)  TX bytes:1986 (1.9 KiB)
>
>
>
>
> _______________________________________________
> Mailing list: <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
> Post to     : <a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
> Unsubscribe : <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
>



-- 
Robert Collins <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:rbtcollins@hp.com"><rbtcollins@hp.com></a>
Distinguished Technologist
HP Converged Cloud
</pre>
        <br>
      </div>
      <br>
    </blockquote>
    <br>
  </body>
</html>