<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<STYLE type=text/css> <!--@import url(scrollbar.css); --></STYLE>
<META content="text/html; charset=utf-8" http-equiv=Content-Type>
<STYLE> body{FONT-SIZE:12pt; FONT-FAMILY:宋体,serif;} </STYLE>
<META name=GENERATOR content="MSHTML 8.00.7601.18969"><BASE
target=_blank></HEAD>
<BODY
style="LINE-HEIGHT: 1.3; BORDER-RIGHT-WIDTH: 0px; MARGIN: 12px; BORDER-TOP-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; BORDER-LEFT-WIDTH: 0px"
marginheight="0" marginwidth="0">
<DIV><FONT color=#000000 size=3 face=宋体>Thank you for your
reply. One more thing, I actually use "dhclient br-ex" to get ip from dhcp
server of our campus network. Is it ok to do so? Because some people think I
should not assign IP to the br-ex bridge. But in this case, the whole openstack
network is not able to access to the outside internet. </FONT></DIV>
<DIV> </DIV>
<DIV>Regards</DIV>
<DIV>hjh</DIV>
<DIV> </DIV>
<DIV align=left><FONT color=#c0c0c0 size=2 face=Verdana>2015-09-18</FONT></DIV>
<DIV align=left><FONT size=2 face=Verdana>
<HR style="WIDTH: 122px; HEIGHT: 2px" id=SignNameHR align=left SIZE=2>
</FONT></DIV>
<DIV align=left><FONT color=#c0c0c0 size=2 face=Verdana><SPAN
id=_FlashSignName>applyhhj</SPAN></FONT></DIV>
<DIV><FONT size=2 face=Verdana>
<HR>
</FONT></DIV>
<DIV><FONT size=2 face=Verdana><STRONG>发件人:</STRONG>Erdősi Péter
<fazy@niif.hu></FONT></DIV>
<DIV><FONT size=2
face=Verdana><STRONG>发送时间:</STRONG>2015-09-18 02:05</FONT></DIV>
<DIV><FONT size=2 face=Verdana><STRONG>主题:</STRONG>Re: [Openstack] Please
help!!!!Openvswitch attacked by ICMP!!!!!!!</FONT></DIV>
<DIV><FONT size=2
face=Verdana><STRONG>收件人:</STRONG>"applyhhj"<applyhhj@163.com>,"openstack"<openstack@lists.openstack.org></FONT></DIV>
<DIV><FONT size=2 face=Verdana><STRONG>抄送:</STRONG></FONT></DIV>
<DIV><FONT size=2 face=Verdana></FONT> </DIV>
<DIV><FONT size=2 face=Verdana>
<DIV class=moz-cite-prefix>2015.09.17. 17:55 keltezéssel, applyhhj
írta:<BR></DIV>
<BLOCKQUOTE cite=mid:56ebb66e.7401.14fdc0481ce.Coremail.applyhhj@163.com
type="cite">
<DIV><FONT color=#000000 size=3 face=宋体>I am using ubuntu 15.04 and I am
following Guidance for ubuntu 14.04. Configuration for eth2 is:</FONT></DIV>
<DIV> </DIV>
<DIV># external network interface<BR>auto eth2<BR>iface eth2
inet manual<BR> up ip link set
dev $IFACE up<BR> down ip link set
dev $IFACE down<BR></DIV>
<DIV>By the way ther is no ip in eth2 after bridging it to
br-ex.</DIV></BLOCKQUOTE>It's totally normal... you do not need IP to br-ex, or
eth2...<BR>Try to imagine this:<BR><BR>You have a (virtual) switch, and you have
ports on that...<BR>Your goal is, give internet access to machines, which
"plugged" on this ports in the switch...<BR><BR>In the real life, you have to
use an "uplink" port, where packet goes, when the other machine is not directly
connected to switch...<BR><BR>The eth2 - br-ex situation is all the same... You
have a switch, and your uplink connection will be the eth2 interface the port is
the br-ex, and you put it togather, which does not require any layer 3 setup,
only the L2... (port is up, and capable to forward ethernet frames)<BR>That's
why you only pull up the interface without IP address, cause nobody never needs
direct connection from eth2 to neutron host (you possibly have management
network for that)<BR><BR>Overall, i think, your configuration is good with eth2
and br-ex, without IP...<BR><BR>If I were you, I start to check traffic on all
interface (on network node, and qrouters also) and figure out, how this packet
came from, and what they want to reach... (not based on IP, only follow the ICMP
traffic path with tcpdump)<BR><BR>For example:<BR>If your packets goes from/to
Internet from/to any VM, you must see traffic on eth2 and br-ex, and that
traffic also can be found in one of the qrouters, and somewhere beetween compute
and neutron node (based on isolation, what you choosen before)<BR><BR>Start a
few tcpdump, and track it down :)<BR><BR>Regards,
<BR> Peter<BR></FONT></DIV></BODY></HTML>