[neutron][ovs] br-tun bridge setup
Hi all, I'm setting up neutron and ovs and I can't make br-tun work and pick up the ip address configured in openvswitch_agent.ini file. If I tcpdump br-tun tcpdump -l -n -i br-tun 'port 4789' I don't see any traffic getting through however(it goes through the physical interface) if I spin up a vm, it reaches the internet, I can ping it from another machine after allocating a floating ip but can't ssh into it. Can anyone please share the /etc/network/interfaces file configuration for br-tun? Should the br-tun ip address be configured on the bridge or in the physical interface the bridge is attached to? Should the vxlan traffic go through br-tun bridge? Thanks Jaime -- salu2 Jaime
Hi, br-tun is set up by Neutron ovs-agent, so you don't have to touch it. In your ml2_conf.ini you should have a tunnel_bridge and a local_ip cfg option which will result in an interface on br-tun like this one (in case of vxlan tunnels): ... Bridge br-tun .... Port vxlan-646d00dd Interface vxlan-646d00dd type: vxlan options: {df_default="true", egress_pkt_mark="0", in_key=flow, local_ip="local_ip", out_key=flow, remote_ip="<ip of another host on which you have ovs agent>"} So if you have tunnel_types = vxlan,gre, you will have a vxlan-xyz and one gre-abcd port in br-tun. Best wishes Lajos Katona (lajoskatona) Jaime Ibar <jim2k7@gmail.com> ezt írta (időpont: 2024. febr. 21., Sze, 15:28):
Hi all,
I'm setting up neutron and ovs and I can't make br-tun work and pick up the ip address configured in openvswitch_agent.ini file. If I tcpdump br-tun
tcpdump -l -n -i br-tun 'port 4789'
I don't see any traffic getting through however(it goes through the physical interface) if I spin up a vm, it reaches the internet, I can ping it from another machine after allocating a floating ip but can't ssh into it.
Can anyone please share the /etc/network/interfaces file configuration for br-tun? Should the br-tun ip address be configured on the bridge or in the physical interface the bridge is attached to? Should the vxlan traffic go through br-tun bridge?
Thanks Jaime
-- salu2
Jaime
Hi Lajos, so then all the vxlan traffic should go through the br-tun bridge, right? Thanks Jaime On 22/02/2024 12:51, Lajos Katona wrote:
Hi, br-tun is set up by Neutron ovs-agent, so you don't have to touch it. In your ml2_conf.ini you should have a tunnel_bridge and a local_ip cfg option which will result in an interface on br-tun like this one (in case of vxlan tunnels): ... Bridge br-tun .... Port vxlan-646d00dd Interface vxlan-646d00dd type: vxlan options: {df_default="true", egress_pkt_mark="0", in_key=flow, local_ip="local_ip", out_key=flow, remote_ip="<ip of another host on which you have ovs agent>"}
So if you have tunnel_types = vxlan,gre, you will have a vxlan-xyz and one gre-abcd port in br-tun.
Best wishes Lajos Katona (lajoskatona)
Jaime Ibar <jim2k7@gmail.com> ezt írta (időpont: 2024. febr. 21., Sze, 15:28):
Hi all,
I'm setting up neutron and ovs and I can't make br-tun work and pick up the ip address configured in openvswitch_agent.ini file. If I tcpdump br-tun
tcpdump -l -n -i br-tun 'port 4789'
I don't see any traffic getting through however(it goes through the physical interface) if I spin up a vm, it reaches the internet, I can ping it from another machine after allocating a floating ip but can't ssh into it.
Can anyone please share the /etc/network/interfaces file configuration for br-tun? Should the br-tun ip address be configured on the bridge or in the physical interface the bridge is attached to? Should the vxlan traffic go through br-tun bridge?
Thanks Jaime
-- salu2
Jaime
-- Jaime
Hi Lajos, if I don't configure the iface, I get this error in neutron openvswitch logs ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [-] Tunneling can't be enabled with invalid local_ip 'X.X.X.X'. IP couldn't be found on this host's interfaces. Any idea how to solve it? Thanks Jaime On 22/02/2024 12:51, Lajos Katona wrote:
Hi, br-tun is set up by Neutron ovs-agent, so you don't have to touch it. In your ml2_conf.ini you should have a tunnel_bridge and a local_ip cfg option which will result in an interface on br-tun like this one (in case of vxlan tunnels): ... Bridge br-tun .... Port vxlan-646d00dd Interface vxlan-646d00dd type: vxlan options: {df_default="true", egress_pkt_mark="0", in_key=flow, local_ip="local_ip", out_key=flow, remote_ip="<ip of another host on which you have ovs agent>"}
So if you have tunnel_types = vxlan,gre, you will have a vxlan-xyz and one gre-abcd port in br-tun.
Best wishes Lajos Katona (lajoskatona)
Jaime Ibar <jim2k7@gmail.com> ezt írta (időpont: 2024. febr. 21., Sze, 15:28):
Hi all,
I'm setting up neutron and ovs and I can't make br-tun work and pick up the ip address configured in openvswitch_agent.ini file. If I tcpdump br-tun
tcpdump -l -n -i br-tun 'port 4789'
I don't see any traffic getting through however(it goes through the physical interface) if I spin up a vm, it reaches the internet, I can ping it from another machine after allocating a floating ip but can't ssh into it.
Can anyone please share the /etc/network/interfaces file configuration for br-tun? Should the br-tun ip address be configured on the bridge or in the physical interface the bridge is attached to? Should the vxlan traffic go through br-tun bridge?
Thanks Jaime
-- salu2
Jaime
-- Jaime
Hi Jaime, On 2/22/24 11:34 AM, Jaime Ibar wrote:
Hi Lajos,
if I don't configure the iface, I get this error in neutron openvswitch logs
ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [-] Tunneling can't be enabled with invalid local_ip 'X.X.X.X'. IP couldn't be found on this host's interfaces.
Any idea how to solve it?
local_ip should be an IP configured on a physical interface. One thing I noticed from your original email:
I can ping it from another machine after allocating a floating ip but can't ssh into it.
That is typically one of two things - a missing security group rule or an MTU issue. -Brian
On 22/02/2024 12:51, Lajos Katona wrote:
Hi, br-tun is set up by Neutron ovs-agent, so you don't have to touch it. In your ml2_conf.ini you should have a tunnel_bridge and a local_ip cfg option which will result in an interface on br-tun like this one (in case of vxlan tunnels): ... Bridge br-tun .... Port vxlan-646d00dd Interface vxlan-646d00dd type: vxlan options: {df_default="true", egress_pkt_mark="0", in_key=flow, local_ip="local_ip", out_key=flow, remote_ip="<ip of another host on which you have ovs agent>"}
So if you have tunnel_types = vxlan,gre, you will have a vxlan-xyz and one gre-abcd port in br-tun.
Best wishes Lajos Katona (lajoskatona)
Jaime Ibar <jim2k7@gmail.com> ezt írta (időpont: 2024. febr. 21., Sze, 15:28):
Hi all,
I'm setting up neutron and ovs and I can't make br-tun work and pick up the ip address configured in openvswitch_agent.ini file. If I tcpdump br-tun
tcpdump -l -n -i br-tun 'port 4789'
I don't see any traffic getting through however(it goes through the physical interface) if I spin up a vm, it reaches the internet, I can ping it from another machine after allocating a floating ip but can't ssh into it.
Can anyone please share the /etc/network/interfaces file configuration for br-tun? Should the br-tun ip address be configured on the bridge or in the physical interface the bridge is attached to? Should the vxlan traffic go through br-tun bridge?
Thanks Jaime
-- salu2
Jaime
-- Jaime
Hi Brian, re local_ip, does the br-tun have to be configured as well and the physical interface attached to it or just the physical interface only? auto ifacename iface ifacename inet static address netmask Re security groups, I had to configure icmp group for allowing ping to get through however in case of ssh, default is configured so ssh traffic should get through with no issues. I'll check the mtu thing. Thanks Jaime On 22/02/2024 21:51, Brian Haley wrote:
Hi Jaime,
On 2/22/24 11:34 AM, Jaime Ibar wrote:
Hi Lajos,
if I don't configure the iface, I get this error in neutron openvswitch logs
ERROR neutron.plugins.ml2.drivers.openvswitch.agent.ovs_neutron_agent [-] Tunneling can't be enabled with invalid local_ip 'X.X.X.X'. IP couldn't be found on this host's interfaces.
Any idea how to solve it?
local_ip should be an IP configured on a physical interface.
One thing I noticed from your original email:
I can ping it from another machine after allocating a floating ip but can't ssh into it.
That is typically one of two things - a missing security group rule or an MTU issue.
-Brian
On 22/02/2024 12:51, Lajos Katona wrote:
Hi, br-tun is set up by Neutron ovs-agent, so you don't have to touch it. In your ml2_conf.ini you should have a tunnel_bridge and a local_ip cfg option which will result in an interface on br-tun like this one (in case of vxlan tunnels): ... Bridge br-tun .... Port vxlan-646d00dd Interface vxlan-646d00dd type: vxlan options: {df_default="true", egress_pkt_mark="0", in_key=flow, local_ip="local_ip", out_key=flow, remote_ip="<ip of another host on which you have ovs agent>"}
So if you have tunnel_types = vxlan,gre, you will have a vxlan-xyz and one gre-abcd port in br-tun.
Best wishes Lajos Katona (lajoskatona)
Jaime Ibar <jim2k7@gmail.com> ezt írta (időpont: 2024. febr. 21., Sze, 15:28):
Hi all,
I'm setting up neutron and ovs and I can't make br-tun work and pick up the ip address configured in openvswitch_agent.ini file. If I tcpdump br-tun
tcpdump -l -n -i br-tun 'port 4789'
I don't see any traffic getting through however(it goes through the physical interface) if I spin up a vm, it reaches the internet, I can ping it from another machine after allocating a floating ip but can't ssh into it.
Can anyone please share the /etc/network/interfaces file configuration for br-tun? Should the br-tun ip address be configured on the bridge or in the physical interface the bridge is attached to? Should the vxlan traffic go through br-tun bridge?
Thanks Jaime
-- salu2
Jaime
-- Jaime
-- Jaime
participants (3)
-
Brian Haley
-
Jaime Ibar
-
Lajos Katona