<p dir="ltr">You should not use dhcp on br-ex. OpenStack will setup the ip for you when you create the neutron provider network and neutron router. I am in the same campus as you and can share you how to setup the network later face to face if you want.</p>
<p dir="ltr">Following document will be helpful to understand this scenario: <a href="http://docs.openstack.org/networking-guide/scenario_provider_ovs.html">http://docs.openstack.org/networking-guide/scenario_provider_ovs.html</a></p>
<p dir="ltr">Sam</p>
<div class="gmail_quote">On Sep 18, 2015 10:27 AM, "applyhhj" <<a href="mailto:applyhhj@163.com">applyhhj@163.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><u></u>
<div style="LINE-HEIGHT:1.3;BORDER-RIGHT-WIDTH:0px;MARGIN:12px;BORDER-TOP-WIDTH:0px;BORDER-BOTTOM-WIDTH:0px;BORDER-LEFT-WIDTH:0px" marginheight="0" marginwidth="0">
<div><font color="#000000" size="3" face="宋体">Thank you for your
reply. One more thing, I actually use "dhclient br-ex" to get ip from dhcp
server of our campus network. Is it ok to do so? Because some people think I
should not assign IP to the br-ex bridge. But in this case, the whole openstack
network is not able to access to the outside internet. </font></div>
<div> </div>
<div>Regards</div>
<div>hjh</div>
<div> </div>
<div align="left"><font color="#c0c0c0" size="2" face="Verdana">2015-09-18</font></div>
<div align="left"><font size="2" face="Verdana">
<hr style="WIDTH:122px;min-height:2px" align="left" size="2">
</font></div>
<div align="left"><font color="#c0c0c0" size="2" face="Verdana"><span>applyhhj</span></font></div>
<div><font size="2" face="Verdana">
<hr>
</font></div>
<div><font size="2" face="Verdana"><strong>发件人:</strong>Erdősi Péter
<<a href="mailto:fazy@niif.hu" target="_blank">fazy@niif.hu</a>></font></div>
<div><font size="2" face="Verdana"><strong>发送时间:</strong>2015-09-18 02:05</font></div>
<div><font size="2" face="Verdana"><strong>主题:</strong>Re: [Openstack] Please
help!!!!Openvswitch attacked by ICMP!!!!!!!</font></div>
<div><font size="2" face="Verdana"><strong>收件人:</strong>"applyhhj"<<a href="mailto:applyhhj@163.com" target="_blank">applyhhj@163.com</a>>,"openstack"<<a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a>></font></div>
<div><font size="2" face="Verdana"><strong>抄送:</strong></font></div>
<div><font size="2" face="Verdana"></font> </div>
<div><font size="2" face="Verdana">
<div>2015.09.17. 17:55 keltezéssel, applyhhj
írta:<br></div>
<blockquote type="cite">
<div><font color="#000000" size="3" face="宋体">I am using ubuntu 15.04 and I am
following Guidance for ubuntu 14.04. Configuration for eth2 is:</font></div>
<div> </div>
<div># external network interface<br>auto eth2<br>iface eth2
inet manual<br> up ip link set
dev $IFACE up<br> down ip link set
dev $IFACE down<br></div>
<div>By the way ther is no ip in eth2 after bridging it to
br-ex.</div></blockquote>It's totally normal... you do not need IP to br-ex, or
eth2...<br>Try to imagine this:<br><br>You have a (virtual) switch, and you have
ports on that...<br>Your goal is, give internet access to machines, which
"plugged" on this ports in the switch...<br><br>In the real life, you have to
use an "uplink" port, where packet goes, when the other machine is not directly
connected to switch...<br><br>The eth2 - br-ex situation is all the same... You
have a switch, and your uplink connection will be the eth2 interface the port is
the br-ex, and you put it togather, which does not require any layer 3 setup,
only the L2... (port is up, and capable to forward ethernet frames)<br>That's
why you only pull up the interface without IP address, cause nobody never needs
direct connection from eth2 to neutron host (you possibly have management
network for that)<br><br>Overall, i think, your configuration is good with eth2
and br-ex, without IP...<br><br>If I were you, I start to check traffic on all
interface (on network node, and qrouters also) and figure out, how this packet
came from, and what they want to reach... (not based on IP, only follow the ICMP
traffic path with tcpdump)<br><br>For example:<br>If your packets goes from/to
Internet from/to any VM, you must see traffic on eth2 and br-ex, and that
traffic also can be found in one of the qrouters, and somewhere beetween compute
and neutron node (based on isolation, what you choosen before)<br><br>Start a
few tcpdump, and track it down :)<br><br>Regards,
<br> Peter<br></font></div></div><br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div>