[Openstack-operators] [Neutron][Linuxbridge] Problem with configuring linux bridge agent with vxlan networks
Sławek Kapłoński
slawek at kaplonski.pl
Sat Oct 3 09:07:41 UTC 2015
Hello,
This vlan bridge_mapping I set just to be sure if it will not help for
some reason :) Before I tested it without this mapping configured. And
in fact I'm not using vlan networks at all (at least now) - I only want
to have local vxlan network between instances :)
When I booted one instance on host in brqXXX bridge I got vxlan-10052
port and tapXXX port (10052 is vni used assigned to network in neutron).
After boot second vm I got in same bridge second tap interface so it
looks like:
root at compute-2:~# brctl show
bridge name bridge id STP enabled interfaces
brq8fe8a32f-e6 8000.ce544d0c0e5d no tap691a138a-6c
tapbc1e5179-53
vxlan-10052
virbr0 8000.5254007611ab yes virbr0-nic
So it looks fine for me. I have no idea what is this vibr0 bridge - maybe it
should be used somehow?
One more think. Those two vms on one host are pinging each other. So bridge
looks that is working fine. Problem is with vxlan tunnels.
About security groups: by default there is rule to allow traffic from different
vms using same SG. All my instances are using same security group so it should
be no problem IMHO.
--
Best regards / Pozdrawiam
Sławek Kapłoński
slawek at kaplonski.pl
On Fri, 02 Oct 2015, James Denton wrote:
> If eth1 is used for the vxlan tunnel end points, it can't also be used in a bridge ala provider_bridge_mappings. You should have a dedicated interface or a vlan interface off eth1 (i.e. Eth1.20) that is dedicated to the overlay traffic. Move the local_ip address to that interface on respective nodes. Verify that you can ping between nodes at each address. If this doesn't work, the Neutron pieces won't work. You shouldn't have to restart any neutron services, since the IP isn't changing.
>
> Once you create a vxlan tenant network and boot some instances, verify that the vxlan interface is being setup and placed in the respective bridge. You can use 'brctl show' to look at the brq bridge that corresponds to the network. You should see a vxlan interface and the tap interfaces of your instances.
>
> As always, verify your security groups first when troubleshooting instance to instance communication.
>
> James
>
> Sent from my iPhone
>
> > On Oct 2, 2015, at 3:48 PM, Sławek Kapłoński <slawek at kaplonski.pl> wrote:
> >
> > Hello,
> >
> > I'm trying to configure small openstack infra (one network node, 2
> > compute nodes) with linux bridge and vxlan tenant networks. I don't know
> > what I'm doing wrong but my instances have no connection between
> > each other. On compute hosts I run neutron-plugin-linuxbrigde-agent
> > with config like:
> >
> > ------------------
> > [ml2_type_vxlan]
> > # (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples
> > # enumerating
> > # ranges of VXLAN VNI IDs that are available for tenant network
> > # allocation.
> > #
> > vni_ranges = 10000:20000
> >
> > # (StrOpt) Multicast group for the VXLAN interface. When configured,
> > # will
> > # enable sending all broadcast traffic to this multicast group. When
> > # left
> > # unconfigured, will disable multicast VXLAN mode.
> > #
> > # vxlan_group =
> > # Example: vxlan_group = 239.1.1.1
> >
> > [securitygroup]
> > # Controls if neutron security group is enabled or not.
> > # It should be false when you use nova security group.
> > enable_security_group = True
> >
> > # Use ipset to speed-up the iptables security groups. Enabling ipset
> > # support
> > # requires that ipset is installed on L2 agent node.
> > enable_ipset = True
> >
> > firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
> >
> > [ovs]
> > local_ip = 10.1.0.4
> >
> > [agent]
> > tunnel_types = vxlan
> >
> > [linuxbridge]
> > physical_interface_mappings = physnet1:eth1
> >
> > [vxlan]
> > local_ip = 10.1.0.4
> > l2_population = True
> > enable_vxlan = True
> > -------------------
> >
> > Eth1 is my "tunnel network" which should be used for tunnels. When I
> > spawn vms on compute 1 and 2 and after configuring network manually on
> > both vms (dhcp is not working also because of broken tunnels probably)
> > it not pings.
> > Even when I started two instances on same host and they are both
> > connected to one bridge:
> >
> > -------------------
> > root at compute-2:/usr/lib/python2.7/dist-packages/neutron# brctl show
> > bridge name bridge id STP enabled interfaces
> > brq8fe8a32f-e6 8000.ce544d0c0e5d no tap691a138a-6c
> > tapbc1e5179-53
> > vxlan-10052
> > virbr0 8000.5254007611ab yes virbr0-nic
> > -------------------
> >
> > those 2 vms are not pinging each other :/
> > I don't have any expeirence with linux bridge in fact (For now I was always
> > using ovs). Maybe someone of You will know what I should check or what I should
> > configure wrong :/ Generally I was installing this openstack according to
> > official openstack documentation but in this docs there is info about ovs+gre
> > tunnels and that is what I changed. I'm using Ubuntu 14.04 and Openstack Kilo
> > installed from cloud archive repo.
> >
> > --
> > Best regards / Pozdrawiam
> > Sławek Kapłoński
> > slawek at kaplonski.pl
> >
> > _______________________________________________
> > OpenStack-operators mailing list
> > OpenStack-operators at lists.openstack.org
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20151003/a80123b7/attachment.pgp>
More information about the OpenStack-operators
mailing list