<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Did you follow the networking guide
<a class="moz-txt-link-freetext" href="https://docs.openstack.org/devstack/latest/guides/neutron.html">https://docs.openstack.org/devstack/latest/guides/neutron.html</a>? It
has instructions for single- and multiple-NIC nodes.<br>
</p>
<p>I believe the secret is in this setting:<br>
</p>
<pre><span class="n">PUBLIC_INTERFACE</span><span class="o">=</span><span class="n">eth0
</span></pre>
<p>Plugging your eno2 into the bridge is not enough; as far as I
understand it, you also need to move the IP address to the bridge
and ensure that the bridge is UP. Perhaps the routing table must
be tweaked as well, but in any case, the guides should achieve
your goal.</p>
<p>Bernd Bausch<br>
<span class="n"></span></p>
<br>
<div class="moz-cite-prefix">On 6/15/2018 7:34 PM,
<a class="moz-txt-link-abbreviated" href="mailto:Dave.Chen@Dell.com">Dave.Chen@Dell.com</a> wrote:<br>
</div>
<blockquote type="cite"
cite="mid:8ef87a50c8b340c5aa8fb459baf16166@KULX13MDC117.APAC.DELL.COM">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:DengXian;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"\@DengXian";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.EmailStyle18
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hi All,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Let me brief my question, I have two NIC
ports, one is connect to internal (eno1) and the other (eno2)
is external, my openstack cluster is based on the devstack and
neutron is configured as OVS + vxlan, How can I make my VM
could be able to access external with eno2 port? <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I tried to add the port to br-ex but it
seems doesn’t work, the VM still go to the default route on
the physical node which is via eno1.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">$ ovs-vsctl add-port br-ex eno2<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks in the advance for any comments!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Best Regards,<o:p></o:p></p>
<p class="MsoNormal">Dave Chen<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b>From:</b> Chen2, Dave <br>
<b>Sent:</b> Friday, June 15, 2018 4:17 PM<br>
<b>To:</b> '<a class="moz-txt-link-abbreviated" href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a>'<br>
<b>Cc:</b> Chen2, Dave<br>
<b>Subject:</b> [neutron] Question on the OVS
configuration<o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Dear folks, <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I have setup a pretty simple OpenStack
cluster in our lab based on devstack, couples of guest VM are
running on one controller node (this doesn’t looks like a
right behavior anyway), the Neutron network is configured as
OVS + vxlan, the bridge “br-ex” configured as below:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> Bridge br-ex<o:p></o:p></p>
<p class="MsoNormal"> Controller "tcp:127.0.0.1:6633"<o:p></o:p></p>
<p class="MsoNormal"> is_connected: true<o:p></o:p></p>
<p class="MsoNormal"> fail_mode: secure<o:p></o:p></p>
<p class="MsoNormal"> Port phy-br-ex<o:p></o:p></p>
<p class="MsoNormal"> Interface phy-br-ex<o:p></o:p></p>
<p class="MsoNormal"> type: patch<o:p></o:p></p>
<p class="MsoNormal"> options: {peer=int-br-ex}<o:p></o:p></p>
<p class="MsoNormal"> Port br-ex<o:p></o:p></p>
<p class="MsoNormal"> Interface br-ex<o:p></o:p></p>
<p class="MsoNormal"> type: internal<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:9.75pt">ovs_version:
"2.8.0"<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:9.75pt"><o:p> </o:p></p>
<p class="MsoNormal" style="text-indent:9.75pt"><o:p> </o:p></p>
<p class="MsoNormal" style="text-indent:9.75pt"><o:p> </o:p></p>
<p class="MsoNormal">As you see, there is no external physical
NIC bound to “br-ex”, so I guess the traffic from the VM to
external will use the default route set on the controller
node, since there is a NIC (eno2) that can access external so
I bind it to “br-ex” like this: ovs-vsctl add-port br-ex eno2.
now the “br-ex” is configured as below: <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"> Bridge br-ex<o:p></o:p></p>
<p class="MsoNormal"> Controller "tcp:127.0.0.1:6633"<o:p></o:p></p>
<p class="MsoNormal"> is_connected: true<o:p></o:p></p>
<p class="MsoNormal"> fail_mode: secure<o:p></o:p></p>
<p class="MsoNormal"> Port phy-br-ex<o:p></o:p></p>
<p class="MsoNormal"> Interface phy-br-ex<o:p></o:p></p>
<p class="MsoNormal"> type: patch<o:p></o:p></p>
<p class="MsoNormal"> options: {peer=int-br-ex}<o:p></o:p></p>
<p class="MsoNormal"> *<b>Port "eno2"</b>*<o:p></o:p></p>
<p class="MsoNormal"> Interface "eno2"<o:p></o:p></p>
<p class="MsoNormal"> Port br-ex<o:p></o:p></p>
<p class="MsoNormal"> Interface br-ex<o:p></o:p></p>
<p class="MsoNormal"> type: internal<o:p></o:p></p>
<p class="MsoNormal"> ovs_version: "2.8.0"<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Looks like this is how it should be
configured according to lots of wiki/blog suggestion I have
googled, but it doesn’t work as expected, ping from the VM,
the tcpdump shows the traffic still go the “eno1” which is the
default route on the controller node. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Inside of VM<o:p></o:p></p>
<p class="MsoNormal">ubuntu@test-br:~$ ping 8.8.8.8<o:p></o:p></p>
<p class="MsoNormal">PING 8.8.8.8 (8.8.8.8) 56(84) bytes of
data.<o:p></o:p></p>
<p class="MsoNormal">64 bytes from 8.8.8.8: icmp_seq=1 ttl=38
time=168 ms<o:p></o:p></p>
<p class="MsoNormal">64 bytes from 8.8.8.8: icmp_seq=2 ttl=38
time=168 ms<o:p></o:p></p>
<p class="MsoNormal">…<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Dump the traffic on the “eno2”, got nothing<o:p></o:p></p>
<p class="MsoNormal">$ sudo tcpdump -nn -i eno2 icmp<o:p></o:p></p>
<p class="MsoNormal">tcpdump: verbose output suppressed, use -v
or -vv for full protocol decode<o:p></o:p></p>
<p class="MsoNormal">listening on eno2, link-type EN10MB
(Ethernet), capture size 262144 bytes<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:9.75pt">…<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:9.75pt"><o:p> </o:p></p>
<p class="MsoNormal">Dump the traffic on the “eno1” (internal
NIC), catch it!<o:p></o:p></p>
<p class="MsoNormal">$ sudo tcpdump -nn -i eno1 icmp<o:p></o:p></p>
<p class="MsoNormal">tcpdump: verbose output suppressed, use -v
or -vv for full protocol decode<o:p></o:p></p>
<p class="MsoNormal">listening on eno1, link-type EN10MB
(Ethernet), capture size 262144 bytes<o:p></o:p></p>
<p class="MsoNormal">16:08:59.609888 IP 192.168.20.132 >
8.8.8.8: ICMP echo request, id 1439, seq 1, length 64<o:p></o:p></p>
<p class="MsoNormal">16:08:59.781042 IP 8.8.8.8 >
192.168.20.132: ICMP echo reply, id 1439, seq 1, length 64<o:p></o:p></p>
<p class="MsoNormal">16:09:00.611453 IP 192.168.20.132 >
8.8.8.8: ICMP echo request, id 1439, seq 2, length 64<o:p></o:p></p>
<p class="MsoNormal">16:09:00.779550 IP 8.8.8.8 >
192.168.20.132: ICMP echo reply, id 1439, seq 2, length 64<o:p></o:p></p>
<p class="MsoNormal" style="text-indent:9.75pt"><o:p> </o:p></p>
<p class="MsoNormal" style="text-indent:9.75pt"><o:p> </o:p></p>
<p class="MsoNormal">$ sudo ip route<o:p></o:p></p>
<p class="MsoNormal">default via 192.168.18.1 dev eno1 proto
static metric 100<o:p></o:p></p>
<p class="MsoNormal">default via 192.168.8.1 dev eno2 proto
static metric 101<o:p></o:p></p>
<p class="MsoNormal">169.254.0.0/16 dev docker0 scope link
metric 1000 linkdown<o:p></o:p></p>
<p class="MsoNormal">172.17.0.0/16 dev docker0 proto kernel
scope link src 172.17.0.1 linkdown<o:p></o:p></p>
<p class="MsoNormal">192.168.8.0/24 dev eno2 proto kernel
scope link src 192.168.8.101 metric 100<o:p></o:p></p>
<p class="MsoNormal">192.168.16.0/21 dev eno1 proto kernel
scope link src 192.168.20.132 metric 100<o:p></o:p></p>
<p class="MsoNormal">192.168.42.0/24 dev br-ex proto kernel
scope link src 192.168.42.1<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">What’s going wrong here? Do I miss
something? Or some service need to be restarted?
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Anyone could help me out? This question
made me sick for many days! Huge thanks in the advance!<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Best Regards,<o:p></o:p></p>
<p class="MsoNormal">Dave <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<!--'"--><br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<br>
</body>
</html>