Neutron external connectivity to and from tenant VMs : Help
Hi, Neutron external network connection to and from instances.. Problem statement. I have deployed AIO on a Virtual Machine. (Created the demo networks, flavors and images by init-runonce script.) I created a cirros instance with a demo-net instance, and the instance is spawning with 10.0.0.0/24 ips. *inside the cirros Vm I am able to ping its own ip(10.0.0.73) and 10.0.0.1 and the "public1" network gateway 10.176.17.63 .. But unable to ping the Base VM IP 10.176.17.61* Any hints how I can reach the Base VM IP 10.176.17.61 ? from 10.0.0.73 and vice versa .. What steps I missed or I am unaware of? To get the external connection/ping/access..? I have referred many documents and I am at the end of the rope, but couldn't find a solution or what the exact issue is , any guidance much appreciated... Krish. If more information is required : There are two networks by default created 1. public1. with gateway as 10.176.17.63 public1-subnet <http://10.220.0.24/project/networks/subnets/3b9e11ae-4595-4e4c-ba71-1fba20999a00/detail> 10.176.16.0/23 IPv4 10.176.17.63 2. demo-net demo-subnet <http://10.220.0.24/project/networks/subnets/80e8d33e-6276-450b-bb46-76446dca2d51/detail> 10.0.0.0/24 IPv4 10.0.0.1 These are the values given in the " kolla_ansible_venv3/share/kolla-ansible/init-runonce" script.. ################################################################################# DEMO_NET_CIDR=${DEMO_NET_CIDR:-'10.0.0.0/24'} DEMO_NET_GATEWAY=${DEMO_NET_GATEWAY:-'10.0.0.1'} DEMO_NET_DNS=${DEMO_NET_DNS:-'8.8.8.8'} ENABLE_EXT_NET=${ENABLE_EXT_NET:-1} EXT_NET_CIDR=${EXT_NET_CIDR:-'10.176.17.0/23'} EXT_NET_RANGE=${EXT_NET_RANGE:-'start=10.176.17.62,end=10.176.17.80'} EXT_NET_GATEWAY=${EXT_NET_GATEWAY:-'10.176.16.1'} ################################################################################ Demo Router: (ee6500a8-039c) <http://10.220.0.24/project/networks/ports/ee6500a8-039c-4ceb-8dc0-b37e2c3a21de/detail> - 10.176.17.63 Active External Gateway UP (bb4c9437-82fa) <http://10.220.0.24/project/networks/ports/bb4c9437-82fa-4689-b125-9edc1987c383/detail> - 10.0.0.1 Active Internal Interface UP (kolla_ansible_venv3) ubuntu@ubuntu-VM:~$ grep ^[^#] /etc/kolla/globals.yml --- workaround_ansible_issue_8743: yes config_strategy: "COPY_ALWAYS" kolla_base_distro: "ubuntu" openstack_release: "2023.1" kolla_internal_vip_address: "10.220.0.24" // a free unused IP address in 10.220.0.0/24 segment. kolla_external_vip_address: "{{ kolla_internal_vip_address }}" kolla_container_engine: docker network_interface: "ens224" /// this vNIC is with ip 10.220.0.51 and without internet - a vlan segment for internal experiments. neutron_external_interface: "ens160" // this is the vNIC with my organization dhcp leased ip 10.176.17.61 assigned and up and running neutron_plugin_agent: "openvswitch" nova_compute_virt_type: "qemu" (kolla_ansible_venv3) ubuntu@ub Strange Behaviour: When I create another instance ( Cirros) with the network selected as " public1" network, the instance is spawning the horizon dashboard showing IP as 10.176.17.70 extTestVM <http://10.220.0.24/project/instances/9e744ab1-7a21-4d55-ad03-c01d5631657a/> cirros 10.176.17.70 But inside this VM $ ip a /// lists the IP address of this VM as 169.254.198.1/16 ?? why 169.254 .198.1/16 ? It should be 10.176.17.70 right ?? What's happening ?? Confused ..
Am I the first person to do AIO in the wrong way ? No response from the list/ community members !!! How can newbies get inlined in the complex OpenStack suite ? If there is a roadblock how can newbies get help if the learning curve is so steep ? Or is there any other platform / channels to ask openstack deployment questions? Pls let me know. Krish On Thu, Mar 14, 2024 at 2:44 PM KK CHN <kkchn.in@gmail.com> wrote:
Hi,
Neutron external network connection to and from instances..
Problem statement.
I have deployed AIO on a Virtual Machine. (Created the demo networks, flavors and images by init-runonce script.) I created a cirros instance with a demo-net instance, and the instance is spawning with 10.0.0.0/24 ips.
*inside the cirros Vm I am able to ping its own ip(10.0.0.73) and 10.0.0.1 and the "public1" network gateway 10.176.17.63 .. But unable to ping the Base VM IP 10.176.17.61*
Any hints how I can reach the Base VM IP 10.176.17.61 ? from 10.0.0.73 and vice versa ..
What steps I missed or I am unaware of? To get the external connection/ping/access..?
I have referred many documents and I am at the end of the rope, but couldn't find a solution or what the exact issue is , any guidance much appreciated...
Krish.
If more information is required :
There are two networks by default created
1. public1. with gateway as 10.176.17.63
public1-subnet <http://10.220.0.24/project/networks/subnets/3b9e11ae-4595-4e4c-ba71-1fba20999a00/detail> 10.176.16.0/23 IPv4 10.176.17.63 2. demo-net demo-subnet <http://10.220.0.24/project/networks/subnets/80e8d33e-6276-450b-bb46-76446dca2d51/detail> 10.0.0.0/24 IPv4 10.0.0.1
These are the values given in the " kolla_ansible_venv3/share/kolla-ansible/init-runonce" script..
################################################################################# DEMO_NET_CIDR=${DEMO_NET_CIDR:-'10.0.0.0/24'} DEMO_NET_GATEWAY=${DEMO_NET_GATEWAY:-'10.0.0.1'} DEMO_NET_DNS=${DEMO_NET_DNS:-'8.8.8.8'}
ENABLE_EXT_NET=${ENABLE_EXT_NET:-1} EXT_NET_CIDR=${EXT_NET_CIDR:-'10.176.17.0/23'} EXT_NET_RANGE=${EXT_NET_RANGE:-'start=10.176.17.62,end=10.176.17.80'} EXT_NET_GATEWAY=${EXT_NET_GATEWAY:-'10.176.16.1'}
################################################################################
Demo Router:
(ee6500a8-039c) <http://10.220.0.24/project/networks/ports/ee6500a8-039c-4ceb-8dc0-b37e2c3a21de/detail>
- 10.176.17.63
Active External Gateway UP
(bb4c9437-82fa) <http://10.220.0.24/project/networks/ports/bb4c9437-82fa-4689-b125-9edc1987c383/detail>
- 10.0.0.1
Active Internal Interface UP
(kolla_ansible_venv3) ubuntu@ubuntu-VM:~$ grep ^[^#] /etc/kolla/globals.yml --- workaround_ansible_issue_8743: yes config_strategy: "COPY_ALWAYS" kolla_base_distro: "ubuntu" openstack_release: "2023.1" kolla_internal_vip_address: "10.220.0.24" // a free unused IP address in 10.220.0.0/24 segment. kolla_external_vip_address: "{{ kolla_internal_vip_address }}" kolla_container_engine: docker network_interface: "ens224" /// this vNIC is with ip 10.220.0.51 and without internet - a vlan segment for internal experiments. neutron_external_interface: "ens160" // this is the vNIC with my organization dhcp leased ip 10.176.17.61 assigned and up and running neutron_plugin_agent: "openvswitch" nova_compute_virt_type: "qemu" (kolla_ansible_venv3) ubuntu@ub
Strange Behaviour: When I create another instance ( Cirros) with the network selected as " public1" network, the instance is spawning the horizon dashboard showing IP as 10.176.17.70
extTestVM <http://10.220.0.24/project/instances/9e744ab1-7a21-4d55-ad03-c01d5631657a/> cirros
10.176.17.70
But inside this VM $ ip a /// lists the IP address of this VM as 169.254.198.1/16 ?? why 169.254 .198.1/16 ? It should be 10.176.17.70 right ??
What's happening ?? Confused ..
Hi, On 3/15/24 2:00 AM, KK CHN wrote:
Am I the first person to do AIO in the wrong way ? No response from the list/ community members !!!
How can newbies get inlined in the complex OpenStack suite ? If there is a roadblock how can newbies get help if the learning curve is so steep ?
First, please be patient. The community tries to respond to all emails on this list, but it's on a best-effort basis, and since yesterday was a big release milestone priorities are on other things.
Or is there any other platform / channels to ask openstack deployment questions? Pls let me know.
This list is typically fine, but there are also irc channels for each project, for example #openstack-neutron or #openstack-nova, where the developers can typically be found. Other answers inline below, but be aware I do not deploy using Kolla so can't help at all there.
On Thu, Mar 14, 2024 at 2:44 PM KK CHN <kkchn.in@gmail.com <mailto:kkchn.in@gmail.com>> wrote:
Hi,
Neutron external network connection to and from instances..
Problem statement.
I have deployed AIO on a Virtual Machine. (Created the demo networks, flavors and images by init-runonce script.) I created a cirros instance with a demo-net instance, and the instance is spawning with 10.0.0.0/24 <http://10.0.0.0/24> ips.
*inside the cirros Vm I am able to ping its own ip(10.0.0.73) and 10.0.0.1 and the "public1" network gateway 10.176.17.63 .. But unable to ping the Base VM IP 10.176.17.61*
Any hints how I can reach the Base VM IP 10.176.17.61 ? from 10.0.0.73 and vice versa ..
Does that base VM have any iptables rules dropping ICMP? Have you tried looking at tcpdump traces?
What steps I missed or I am unaware of? To get the external connection/ping/access..?
I have referred many documents and I am at the end of the rope, but couldn't find a solution or what the exact issue is , any guidance much appreciated...
Krish.
If more information is required :
There are two networks by default created
1. public1. with gateway as 10.176.17.63
public1-subnet <http://10.220.0.24/project/networks/subnets/3b9e11ae-4595-4e4c-ba71-1fba20999a00/detail> 10.176.16.0/23 <http://10.176.16.0/23> IPv4 10.176.17.63
2. demo-net demo-subnet <http://10.220.0.24/project/networks/subnets/80e8d33e-6276-450b-bb46-76446dca2d51/detail> 10.0.0.0/24 <http://10.0.0.0/24> IPv4 10.0.0.1
These are the values given in the " kolla_ansible_venv3/share/kolla-ansible/init-runonce" script..
################################################################################# DEMO_NET_CIDR=${DEMO_NET_CIDR:-'10.0.0.0/24 <http://10.0.0.0/24>'} DEMO_NET_GATEWAY=${DEMO_NET_GATEWAY:-'10.0.0.1'} DEMO_NET_DNS=${DEMO_NET_DNS:-'8.8.8.8'}
ENABLE_EXT_NET=${ENABLE_EXT_NET:-1} EXT_NET_CIDR=${EXT_NET_CIDR:-'10.176.17.0/23 <http://10.176.17.0/23>'} EXT_NET_RANGE=${EXT_NET_RANGE:-'start=10.176.17.62,end=10.176.17.80'} EXT_NET_GATEWAY=${EXT_NET_GATEWAY:-'10.176.16.1'} ################################################################################
Demo Router:
(ee6500a8-039c) <http://10.220.0.24/project/networks/ports/ee6500a8-039c-4ceb-8dc0-b37e2c3a21de/detail>
* 10.176.17.63
Active External Gateway UP
(bb4c9437-82fa) <http://10.220.0.24/project/networks/ports/bb4c9437-82fa-4689-b125-9edc1987c383/detail>
* 10.0.0.1
Active Internal Interface UP
(kolla_ansible_venv3) ubuntu@ubuntu-VM:~$ grep ^[^#] /etc/kolla/globals.yml --- workaround_ansible_issue_8743: yes config_strategy: "COPY_ALWAYS" kolla_base_distro: "ubuntu" openstack_release: "2023.1" kolla_internal_vip_address: "10.220.0.24" // a free unused IP address in 10.220.0.0/24 <http://10.220.0.0/24> segment. kolla_external_vip_address: "{{ kolla_internal_vip_address }}" kolla_container_engine: docker network_interface: "ens224" /// this vNIC is with ip 10.220.0.51 and without internet - a vlan segment for internal experiments. neutron_external_interface: "ens160" // this is the vNIC with my organization dhcp leased ip 10.176.17.61 assigned and up and running neutron_plugin_agent: "openvswitch" nova_compute_virt_type: "qemu" (kolla_ansible_venv3) ubuntu@ub
Strange Behaviour: When I create another instance ( Cirros) with the network selected as " public1" network, the instance is spawning the horizon dashboard showing IP as 10.176.17.70
extTestVM <http://10.220.0.24/project/instances/9e744ab1-7a21-4d55-ad03-c01d5631657a/> cirros
10.176.17.70
But inside this VM $ ip a /// lists the IP address of this VM as 169.254.198.1/16 <http://169.254.198.1/16> ?? why 169.254 .198.1/16 ? It should be 10.176.17.70 right ??
That typically indicates DHCP failed. Does your public subnet have DHCP enabled? Or is your infrastructure providing it? -Brian
On 2024-03-15 10:36:20 -0400 (-0400), Brian Haley wrote:
On 3/15/24 2:00 AM, KK CHN wrote:
Am I the first person to do AIO in the wrong way ? No response from the list/ community members !!!
How can newbies get inlined in the complex OpenStack suite ? If there is a roadblock how can newbies get help if the learning curve is so steep ?
First, please be patient. The community tries to respond to all emails on this list, but it's on a best-effort basis, and since yesterday was a big release milestone priorities are on other things. [...]
I've snipped the technical troubleshooting suggestions since my reply is more of a general nature. You should also be aware that Internet networking is a very complicated subject, one some of us have spent decades-long careers learning and keeping on top of, so yes the learning curve *is* steep, and necessarily so. OpenStack lets you automate a lot of technologies, but it doesn't relieve you from the responsibility of understanding those technologies, nor can the OpenStack community teach them to you. There are volumes written on these subjects and you will spend years reading and experimenting in order to have any hope of using them effectively. The tools and knowledge you use to troubleshoot network problems in an OpenStack deployment will, for the most part, be the same tools and knowledge you use to troubleshoot network problems anywhere else. In order to ask intelligent questions about your problem, you'll need to demonstrate that you've already checked the things you would for similar problems in a non-OpenStack environment, and what you found when doing so. Then, OpenStack subject matter experts on this mailing list will be able to point out subtle places where your analysis of the problem falls short due to OpenStack-specific nuances. -- Jeremy Stanley
Hi, First of all thank you for the response, this is a great motivation that doesn't disappoint newbies with fear of giving a try, On Fri, Mar 15, 2024 at 8:06 PM Brian Haley <haleyb.dev@gmail.com> wrote:
Hi,
On 3/15/24 2:00 AM, KK CHN wrote:
Am I the first person to do AIO in the wrong way ? No response from the list/ community members !!!
How can newbies get inlined in the complex OpenStack suite ? If there is a roadblock how can newbies get help if the learning curve is so
steep ?
First, please be patient. The community tries to respond to all emails on this list, but it's on a best-effort basis, and since yesterday was a big release milestone priorities are on other things.
of course agreed. But certain mails are not even attended for weeks .. or forgotten and no response since. Don't know why but it creates a lack of confidence in newbies(I mean new to openstack, but in industry and FOSS for many years. )
Or is there any other platform / channels to ask openstack deployment questions? Pls let me know.
This list is typically fine, but there are also irc channels for each project, for example #openstack-neutron or #openstack-nova, where the developers can typically be found.
Other answers inline below, but be aware I do not deploy using Kolla so can't help at all there. ( Would like to know in production deployment which deployment method you use ?)
No problem. Just hints like these are enough to go way ahead. We really value these tips and answers to go ahead.
On Thu, Mar 14, 2024 at 2:44 PM KK CHN <kkchn.in@gmail.com <mailto:kkchn.in@gmail.com>> wrote:
Hi,
Neutron external network connection to and from instances..
Problem statement.
I have deployed AIO on a Virtual Machine. (Created the demo networks, flavors and images by init-runonce script.) I created a cirros instance with a demo-net instance, and the instance is spawning with 10.0.0.0/24 <http://10.0.0.0/24> ips.
*inside the cirros Vm I am able to ping its own ip(10.0.0.73) and 10.0.0.1 and the "public1" network gateway 10.176.17.63 .. But unable to ping the Base VM IP 10.176.17.61*
Any hints how I can reach the Base VM IP 10.176.17.61 ? from 10.0.0.73 and vice versa ..
Does that base VM have any iptables rules dropping ICMP? Have you tried looking at tcpdump traces?
Yes these hints are enough for the new ones to troubleshoot, I will start from this point.
What steps I missed or I am unaware of? To get the external
connection/ping/access..?
I have referred many documents and I am at the end of the rope, but couldn't find a solution or what the exact issue is , any guidance much appreciated...
Krish.
If more information is required :
There are two networks by default created
1. public1. with gateway as 10.176.17.63
public1-subnet <
http://10.220.0.24/project/networks/subnets/3b9e11ae-4595-4e4c-ba71-1fba20999a00/detail> 10.176.16.0/23 <http://10.176.16.0/23> IPv4 10.176.17.63
2. demo-net demo-subnet <
http://10.220.0.24/project/networks/subnets/80e8d33e-6276-450b-bb46-76446dca2d51/detail> 10.0.0.0/24 <http://10.0.0.0/24> IPv4 10.0.0.1
These are the values given in the " kolla_ansible_venv3/share/kolla-ansible/init-runonce" script..
#################################################################################
DEMO_NET_CIDR=${DEMO_NET_CIDR:-'10.0.0.0/24 <http://10.0.0.0/24>'} DEMO_NET_GATEWAY=${DEMO_NET_GATEWAY:-'10.0.0.1'} DEMO_NET_DNS=${DEMO_NET_DNS:-'8.8.8.8'}
ENABLE_EXT_NET=${ENABLE_EXT_NET:-1} EXT_NET_CIDR=${EXT_NET_CIDR:-'10.176.17.0/23 <http://10.176.17.0/23 '} EXT_NET_RANGE=${EXT_NET_RANGE:-'start=10.176.17.62,end=10.176.17.80'} EXT_NET_GATEWAY=${EXT_NET_GATEWAY:-'10.176.16.1'}
################################################################################
Demo Router:
(ee6500a8-039c) <
http://10.220.0.24/project/networks/ports/ee6500a8-039c-4ceb-8dc0-b37e2c3a21de/detail>
* 10.176.17.63
Active External Gateway UP
(bb4c9437-82fa) <
http://10.220.0.24/project/networks/ports/bb4c9437-82fa-4689-b125-9edc1987c383/detail>
* 10.0.0.1
Active Internal Interface UP
(kolla_ansible_venv3) ubuntu@ubuntu-VM:~$ grep ^[^#] /etc/kolla/globals.yml --- workaround_ansible_issue_8743: yes config_strategy: "COPY_ALWAYS" kolla_base_distro: "ubuntu" openstack_release: "2023.1" kolla_internal_vip_address: "10.220.0.24" // a free unused IP address in 10.220.0.0/24 <http://10.220.0.0/24> segment. kolla_external_vip_address: "{{ kolla_internal_vip_address }}" kolla_container_engine: docker network_interface: "ens224" /// this vNIC is with ip 10.220.0.51 and without internet - a vlan segment for internal experiments. neutron_external_interface: "ens160" // this is the vNIC with my organization dhcp leased ip 10.176.17.61 assigned and up and
running
neutron_plugin_agent: "openvswitch" nova_compute_virt_type: "qemu" (kolla_ansible_venv3) ubuntu@ub
Strange Behaviour: When I create another instance ( Cirros) with the network selected as " public1" network, the instance is spawning the horizon dashboard showing IP as 10.176.17.70
extTestVM <
http://10.220.0.24/project/instances/9e744ab1-7a21-4d55-ad03-c01d5631657a/> cirros
10.176.17.70
But inside this VM $ ip a /// lists the IP address of this VM as 169.254.198.1/16 <http://169.254.198.1/16> ?? why 169.254 .198.1/16 ? It should be 10.176.17.70 right ??
That typically indicates DHCP failed. Does your public subnet have DHCP enabled? Or is your infrastructure providing it?
yes, this was the problem. Thanks again for your good hints. -Brian
participants (3)
-
Brian Haley
-
Jeremy Stanley
-
KK CHN