[Openstack-operators] [Neutron][Linuxbridge] Problem with configuring linux bridge agent with vxlan networks
james.denton at rackspace.com
Fri Oct 2 22:04:25 UTC 2015
If eth1 is used for the vxlan tunnel end points, it can't also be used in a bridge ala provider_bridge_mappings. You should have a dedicated interface or a vlan interface off eth1 (i.e. Eth1.20) that is dedicated to the overlay traffic. Move the local_ip address to that interface on respective nodes. Verify that you can ping between nodes at each address. If this doesn't work, the Neutron pieces won't work. You shouldn't have to restart any neutron services, since the IP isn't changing.
Once you create a vxlan tenant network and boot some instances, verify that the vxlan interface is being setup and placed in the respective bridge. You can use 'brctl show' to look at the brq bridge that corresponds to the network. You should see a vxlan interface and the tap interfaces of your instances.
As always, verify your security groups first when troubleshooting instance to instance communication.
Sent from my iPhone
> On Oct 2, 2015, at 3:48 PM, Sławek Kapłoński <slawek at kaplonski.pl> wrote:
> I'm trying to configure small openstack infra (one network node, 2
> compute nodes) with linux bridge and vxlan tenant networks. I don't know
> what I'm doing wrong but my instances have no connection between
> each other. On compute hosts I run neutron-plugin-linuxbrigde-agent
> with config like:
> # (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples
> # enumerating
> # ranges of VXLAN VNI IDs that are available for tenant network
> # allocation.
> vni_ranges = 10000:20000
> # (StrOpt) Multicast group for the VXLAN interface. When configured,
> # will
> # enable sending all broadcast traffic to this multicast group. When
> # left
> # unconfigured, will disable multicast VXLAN mode.
> # vxlan_group =
> # Example: vxlan_group = 188.8.131.52
> # Controls if neutron security group is enabled or not.
> # It should be false when you use nova security group.
> enable_security_group = True
> # Use ipset to speed-up the iptables security groups. Enabling ipset
> # support
> # requires that ipset is installed on L2 agent node.
> enable_ipset = True
> firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
> local_ip = 10.1.0.4
> tunnel_types = vxlan
> physical_interface_mappings = physnet1:eth1
> local_ip = 10.1.0.4
> l2_population = True
> enable_vxlan = True
> Eth1 is my "tunnel network" which should be used for tunnels. When I
> spawn vms on compute 1 and 2 and after configuring network manually on
> both vms (dhcp is not working also because of broken tunnels probably)
> it not pings.
> Even when I started two instances on same host and they are both
> connected to one bridge:
> root at compute-2:/usr/lib/python2.7/dist-packages/neutron# brctl show
> bridge name bridge id STP enabled interfaces
> brq8fe8a32f-e6 8000.ce544d0c0e5d no tap691a138a-6c
> virbr0 8000.5254007611ab yes virbr0-nic
> those 2 vms are not pinging each other :/
> I don't have any expeirence with linux bridge in fact (For now I was always
> using ovs). Maybe someone of You will know what I should check or what I should
> configure wrong :/ Generally I was installing this openstack according to
> official openstack documentation but in this docs there is info about ovs+gre
> tunnels and that is what I changed. I'm using Ubuntu 14.04 and Openstack Kilo
> installed from cloud archive repo.
> Best regards / Pozdrawiam
> Sławek Kapłoński
> slawek at kaplonski.pl
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
More information about the OpenStack-operators