[Openstack-operators] Help with multiple external network in openstack

Geo Varghese gvarghese at aqorn.com
Fri Jun 5 15:15:30 UTC 2015


Kevin,

You are right. Just found the issue. Created external network as Flat
network.

Now its is working :)

Thanks a lot guys for your valuable help

Kevin
Miguel
Noah

I will keep in touch wth you guys.





On Fri, Jun 5, 2015 at 8:31 PM, Fox, Kevin M <Kevin.Fox at pnnl.gov> wrote:

>  Since you are passing the tagged physical network device eth1.803 into
> the bridge, I think you need to use a flat network in the config/ external
> network create command. Otherwise it may do nested vlan tags.
>
> Thanks,
> Kevin
>
> ------------------------------
> *From:* Geo Varghese
> *Sent:* Friday, June 05, 2015 5:38:33 AM
> *To:* Miguel A Diaz Corchero
> *Cc:* openstack-operators at lists.openstack.org
> *Subject:* Re: [Openstack-operators] Help with multiple external network
> in openstack
>
>   Hi Miguel,
>
>  *I am adding my content of /etc/neutron/plugins/ml2/ml2_conf.ini of
> controller*
>
> [ml2]
> type_drivers = gre,vlan
> tenant_network_types = gre,vlan
> mechanism_drivers = openvswitch
>
> [ml2_type_flat]
> flat_networks =
>
> [ml2_type_vlan]
> network_vlan_ranges = physnet1:803:803,physnet2:805:805
>
> [ml2_type_gre]
> tunnel_id_ranges = 1:1000
>
> [ml2_type_vxlan]
> vni_ranges =
> vxlan_group =
>
> [securitygroup]
> enable_security_group = True
> enable_ipset = True
> firewall_driver =
> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
>
> [ovs]
> local_ip = 192.168.100.74
> tunnel_type = gre
> enable_tunneling = True
> bridge_mappings = physnet1:br-ex803,physnet2:br-ex805
>
>  *The content of /etc/neutron/l3_agent.ini of controller*
>
> [DEFAULT]
> debug = True
> interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
> use_namespaces = True
> gateway_external_network_id =
> handle_internal_only_routers = True
> external_network_bridge =
> metadata_port = 9697
> send_arp_for_ha = 3
> periodic_interval = 40
> periodic_fuzzy_delay = 5
> router_delete_namespaces = False
>
>
>  *Content of ovs-vsctl show  after creating the bridges
>                                   *
>
> root at Node25:/home/geo# ovs-vsctl show
> cd31399c-bdb7-4b79-9d51-acbec1a41619
>     Bridge br-int
>         fail_mode: secure
>         Port int-br-ex
>             Interface int-br-ex
>         Port "qr-221f276d-81"
>             tag: 1
>             Interface "qr-221f276d-81"
>                 type: internal
>         Port patch-tun
>             Interface patch-tun
>                 type: patch
>                 options: {peer=patch-int}
>         Port "int-br-ex805"
>             Interface "int-br-ex805"
>         Port "int-br-ex803"
>             Interface "int-br-ex803"
>         Port "qg-d3568030-c3"
>             tag: 2
>             Interface "qg-d3568030-c3"
>                 type: internal
>         Port "tapd7bacca2-15"
>             tag: 1
>             Interface "tapd7bacca2-15"
>                 type: internal
>         Port br-int
>             Interface br-int
>                 type: internal
>     Bridge "br-ex803"
>         Port "eth1.803"
>             Interface "eth1.803"
>         Port "phy-br-ex803"
>             Interface "phy-br-ex803"
>         Port "br-ex803"
>             Interface "br-ex803"
>                 type: internal
>     Bridge br-tun
>         Port "gre-c0a864fe"
>             Interface "gre-c0a864fe"
>                 type: gre
>                 options: {in_key=flow, local_ip="192.168.100.74",
> out_key=flow, remote_ip="192.168.100.254"}
>         Port patch-int
>             Interface patch-int
>                 type: patch
>                 options: {peer=patch-tun}
>         Port br-tun
>             Interface br-tun
>                 type: internal
>     Bridge "br-ex805"
>         Port "phy-br-ex805"
>             Interface "phy-br-ex805"
>         Port "br-ex805"
>             Interface "br-ex805"
>                 type: internal
>         Port "eth1.805"
>             Interface "eth1.805"
>     ovs_version: "2.0.2"
>
>
>  *External network added by following commands*
>
> External network 1 =>
>
>  neutron net-create ext-net1 --shared --router:external=True
> --provider:physical_network physnet1 --provider:network_type vlan
> --provider:segmentation_id 803
>
> neutron subnet-create ext-net1 --name ext-subnet1 --allocation-pool
> start=192.168.200.150,end=192.168.200.160 --disable-dhcp 192.168.200.0/24
>
> External network 2 =>
> neutron net-create ext-net2 --shared --router:external=True
> --provider:physical_network physnet2 --provider:network_type vlan
> --provider:segmentation_id 805
>
> neutron subnet-create ext-net2 --name ext-subnet1 --allocation-pool
> start=192.168.123.150,end=192.168.123.160 --disable-dhcp 192.168.123.0/24
>
>  Please update if you need any other details.
>
>  Thanks again for your time.
>
>
> On Fri, Jun 5, 2015 at 5:05 PM, Geo Varghese <gvarghese at aqorn.com> wrote:
>
>>   Hi Miguel,
>>
>>  Thanks for getting back to me.
>>
>>  I have already restarted both machines - controller and compute
>>
>>  Do i need to paste any commands or conf to debug it?
>>
>>
>> On Fri, Jun 5, 2015 at 4:55 PM, Miguel A Diaz Corchero <
>> miguelangel.diaz at externos.ciemat.es> wrote:
>>
>>>  El 05/06/15 13:07, Geo Varghese escribió:
>>>
>>> I tried it but somethig missing still, ping to floating IP seems not
>>> working
>>>
>>> please, try to restart the L3 agent linked with that floating IP and let
>>> us know
>>>
>>>
>>> do we have to add any changes to compute node  for it?
>>>
>>> it shouldn't be necessary
>>>
>>> Miguel.
>>>
>>>
>>>
>>> On Fri, Jun 5, 2015 at 12:16 PM, Geo Varghese <gvarghese at aqorn.com>
>>> wrote:
>>>
>>>>  Miguel,
>>>>
>>>>  Thanks thats a great link. Let me try it.
>>>>
>>>> On Fri, Jun 5, 2015 at 12:04 PM, Miguel A Diaz Corchero <
>>>> miguelangel.diaz at externos.ciemat.es> wrote:
>>>>
>>>>>  Following this link I configured it in my infrastructure. Maybe this
>>>>> can also help you.
>>>>>
>>>>>
>>>>> https://www.softwareab.net/wordpress/openstack-adding-external-networks-neutron-gre/
>>>>>
>>>>> Miguel.
>>>>>
>>>>> El 04/06/15 23:15, Geo Varghese escribió:
>>>>>
>>>>>   Thanks a lot friend for explaining it. I am also using ubuntu.
>>>>>
>>>>>  let me try it. I will update you with the results.
>>>>>
>>>>> On Fri, Jun 5, 2015 at 2:20 AM, Abrahams.Noah <Noah.Abrahams at igt.com>
>>>>> wrote:
>>>>>
>>>>>>  Hi Geo,
>>>>>>
>>>>>>
>>>>>>
>>>>>> First a disclaimer: I’m working on Ubuntu and Icehouse, so you might
>>>>>> have different behavior, based on your distributions.  Also, I don’t have
>>>>>> all the specifics and flags you might need, but hopefully this can point
>>>>>> you in the right direction.  Also, also, the design below accounts for some
>>>>>> VLAN segregation, and may be more complicated than what you need.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Since you already have the eth devices created, and assuming your
>>>>>> routing is correct: I would create a new bridge for each vlan with
>>>>>> ovs-vsctl (say, br-ex803 and br-ex805).  If you look at
>>>>>> http://openvswitch.org/support/dist-docs/ovs-vsctl.8.txt you can
>>>>>> find the syntax for add-br to create the bridge, then add-port to bind it
>>>>>> to the eth device.  You can also use ovs-vsctl to set the trunks property
>>>>>> on the port, after it’s created, which you’ll need for the vlan tagging.
>>>>>> Then, create a new physnet to match each one of those (physnet3, physnet4,
>>>>>> etc) and include them in the bridge-mapping as “physnet3:br-ex803”, or
>>>>>> something similar, and specify the VLANs as belonging to that particular
>>>>>> physnet in the network_vlan_ranges parameter, like
>>>>>> “…physnet3:803,physnet4:805”.
>>>>>>
>>>>>>
>>>>>>
>>>>>> After all that, you’ll need to update the neutron sql database so the
>>>>>> entry in the network segments table will point to the correct physnet.
>>>>>> Search it by the UUID of the network you’re creating, and update the
>>>>>> physical_network property to match “physnet3” or whatever you create.  Then
>>>>>> you can create a subnet from that network, allocate from it, and it should
>>>>>> work.  You’ll also need to restart the openvswitch-agent and the L3-agent,
>>>>>> probably before you create the subnet.
>>>>>>
>>>>>>
>>>>>>
>>>>>> *Noah Abrahams*
>>>>>>
>>>>>> Staff Engineer @ IGT  |  Central Platforms and Apps
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:* Geo Varghese [mailto:gvarghese at aqorn.com]
>>>>>> *Sent:* Thursday, June 04, 2015 12:43 PM
>>>>>> *To:* Abrahams.Noah
>>>>>> *Cc:* openstack-operators at lists.openstack.org
>>>>>> *Subject:* Re: [Openstack-operators] Help with multiple external
>>>>>> network in openstack
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hi Noah,
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thanks a lot for valuable inputs.
>>>>>>
>>>>>>
>>>>>>
>>>>>> I am using vlan tags for 2 external network and it configured on eth1.
>>>>>>
>>>>>>
>>>>>>
>>>>>> The two interfaces for multiple external networks are eth1.803 and
>>>>>> eth1.805
>>>>>>
>>>>>>
>>>>>>
>>>>>> Currently i didn't created br-ex bridge as it is multiple network.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> I have added vlan rages as =>
>>>>>>
>>>>>>
>>>>>>
>>>>>> network_vlan_ranges = physnet1:100:2999
>>>>>>
>>>>>>
>>>>>>
>>>>>> bridge_mappings as
>>>>>>
>>>>>>
>>>>>>
>>>>>> bridge_mappings =
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Can you please explain what are the configurations I have to do to
>>>>>> implement it.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Thanks for your time.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Jun 5, 2015 at 12:18 AM, Abrahams.Noah <Noah.Abrahams at igt.com>
>>>>>> wrote:
>>>>>>
>>>>>> Geo,
>>>>>>
>>>>>>
>>>>>>
>>>>>> You also need to set the gateway_external_network_id variable to
>>>>>> empty.  If you don’t, the L3 agent is either using the gateway from the
>>>>>> network with the specified UUID, or can’t figure out which one to use.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Also, if the networks have VLAN tags that would be handled by the
>>>>>> switch, you might need to create that network on an entirely separate
>>>>>> bridge (for example: br-ex2) and bind it to your physical interface.  After
>>>>>> you do that, go through all the associations, such as adding the new
>>>>>> physnet# in your bridge mappings and vlan ranges in your ml2_conf.ini.
>>>>>>
>>>>>>
>>>>>>
>>>>>> *Noah Abrahams*
>>>>>>
>>>>>> Staff Engineer @ IGT  |  Central Platforms and Apps
>>>>>>
>>>>>>
>>>>>>
>>>>>> *From:* Geo Varghese [mailto:gvarghese at aqorn.com]
>>>>>> *Sent:* Thursday, June 04, 2015 6:26 AM
>>>>>> *To:* openstack-operators at lists.openstack.org;
>>>>>> openstack at lists.openstack.org
>>>>>> *Subject:* [Openstack-operators] Help with multiple external network
>>>>>> in openstack
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hi Team,
>>>>>>
>>>>>> I need some help to setup multiple external network
>>>>>>
>>>>>>
>>>>>>  In normal single external network we create *br-ex* bridge and add
>>>>>> it in
>>>>>>
>>>>>> /etc/neutron/l3_agent.ini
>>>>>>
>>>>>> As
>>>>>>
>>>>>> external_network_bridge = br-ex
>>>>>>
>>>>>> It is working for me.
>>>>>>
>>>>>> But in the case of multiple external network, this variable to be set
>>>>>> to empty according to the docs. I did that but seems working.
>>>>>>
>>>>>> Any one please specify whta other changes i have to do to make it
>>>>>> working.
>>>>>>
>>>>>> Thanks for your support guys.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Geo Varghese
>>>>>>
>>>>>> CONFIDENTIALITY NOTICE: This message is the property of International
>>>>>> Game Technology PLC and/or its subsidiaries and may contain proprietary,
>>>>>> confidential or trade secret information. This message is intended solely
>>>>>> for the use of the addressee. If you are not the intended recipient and
>>>>>> have received this message in error, please delete this message from your
>>>>>> system. Any unauthorized reading, distribution, copying, or other use of
>>>>>> this message or its attachments is strictly prohibited.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Geo Varghese
>>>>>>     CONFIDENTIALITY NOTICE: This message is the property of
>>>>>> International Game Technology PLC and/or its subsidiaries and may contain
>>>>>> proprietary, confidential or trade secret information. This message is
>>>>>> intended solely for the use of the addressee. If you are not the intended
>>>>>> recipient and have received this message in error, please delete this
>>>>>> message from your system. Any unauthorized reading, distribution, copying,
>>>>>> or other use of this message or its attachments is strictly prohibited.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>>  --
>>>>>  --
>>>>> Regards,
>>>>> Geo Varghese
>>>>>
>>>>>
>>>>>  _______________________________________________
>>>>> OpenStack-operators mailing listOpenStack-operators at lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OpenStack-operators mailing list
>>>>> OpenStack-operators at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>>  --
>>>> Regards,
>>>> Geo Varghese
>>>>
>>>
>>>
>>>
>>> --
>>>  --
>>> Regards,
>>> Geo Varghese
>>>
>>>
>>>
>>
>>
>> --
>>  --
>> Regards,
>> Geo Varghese
>>
>
>
>
> --
>  --
> Regards,
> Geo Varghese
>



-- 
--
Regards,
Geo Varghese
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150605/df1c8041/attachment-0001.html>


More information about the OpenStack-operators mailing list