[openstack-dev] [tricircle] Easy Way to Test Tricircle North-South L3 Networking

Vega Cai luckyvega.g at gmail.com
Tue May 3 08:49:09 UTC 2016

Hi all,

Just would like to share a way to test Tricircle north-south L3 networking
without requiring the third interface.

In the Tricircle readme, it is said that you need to add an interface in
your host to br-ext bridge. One interface to access the host, one interface
for east-west networking and one interface for north-south networking, so
all together three interfaces are required.

What if your host only have two interfaces? Here is another deployment

First, change your external network type to flat type. If you are using the
DevStack script provided by Tricircle, do the following changes in node2
local.conf then run DevStack in node2.

        from (network_vlan_ranges=bridge:2001:3000,extern:3001:4000)
        to (network_vlan_ranges=bridge:2001:3000)
    (since we going to use flat external network, no need to configure VLAN
range for extern)
    (2) add PHYSICAL_NETWORK=extern
    (3) keep OVS_BRIDGE_MAPPINGS=bridge:br-bridge,extern:br-ext

Second, specify flat type when creating external network.

    curl -X POST
           -H "Content-Type: application/json" \
           -H "X-Auth-Token: $token" \
           -d '{"network": {"name": "ext-net", "admin_state_up": true,
"router:external": true, "provider:network_type": "flat",
"provider:physical_network": "extern", "availability_zone_hints":

Third, configure IP address of br-ext.

    sudo ifconfig br-ext netmask

    Here is your external network gateway IP, set net mask
according to your CIDR.

After the above steps, you can access your VM via floating IP in node2.
Also your VM can ping the external gateway.

Would like your VM to access the Internet?(Of course node2 should be able
to access the Internet) Two more steps to follow:
(1) Enable packet forward in node2

    sudo bash
    echo 1 >/proc/sys/net/ipv4/ip_forward

(2) Configure SNAT in node2

    sudo iptables -t nat -I POSTROUTING -s -o eth1 -j SNAT
--to-source is your external network CIDR, eth1 is the interface
associated with your default route in node2 and is the IP of

Hope this information helps.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160503/d1b3c4b2/attachment.html>

More information about the OpenStack-dev mailing list