<div dir="ltr">Thank you Andreas. I'll try it. I've opened new thread with additional info (here: <a href="http://lists.openstack.org/pipermail/openstack/2015-November/014564.html">http://lists.openstack.org/pipermail/openstack/2015-November/014564.html</a>) and subject: Vxlan/gre port is not created in br-tun Kilo. There are also config files.<div><br></div><div>Regards,</div><div>Amir</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Nov 12, 2015 at 10:17 AM, Andreas Scheuring <span dir="ltr"><<a href="mailto:scheuran@linux.vnet.ibm.com" target="_blank">scheuran@linux.vnet.ibm.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">What you see is the expected behavior. A Tun (vxlan/gre) port is created<br>
for each other Node (that runs the neutron-openvswitch-agent) in your<br>
Openstack Cluster. So if you have a single node - no other Openstack<br>
node - no tun port.<br>
<br>
It's not a use case that an external (non Openstack managed System) Node<br>
is participating in your Openstack internal tunnel network.<br>
<br>
The current ovs implementation knows exactly which vm is reachable via<br>
which mac on which other hypervisor via which tunnel port. All these<br>
logic is implemented via openflow rules, which steer the traffic to the<br>
correct tun device. Traffic that does not match those rules, will be<br>
dropped (I guess).<br>
<br>
You can only achieve this with an external vxlan network. I personally<br>
haven't tried this so far creating it with Openstack. But for a prove of<br>
concept you could create the tun port on your own on br-ex (instead of<br>
plugging your interface into br-ex).<br>
<br>
Hope this helps.<br>
<br>
<br>
<br>
--<br>
Andreas<br>
(IRC: scheuran)<br>
<span class=""><br>
<br>
<br>
On Do, 2015-11-12 at 09:36 +0100, Amir Huskić wrote:<br>
> Thank you all for suggestions and sorry for late answer. Now I have PC<br>
> with two interfaces; eth0 for br-ex (LAN) and eth1 for vxlan/gre<br>
> tunnel interface. Br-ex is working fine and also I can ping and access<br>
> VM using floating IP. But still facing issue with vxlan/gre tunnels.<br>
> Vxlan/gre port is not created on br-tun.<br>
><br>
><br>
> As I already wrote I'm trying to enable L2 connectivity between VMs<br>
> running on single node Openstack Kilo instalation (Devstack) and<br>
> external Linux host using vxlan/gre tunnel. Since there are now two<br>
> NICs I'll open new thread.<br>
><br>
><br>
> Regards,<br>
> Amir<br>
><br>
> On Mon, Oct 19, 2015 at 12:36 PM, Akash Gunjal <<a href="mailto:akgunjal@in.ibm.com">akgunjal@in.ibm.com</a>><br>
> wrote:<br>
> Hi Amir,<br>
><br>
> One point to check is the security rules set in your<br>
> controller. Check if you have set the ingress/egress rules set<br>
> for ICMP protocol (ping) which will otherwise block traffic<br>
> from external hosts to the tenant VM.<br>
><br>
> Regards,<br>
> Akash<br>
><br>
</span><span class="">> Inactive hide details for yatin kumbhare ---10/19/2015<br>
> 03:56:22 PM---Hi Amir, Not quite sure, as I haven't tried such<br>
</span>> a thing.yatin kumbhare ---10/19/2015 03:56:22 PM---Hi Amir,<br>
<span class="">> Not quite sure, as I haven't tried such a thing.<br>
><br>
> From: yatin kumbhare <<a href="mailto:yatinkumbhare@gmail.com">yatinkumbhare@gmail.com</a>><br>
> To: Amir Huskić <<a href="mailto:amir.huskic@gmail.com">amir.huskic@gmail.com</a>><br>
> Cc: "<a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>"<br>
> <<a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>><br>
> Date: 10/19/2015 03:56 PM<br>
> Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single<br>
> NIC setup<br>
><br>
><br>
><br>
</span>> ______________________________________________________________<br>
<div class="HOEnZb"><div class="h5">><br>
><br>
><br>
> Hi Amir,<br>
><br>
> Not quite sure, as I haven't tried such a thing.<br>
><br>
> but IMHO, you might require l2-gateway.<br>
><br>
> Kind of this: <a href="https://www.youtube.com/watch?v=74Wfr4myf5k" rel="noreferrer" target="_blank">https://www.youtube.com/watch?v=74Wfr4myf5k</a><br>
><br>
> Regards,<br>
> Yatin<br>
><br>
> On Mon, Oct 19, 2015 at 4:35 AM, Amir Huskić<br>
> <<a href="mailto:amir.huskic@gmail.com">amir.huskic@gmail.com</a>> wrote:<br>
> Hello James,<br>
><br>
> I use underscores in ml2 config file as You suggested.<br>
> Also made some changes in config file. Here is<br>
> available:<br>
> <a href="https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0" rel="noreferrer" target="_blank">https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0</a><br>
><br>
> Summary:<br>
> - can ping from OS host to external gw and external<br>
> linux host<br>
> - can ping from tenant VM to external gw and external<br>
> linux host<br>
> - can't ping OS host and tenant VM floating IP from<br>
> external linux host<br>
> - tcpdump on br-ex and eth0 interface is showing arp<br>
> request during ping request from linux external host<br>
> using vxlan segment<br>
><br>
> For additional info please check info from CLI screen<br>
> here:<br>
> <a href="https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0" rel="noreferrer" target="_blank">https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0</a><br>
><br>
> Accidently I deleted symbolic link in log files<br>
> pointing to agent log. Unfortunately I don't know how<br>
> to create it again with proper permissions. I tried<br>
> with chmod and chown using reference command but<br>
> without much success.<br>
><br>
> lrwxrwxrwx 1 amir amir 43 Sep 19 15:26<br>
> screen-n-sch.log<br>
> -> /opt/stack/logs/n-sch.log.2015-09-19-150746<br>
> -rw-r--r-- 1 amir amir 245730291 Okt 18 14:00<br>
> screen-q-agt.log<br>
> lrwxrwxrwx 1 amir amir 44 Sep 19 15:25<br>
> screen-q-dhcp.log<br>
> -> /opt/stack/logs/q-dhcp.log.2015-09-19-150746<br>
><br>
><br>
> Thank you for your help and time.<br>
><br>
> Kind regards,<br>
> Amir<br>
><br>
</div></div><div class="HOEnZb"><div class="h5">> On Wed, Oct 14, 2015 at 4:06 PM, James Denton<br>
> <<a href="mailto:james.denton@rackspace.com">james.denton@rackspace.com</a>> wrote:<br>
> Hi Amir,<br>
><br>
> A couple of recommendations:<br>
><br>
> - Your vxlan_group setting has an extra dot at the end<br>
> that may be causing issues:<br>
> [ml2_type_vxlan]<br>
> vxlan_group = 239.0.0.0.<br>
> - Your [OVS] block has some incorrect options. Use<br>
> underscores rather than spaces:<br>
> [ovs]<br>
> bridge_mappings = public:br-ex<br>
> local_ip = 192.168.100.100<br>
> vxlan_udp_port = 8472<br>
> tunnel type = vxlan<br>
> tunnel id ranges = 1001:2000<br>
> tenant network type = vxlan<br>
> enable tunneling = true<br>
> - Same goes for [agent] as well:<br>
> [agent]<br>
> tunnel_types = vxlan<br>
> root_helper_daemon =<br>
> sudo /usr/local/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf<br>
> root_helper =<br>
> sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf<br>
> #tunnel_types = vxlan<br>
> vxlan_udp_port = 8472<br>
> l2 population = false<br>
> Start by correcting those issues and restart the OVS<br>
> agents across your hosts. The agent log may be of help<br>
> here as well.<br>
><br>
> James<br>
> On Oct 14, 2015, at 2:38 AM, Amir<br>
> Huskić <<a href="mailto:amir.huskic@gmail.com">amir.huskic@gmail.com</a>> wrote:<br>
><br>
> Hello,<br>
><br>
> there is also my ml2_conf.ini<br>
> file: <a href="https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini" rel="noreferrer" target="_blank">https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini</a><br>
><br>
> Could problem be related to single NIC<br>
> installation? Is it possible to have<br>
> same interface for bridge mappings and<br>
> also for tunnel bridge? Example below:<br>
><br>
> bridge_mappings = public:br-ex<br>
> integration bridge = br-int<br>
> tunnel bridge = br-ex<br>
><br>
> Thank you.<br>
> Regards,<br>
> Amir<br>
><br>
><br>
> On Mon, Oct 12, 2015 at 3:53 PM, Amir<br>
> Huskić <<a href="mailto:amir.huskic@gmail.com">amir.huskic@gmail.com</a>> wrote:<br>
> Hi all,<br>
><br>
> I'm trying to setup up<br>
> Openstack test lab.<br>
><br>
> I deployed Openstack Kilo<br>
> (Devstack) on PC running<br>
> Ubuntu LTS 14.02 with single<br>
> NIC.<br>
> Tenants are isolated with<br>
> vxlan networks. I can ping<br>
> from VMs to external network<br>
> PCs, SSH login from external<br>
> PCs to tenants VMs floating IP<br>
> address, etc.<br>
><br>
> I would like also to connect<br>
> tenant VMs to external network<br>
> physical Linux host using<br>
> vxlan tunnel and have L2<br>
> connectivity between VM and<br>
> physical Linux host over L3<br>
> network.<br>
><br>
> Vxlan interface on Linux<br>
> physical host is up and<br>
> running. When I am trying to<br>
> ping from Linux physical host<br>
> to Openstack VM (not floating<br>
> IP) using same subnet L2<br>
> address (example ping from<br>
> 192.168.10.10 to<br>
> 192.168.10.11) UDP packets on<br>
> port 8472 are coming to<br>
> Openstack br-ex interface with<br>
> ARP request.<br>
><br>
> Problem is that I can't setup<br>
> vxlan tunnel on Openstack.<br>
> Command "sudo ovs-vsctl show"<br>
> doesn't show any vxlan<br>
> tunnels.<br>
> Also when I try to ping from<br>
> VM to Linux host using L2 IP<br>
> address (ping from<br>
> 192.168.10.11 to<br>
> 192.168.10.10) tcpdump on<br>
> br-ex doesn't show anything.<br>
><br>
> My ml2_conf.ini files is<br>
> configured following this<br>
> guide:<br>
> <a href="http://www.opencloudblog.com/?p=300" rel="noreferrer" target="_blank">http://www.opencloudblog.com/?p=300</a><br>
><br>
> Thanks in advance for your<br>
> help,<br>
><br>
> Regards,<br>
> Amir<br>
><br>
> _______________________________________________<br>
> Mailing list:<br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
> Post to :<br>
> <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
> Unsubscribe :<br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Mailing list:<br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
> Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
> Unsubscribe :<br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
> _______________________________________________<br>
> Mailing list:<br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
> Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
> Unsubscribe :<br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
> Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
> Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br>
</div></div></blockquote></div><br></div>