[Openstack-operators] how to attach VMs to external/vlan network directly
Gustavo Randich
gustavo.randich at gmail.com
Sun Apr 12 04:26:24 UTC 2015
Yes, vlan81 is a subinterface. That is the problem. Will try adding bond0
to br-vlan... Thanks!
On Saturday, April 11, 2015, Matt Kassawara <mkassawara at gmail.com> wrote:
> Does vlan81 between bond0 and br-vlan reflect a VLAN subinterface on the
> host? If so, you need to remove it and attach bond0 directly to br-vlan
> because Open vSwitch performs the tagging for you.
>
> On Fri, Apr 10, 2015 at 3:13 PM, Gustavo Randich <
> gustavo.randich at gmail.com
> <javascript:_e(%7B%7D,'cvml','gustavo.randich at gmail.com');>> wrote:
>
>> Hi,
>>
>> I've tried without success to attach instances directly to external VLAN
>> network using "provider:network_type vlan"; below are the details. Using
>> "provider:network_type flat" I made it work.
>>
>> I was basically following this:
>> http://www.s3it.uzh.ch/blog/openstack-neutron-vlan/
>>
>> Any idea will be appreciated.
>>
>> ML2 CONFIG
>> ml2_type_vlan network_vlan_ranges vlannet:81:91
>> bridge_mappings vlannet:br-vlan
>> enable_security_group True
>> enable_ipset True
>> firewall_driver
>> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
>>
>> NETWORK CREATION
>> neutron net-create vlan81 --router:external True
>> --provider:physical_network vlannet --provider:network_type vlan
>> --provider:segmentation_id 81 --shared
>> neutron subnet-create vlan81 10.111.81.0/24 --name vlan81
>> --allocation-pool start=10.111.81.65,end=10.111.81.126 --enable-dhcp
>> --gateway 10.111.81.254 --dns-nameserver 10.1.1.68 --dns-nameserver
>> 10.1.1.42 --host-route destination=
>> 169.254.169.254/32,nexthop=10.111.81.65
>>
>> NETWORK CONFIGURATION OF COMPUTE/NETWORK NODES
>> em1 \
>> bond0 -> vlan81 -> | br-vlan | <-> | br-int |
>> em2 /
>>
>> DEBUGGING
>>
>> root at juno-dev02:~# ovs-ofctl dump-flows br-vlan
>> NXST_FLOW reply (xid=0x4):
>> cookie=0x0, duration=2991.439s, table=0, n_packets=5374, n_bytes=357405,
>> idle_age=2, priority=4,in_port=5,dl_vlan=1 actions=mod_vlan_vid:81,NORMAL
>> cookie=0x0, duration=3439.498s, table=0, n_packets=3792, n_bytes=159460,
>> idle_age=0, priority=2,in_port=5 actions=drop
>> cookie=0x0, duration=3440.064s, table=0, n_packets=113217,
>> n_bytes=18712371, idle_age=0, priority=1 actions=NORMAL
>>
>> root at juno-dev02:~# ovs-ofctl dump-flows br-int
>> NXST_FLOW reply (xid=0x4):
>> cookie=0x0, duration=3891.241s, table=0, n_packets=1448, n_bytes=157908,
>> idle_age=1236, priority=3,in_port=7,dl_vlan=81 actions=mod_vlan_vid:1,NORMAL
>> cookie=0x0, duration=4339.435s, table=0, n_packets=26538,
>> n_bytes=1584268, idle_age=1, priority=2,in_port=7 actions=drop
>> cookie=0x0, duration=4340.224s, table=0, n_packets=10686,
>> n_bytes=590535, idle_age=1, priority=1 actions=NORMAL
>> cookie=0x0, duration=4340.153s, table=23, n_packets=0, n_bytes=0,
>> idle_age=4340, priority=0 actions=drop
>>
>> root at juno-dev02:~# nova list
>>
>> +--------------------------------------+------+--------+------------+-------------+---------------------+
>> | ID | Name | Status | Task State |
>> Power State | Networks |
>>
>> +--------------------------------------+------+--------+------------+-------------+---------------------+
>> | 2f1a2cba-6fc7-45ae-a251-e709ab8b7ecc | test | ACTIVE | - |
>> Running | vlan81=10.111.81.66 |
>>
>> +--------------------------------------+------+--------+------------+-------------+---------------------+
>>
>>
>> Instance can reach DHCP server on network node (10.111.81.65), but cannot
>> reach default gateway (10.111.81.254), nor any host of the external network.
>>
>> The br-vlan bridge shows outgoing ARP packets tagged with vlan 81, and
>> ARP replies not tagged, which I suppose it then drops because it does not
>> match the first rule of br-vlan.
>>
>> The br-int bridge shows only outgoin ARP packets:
>>
>>
>> root at juno-dev02:~# tcpdump -env -i br-vlan icmp or arp
>> tcpdump: listening on br-vlan, link-type EN10MB (Ethernet), capture size
>> 65535 bytes
>> 11:45:56.463254 fa:16:3e:58:74:5b > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
>> (0x8100), length 46: vlan 81, p 0, ethertype ARP, Ethernet (len 6), IPv4
>> (len 4), Request who-has 10.111.81.254 tell 10.111.81.66, length 28
>> 11:45:56.464491 78:19:f7:9b:2a:41 > fa:16:3e:58:74:5b, ethertype ARP
>> (0x0806), length 56: Ethernet (len 6), IPv4 (len 4), Reply 10.111.81.254
>> is-at 78:19:f7:9b:2a:41, length 42
>> 11:45:57.461253 fa:16:3e:58:74:5b > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
>> (0x8100), length 46: vlan 81, p 0, ethertype ARP, Ethernet (len 6), IPv4
>> (len 4), Request who-has 10.111.81.254 tell 10.111.81.66, length 28
>> 11:45:57.462765 78:19:f7:9b:2a:41 > fa:16:3e:58:74:5b, ethertype ARP
>> (0x0806), length 56: Ethernet (len 6), IPv4 (len 4), Reply 10.111.81.254
>> is-at 78:19:f7:9b:2a:41, length 42
>>
>> root at juno-dev02:~# tcpdump -env -i br-int icmp or arp
>> tcpdump: WARNING: br-int: no IPv4 address assigned
>> tcpdump: listening on br-int, link-type EN10MB (Ethernet), capture size
>> 65535 bytes
>> 11:29:49.330084 fa:16:3e:58:74:5b > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
>> (0x8100), length 46: vlan 1, p 0, ethertype ARP, Ethernet (len 6), IPv4
>> (len 4), Request who-has 10.111.81.254 tell 10.111.81.66, length 28
>> 11:29:50.162106 fa:16:3e:58:74:5b > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
>> (0x8100), length 46: vlan 1, p 0, ethertype ARP, Ethernet (len 6), IPv4
>> (len 4), Request who-has 10.111.81.49 tell 10.111.81.66, length 28
>> 11:29:51.180111 fa:16:3e:58:74:5b > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
>> (0x8100), length 46: vlan 1, p 0, ethertype ARP, Ethernet (len 6), IPv4
>> (len 4), Request who-has 10.111.81.49 tell 10.111.81.66, length 28
>>
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> <javascript:_e(%7B%7D,'cvml','OpenStack-operators at lists.openstack.org');>
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150412/7e9ea6b3/attachment.html>
More information about the OpenStack-operators
mailing list