[Openstack-operators] Manual router setup
Christopher Hull
chrishull42 at gmail.com
Thu Mar 24 17:21:31 UTC 2016
James;
Hey you know... I seem to remember zeroing out "eth0" IP 0.0.0.0 and
setting the static IP on br-ex under Kilo and everything worked. That was
using OVS. Perhaps I do the same, as you suggest, with LinuxBridge.
Wow. Thanks. Will try. And if this doesn't work I'll respond with the
diagnostic output you requested.
Thanks to all of you;
-Chris
- Christopher T. Hull
I am presently seeking a new career opportunity Please see career page
http://chrishull.com/career
333 Orchard Ave, Sunnyvale CA. 94085
(415) 385 4865
chrishull42 at gmail.com
http://chrishull.com
On Wed, Mar 23, 2016 at 5:57 PM, James Denton <james.denton at rackspace.com>
wrote:
> Hi Christopher,
>
> Routers work under Liberty and LinuxBridge just fine, in my experience, so
> don’t be too quick to give up on them. I promise you’ll have a tougher go
> at it, at this point, using another virtual machine as a router.
>
> Some tips:
>
>
> 1. Use the ‘ip’ command rather than ‘ifconfig’. Output of ‘ip addr’
> would be more helpful here.
> 2. Use ‘brctl show’ to see the virtual bridges and their members. That
> output would be helpful here as well.
>
>
> You have an IP configured on interface enp3s0, and I can’t tell what you
> have set as the physical interface mappings in the ML2/LinuxBridge agent
> config. On older email I see this:
>
> >> physical_interface_mappings | public:enp3s0
>
> If that’s still the case, you’re going to have a hard time. The
> LinuxBridge agent expects to put the enp3s0 interface into the respective
> brq-* bridge that corresponds to the public (flat) network. Once the
> interface is in the bridge, you may lose connectivity to/from any address
> on that interface. At that point, your host will be unable to communicate
> with the router's gateway interface also in the bridge, and probably any
> external host. In this configuration, you may consider moving the IP from
> enp3s0 to the brq-* bridge temporarily. That should work. Give it a try and
> let me know.
>
> James
>
> From: Christopher Hull <chrishull42 at gmail.com>
> Date: Wednesday, March 23, 2016 at 7:21 PM
> To: Dan Sneddon <dsneddon at redhat.com>
> Cc: openstack-operators <openstack-operators at lists.openstack.org>
> Subject: Re: [Openstack-operators] Manual router setup
>
> Conclusion. Neutron routers under Liberty (Linux Bridge) don't work.
> Please prove me wrong..... Moving on to manual router creation.
> 1: How can I assign a fixed IP to an instance?
> 2: If I add routes will they get used? I probably have to create a Port
> for every route (as Floating IPs do ).
>
>
> ------ Session: Trying to create a working router for the 15th time.
> :-) ----
>
>
> [root at maersk src]# ifconfig
> enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255
> inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64
> scopeid 0x0<global>
> inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20<link>
> ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
> RX packets 238 bytes 16020 (15.6 KiB)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 60 bytes 6650 (6.4 KiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
> inet 127.0.0.1 netmask 255.0.0.0
> inet6 ::1 prefixlen 128 scopeid 0x10<host>
> loop txqueuelen 0 (Local Loopback)
> RX packets 4985 bytes 1060267 (1.0 MiB)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 4985 bytes 1060267 (1.0 MiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
> inet 192.168.122.1 netmask 255.255.255.0 broadcast
> 192.168.122.255
> ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
> RX packets 0 bytes 0 (0.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 0 bytes 0 (0.0 B)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> [root at maersk src]# source admin-openrc.sh
> [root at maersk src]# clear
>
> [root at maersk src]# neutron net-create public --shared
> --provider:physical_network public \
> > --provider:network_type flat
> Created a new network:
> +---------------------------+--------------------------------------+
> | Field | Value |
> +---------------------------+--------------------------------------+
> | admin_state_up | True |
> | id | 9ee73442-5a86-48c0-84da-8f650937fd08 |
> | mtu | 0 |
> | name | public |
> | port_security_enabled | True |
> | provider:network_type | flat |
> | provider:physical_network | public |
> | provider:segmentation_id | |
> | router:external | False |
> | shared | True |
> | status | ACTIVE |
> | subnets | |
> | tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |
> +---------------------------+--------------------------------------+
> [root at maersk src]# neutron subnet-create public 172.22.10.0/24 --name
> public \
> > --allocation-pool start=172.22.10.10,end=172.22.10.90 \
> > --dns-nameserver 172.22.10.254 --gateway 172.22.10.254 --enable_dhcp
> False
> Created a new subnet:
> +-------------------+--------------------------------------------------+
> | Field | Value |
> +-------------------+--------------------------------------------------+
> | allocation_pools | {"start": "172.22.10.10", "end": "172.22.10.90"} |
> | cidr | 172.22.10.0/24 |
> | dns_nameservers | 172.22.10.254 |
> | enable_dhcp | False |
> | gateway_ip | 172.22.10.254 |
> | host_routes | |
> | id | 28683bfe-2410-4f9b-b805-ec3c7aee009a |
> | ip_version | 4 |
> | ipv6_address_mode | |
> | ipv6_ra_mode | |
> | name | public |
> | network_id | 9ee73442-5a86-48c0-84da-8f650937fd08 |
> | subnetpool_id | |
> | tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |
> +-------------------+--------------------------------------------------+
> [root at maersk src]# ifconfig
> enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255
> inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64
> scopeid 0x0<global>
> inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20<link>
> ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
> RX packets 5032 bytes 373870 (365.1 KiB)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 2602 bytes 3154215 (3.0 MiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
> inet 127.0.0.1 netmask 255.0.0.0
> inet6 ::1 prefixlen 128 scopeid 0x10<host>
> loop txqueuelen 0 (Local Loopback)
> RX packets 46701 bytes 12008341 (11.4 MiB)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 46701 bytes 12008341 (11.4 MiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
> inet 192.168.122.1 netmask 255.255.255.0 broadcast
> 192.168.122.255
> ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
> RX packets 0 bytes 0 (0.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 0 bytes 0 (0.0 B)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> [root at maersk src]# neutron net-list
>
> +--------------------------------------+--------+-----------------------------------------------------+
> | id | name |
> subnets |
>
> +--------------------------------------+--------+-----------------------------------------------------+
> | 9ee73442-5a86-48c0-84da-8f650937fd08 | public |
> 28683bfe-2410-4f9b-b805-ec3c7aee009a 172.22.10.0/24 |
>
> +--------------------------------------+--------+-----------------------------------------------------+
> [root at maersk src]# source demo-openrc.sh
> [root at maersk src]# neutron net-create private
> Created a new network:
> +-----------------------+--------------------------------------+
> | Field | Value |
> +-----------------------+--------------------------------------+
> | admin_state_up | True |
> | id | 573956a6-1378-4100-83c2-db5c3bf9a95c |
> | mtu | 0 |
> | name | private |
> | port_security_enabled | True |
> | router:external | False |
> | shared | False |
> | status | ACTIVE |
> | subnets | |
> | tenant_id | 7813be77b1de4196b1c6b77006afa21c |
> +-----------------------+--------------------------------------+
> [root at maersk src]# neutron subnet-create private 192.168.10.0/24 \
> > --name private --dns-nameserver 172.22.10.254 --gateway 192.168.10.1
> Created a new subnet:
> +-------------------+----------------------------------------------------+
> | Field | Value |
> +-------------------+----------------------------------------------------+
> | allocation_pools | {"start": "192.168.10.2", "end": "192.168.10.254"} |
> | cidr | 192.168.10.0/24 |
> | dns_nameservers | 172.22.10.254 |
> | enable_dhcp | True |
> | gateway_ip | 192.168.10.1 |
> | host_routes | |
> | id | 83f4f5e5-13b6-41f2-af07-b96d86847e2b |
> | ip_version | 4 |
> | ipv6_address_mode | |
> | ipv6_ra_mode | |
> | name | private |
> | network_id | 573956a6-1378-4100-83c2-db5c3bf9a95c |
> | subnetpool_id | |
> | tenant_id | 7813be77b1de4196b1c6b77006afa21c |
> +-------------------+----------------------------------------------------+
> [root at maersk src]# ifconfig
> brq573956a6-13: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
> inet6 fe80::6469:36ff:fecc:a4d8 prefixlen 64 scopeid 0x20<link>
> ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet)
> RX packets 4 bytes 264 (264.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 7 bytes 578 (578.0 B)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255
> inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64
> scopeid 0x0<global>
> inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20<link>
> ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
> RX packets 5310 bytes 393373 (384.1 KiB)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 2661 bytes 3165497 (3.0 MiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
> inet 127.0.0.1 netmask 255.0.0.0
> inet6 ::1 prefixlen 128 scopeid 0x10<host>
> loop txqueuelen 0 (Local Loopback)
> RX packets 50779 bytes 13259383 (12.6 MiB)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 50779 bytes 13259383 (12.6 MiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> tapbb0ceef0-e6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
> inet6 fe80::e816:29ff:fec8:9925 prefixlen 64 scopeid 0x20<link>
> ether ea:16:29:c8:99:25 txqueuelen 1000 (Ethernet)
> RX packets 7 bytes 578 (578.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 13 bytes 1066 (1.0 KiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
> inet 192.168.122.1 netmask 255.255.255.0 broadcast
> 192.168.122.255
> ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
> RX packets 0 bytes 0 (0.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 0 bytes 0 (0.0 B)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> vxlan-92: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
> inet6 fe80::d888:38ff:fe4a:6e1 prefixlen 64 scopeid 0x20<link>
> ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet)
> RX packets 0 bytes 0 (0.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 0 bytes 0 (0.0 B)
> TX errors 0 dropped 16 overruns 0 carrier 0 collisions 0
>
> [root at maersk src]# source admin-openrc.sh
> [root at maersk src]# neutron net-update public --router:external
> Updated network: public
> [root at maersk src]# source demo-openrc.sh
> [root at maersk src]# neutron router-create router
> Created a new router:
> +-----------------------+--------------------------------------+
> | Field | Value |
> +-----------------------+--------------------------------------+
> | admin_state_up | True |
> | external_gateway_info | |
> | id | ff6a61f5-f497-43a1-b245-64ec8e87b488 |
> | name | router |
> | routes | |
> | status | ACTIVE |
> | tenant_id | 7813be77b1de4196b1c6b77006afa21c |
> +-----------------------+--------------------------------------+
> [root at maersk src]# neutron router-interface-add router private
> Multiple router matches found for name 'router', use an ID to be more
> specific.
> [root at maersk src]# neutron router-list
> +--------------------------------------+--------+-----------------------+
> | id | name | external_gateway_info |
> +--------------------------------------+--------+-----------------------+
> | 5939b796-cae6-4d72-8d34-66e20afb95aa | router | null |
> | ff6a61f5-f497-43a1-b245-64ec8e87b488 | router | null |
> +--------------------------------------+--------+-----------------------+
> [root at maersk src]# neutron router-delete
> 5939b796-cae6-4d72-8d34-66e20afb95aa
> Deleted router: 5939b796-cae6-4d72-8d34-66e20afb95aa
> [root at maersk src]# neutron router-delete
> ff6a61f5-f497-43a1-b245-64ec8e87b488
> Deleted router: ff6a61f5-f497-43a1-b245-64ec8e87b488
> [root at maersk src]# neutron router-create router
> Created a new router:
> +-----------------------+--------------------------------------+
> | Field | Value |
> +-----------------------+--------------------------------------+
> | admin_state_up | True |
> | external_gateway_info | |
> | id | a1be1dbd-1a94-4a8c-8093-45a7af89140c |
> | name | router |
> | routes | |
> | status | ACTIVE |
> | tenant_id | 7813be77b1de4196b1c6b77006afa21c |
> +-----------------------+--------------------------------------+
> [root at maersk src]# neutron router-interface-add router private
> Added interface 74c0d2df-3944-43d7-8be9-2ef0d9242edc to router router.
> [root at maersk src]# neutron router-gateway-set router public
> Set gateway for router router
> [root at maersk src]# source admin-openrc.sh
> [root at maersk src]# ip netns
> qrouter-a1be1dbd-1a94-4a8c-8093-45a7af89140c (id: 1)
> qdhcp-573956a6-1378-4100-83c2-db5c3bf9a95c (id: 0)
> [root at maersk src]# neutron router-port-list router
>
> +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
> | id | name | mac_address |
> fixed_ips
> |
>
> +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
> | 21c8decf-e4c8-4467-9266-ca5cfb9c7c20 | | fa:16:3e:d6:29:b4 |
> {"subnet_id": "28683bfe-2410-4f9b-b805-ec3c7aee009a", "ip_address":
> "172.22.10.10"} |
> | 74c0d2df-3944-43d7-8be9-2ef0d9242edc | | fa:16:3e:7b:d6:0f |
> {"subnet_id": "83f4f5e5-13b6-41f2-af07-b96d86847e2b", "ip_address":
> "192.168.10.1"} |
>
> +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
> [root at maersk src]# ping 172.22.10.10
> PING 172.22.10.10 (172.22.10.10) 56(84) bytes of data.
> From 172.22.10.99 icmp_seq=1 Destination Host Unreachable
> From 172.22.10.99 icmp_seq=2 Destination Host Unreachable
> From 172.22.10.99 icmp_seq=3 Destination Host Unreachable
> From 172.22.10.99 icmp_seq=4 Destination Host Unreachable
> From 172.22.10.99 icmp_seq=5 Destination Host Unreachable
> From 172.22.10.99 icmp_seq=6 Destination Host Unreachable
> From 172.22.10.99 icmp_seq=7 Destination Host Unreachable
> From 172.22.10.99 icmp_seq=8 Destination Host Unreachable
> ^C
> --- 172.22.10.10 ping statistics ---
> 8 packets transmitted, 0 received, +8 errors, 100% packet loss, time 7000ms
> pipe 4
> [root at maersk src]# ifconfig
> brq573956a6-13: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
> inet6 fe80::6469:36ff:fecc:a4d8 prefixlen 64 scopeid 0x20<link>
> ether 72:65:0b:f7:66:9c txqueuelen 0 (Ethernet)
> RX packets 6 bytes 348 (348.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 8 bytes 648 (648.0 B)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
> inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255
> inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64
> scopeid 0x0<global>
> inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20<link>
> ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
> RX packets 6360 bytes 464736 (453.8 KiB)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 2867 bytes 3196849 (3.0 MiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
> inet 127.0.0.1 netmask 255.0.0.0
> inet6 ::1 prefixlen 128 scopeid 0x10<host>
> loop txqueuelen 0 (Local Loopback)
> RX packets 65582 bytes 17827940 (17.0 MiB)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 65582 bytes 17827940 (17.0 MiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> tap74c0d2df-39: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
> inet6 fe80::7065:bff:fef7:669c prefixlen 64 scopeid 0x20<link>
> ether 72:65:0b:f7:66:9c txqueuelen 1000 (Ethernet)
> RX packets 10 bytes 864 (864.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 8 bytes 648 (648.0 B)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> tapbb0ceef0-e6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
> inet6 fe80::e816:29ff:fec8:9925 prefixlen 64 scopeid 0x20<link>
> ether ea:16:29:c8:99:25 txqueuelen 1000 (Ethernet)
> RX packets 8 bytes 648 (648.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 16 bytes 1248 (1.2 KiB)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
> inet 192.168.122.1 netmask 255.255.255.0 broadcast
> 192.168.122.255
> ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
> RX packets 0 bytes 0 (0.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 0 bytes 0 (0.0 B)
> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>
> vxlan-92: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
> inet6 fe80::d888:38ff:fe4a:6e1 prefixlen 64 scopeid 0x20<link>
> ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet)
> RX packets 0 bytes 0 (0.0 B)
> RX errors 0 dropped 0 overruns 0 frame 0
> TX packets 0 bytes 0 (0.0 B)
> TX errors 0 dropped 19 overruns 0 carrier 0 collisions 0
>
>
>
>
> - Christopher T. Hull
> I am presently seeking a new career opportunity Please see career page
> http://chrishull.com/career
> 333 Orchard Ave, Sunnyvale CA. 94085
> (415) 385 4865
> chrishull42 at gmail.com
> http://chrishull.com
>
>
>
> On Wed, Mar 23, 2016 at 4:34 PM, Dan Sneddon <dsneddon at redhat.com> wrote:
>
>> On 03/23/2016 04:06 PM, Christopher Hull wrote:
>> > Hmmm. Well I'm not using OpenVSwitch. Just LinuxBridge. My CentOS
>> > 7 install sees emp3s0 where eth0 would usually appear. But this may
>> > need to be changed to br-ex? The IP address no longer apperas at
>> > enp3s0, so perhaps that's the issue.
>> >
>> > When I make changes, I tear down all the networks and rebuild them
>> > according to instructions. I do this after restarting the machine. I
>> > wonder if the database needs to be updated as well.
>> >
>> > su -s /bin/sh -c "neutron-db-manage --config-file
>> > /etc/neutron/neutron.conf \
>> > --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head"
>> neutron
>> > systemctl stop neutron-server.service \
>> > neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
>> > neutron-metadata-agent.service
>> > systemctl stop neutron-l3-agent.service
>> > and restart.
>> >
>> > Thanks for the help. Yes. It's a bit confusing. Why are router and
>> > instance ports different? It is for this reason that I figured I could
>> > just create my own instance/router. But why should I have to? Do
>> > routers not work unless you use OpenVSwitch? The Liberty install
>> > instructions (unlike Kilo) don't seem to require installing OpenVSwitch.
>> >
>> > linux_bridge_agent.ini
>> > inux_bridge | physical_interface_mappings | public:enp3s0
>> >
>> > Perhaps br-ex? Or whereever I see my static IP when doing an
>> > ifconfig :-) Was enp3s0 when CentOS was first installed, but I think
>> > thats changed somehow.
>> >
>> >
>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>> > | linuxbridge_agent: Section | Key |
>> > Value |
>> >
>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>> > | linux_bridge | physical_interface_mappings |
>> > public:enp3s0 |
>> > | vxlan | l2_population |
>> > True |
>> > | vxlan | local_ip |
>> > 172.22.10.99 |
>> > | vxlan | enable_vxlan |
>> > True |
>> > | agent | prevent_arp_spoofing |
>> > True |
>> > | securitygroup | firewall_driver |
>> > neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
>> > | securitygroup | enable_security_group |
>> > True |
>> >
>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>> >
>> >
>> >
>> > - Christopher T. Hull
>> > I am presently seeking a new career opportunity Please see career page
>> > http://chrishull.com/career
>> > 333 Orchard Ave, Sunnyvale CA. 94085
>> > (415) 385 4865 <tel:%28415%29%20385%204865>
>> > chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>
>> > http://chrishull.com
>> >
>> >
>> >
>> > On Wed, Mar 23, 2016 at 3:34 PM, Dan Sneddon <dsneddon at redhat.com
>> > <mailto:dsneddon at redhat.com>> wrote:
>> >
>> > On 03/23/2016 03:05 PM, Christopher Hull wrote:
>> > > Hi Keven / all;
>> > >
>> > > Re: Getting a Neutron Router to work. (set
>> external_network_bridge =
>> > > blank). Apologies if this got sent twice.
>> > >
>> > > Nope, not quite there yet re getting the damn router to work
>> > (week 3 on
>> > > this issue).
>> > >
>> > > The Liberty install instructions indeed say to set...
>> > > external_network_bridge =
>> > >
>> > > I'm so desperate that I thought the blank space after the = might
>> be
>> > > the issue. No. Then I noticed these instructions in
>> > l3_agent.ini itself.
>> > > -----
>> > > # When external_network_bridge is set, each L3 agent can be
>> > associated
>> > > # with no more than one external network. This value should be
>> set to
>> > > the UUID
>> > > # of that external network. To allow L3 agent support multiple
>> > external
>> > > # networks, both the external_network_bridge and
>> > > gateway_external_network_id
>> > > # must be left empty.
>> > > # gateway_external_network_id =
>> > > ----
>> > >
>> > > 1: Should gateway_external_network_id = be unoommented?
>> > > 2: Should I reupdate the database after these changes?
>> > > su -s /bin/sh -c "neutron-db-manage --config-file
>> > > /etc/neutron/neutron.conf \
>> > > --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade
>> > head" neutron
>> > >
>> > > 3: Should external_network_bridge in fact be set to the UUID of
>> the
>> > > public network?
>> > >
>> > > 4. All instances Ports work just fine on public and private
>> network.
>> > > WHAT is the difference between a Neutron router northbound port
>> > and an
>> > > instance port on the public net.
>> > >
>> > > Services restarted after config change (just removed space after =
>> > > actually just in case sloppy Python coding was involved here). In
>> > > fact, I rebooted the box just to be sure.
>> > >
>> > > Making my own instance based router is looking better and better
>> all
>> > > the time. If Neutron Routers really work, maybe UFO's exist too.
>> > > :-) j/k
>> > >
>> > >
>> > > Seriously. Thank you for your help. Hope to help the
>> community
>> > > soon too myself. Trying to get my Gerrit account up and running
>> but
>> > > the OpenStack.org site won't allow me to sign the Contrib
>> agreement
>> > > with out getting a server error.
>> > >
>> > >
>> > > ==== Config Details ======
>> > > Issue Neutron Router Northbound Port won't Ping, is Down
>> > >
>> > > [root at maersk src]# ./pluto.py show -p /etc neutron
>> rootwrap.conf
>> > > ml2_conf.ini l3_agent.ini linuxbridge_agent.ini dhcp_agent.ini
>> > >
>> >
>> +-----------------------+------------------------------------+-------------------------------------------------+
>> > > | neutron: Section | Key |
>> > > Value |
>> > >
>> >
>> +-----------------------+------------------------------------+-------------------------------------------------+
>> > > | DEFAULT | verbose |
>> > > True |
>> > > | DEFAULT | nova_url |
>> > > http://controller:8774/v2 |
>> > > | DEFAULT | notify_nova_on_port_data_changes |
>> > > True |
>> > > | DEFAULT | notify_nova_on_port_status_changes |
>> > > True |
>> > > | DEFAULT | auth_strategy |
>> > > keystone |
>> > > | DEFAULT | rpc_backend |
>> > > rabbit |
>> > > | DEFAULT | allow_overlapping_ips |
>> > > True |
>> > > | DEFAULT | service_plugins |
>> > > router |
>> > > | DEFAULT | core_plugin |
>> > > ml2 |
>> > > | keystone_authtoken | password |
>> > > mk4968small23buggidntpass |
>> > > | keystone_authtoken | username |
>> > > neutron |
>> > > | keystone_authtoken | project_name |
>> > > service |
>> > > | keystone_authtoken | user_domain_id |
>> > > default |
>> > > | keystone_authtoken | project_domain_id |
>> > > default |
>> > > | keystone_authtoken | auth_plugin |
>> > > password |
>> > > | keystone_authtoken | auth_url |
>> > > http://controller:35357 |
>> > > | keystone_authtoken | auth_uri |
>> > > http://controller:5000 |
>> > > | database | connection |
>> > > mysql://neutron:sleestack191@controller/neutron |
>> > > | nova | password |
>> > > mk4968small23buggidntpass |
>> > > | nova | username |
>> > > nova |
>> > > | nova | project_name |
>> > > service |
>> > > | nova | region_name |
>> > > RegionOne |
>> > > | nova | user_domain_id |
>> > > default |
>> > > | nova | project_domain_id |
>> > > default |
>> > > | nova | auth_plugin |
>> > > password |
>> > > | nova | auth_url |
>> > > http://controller:35357 |
>> > > | oslo_concurrency | lock_path |
>> > > /var/lib/neutron/tmp |
>> > > | oslo_messaging_rabbit | rabbit_password |
>> > > open.g00dke232 |
>> > > | oslo_messaging_rabbit | rabbit_userid |
>> > > openstack |
>> > > | oslo_messaging_rabbit | rabbit_host |
>> > > controller |
>> > >
>> >
>> +-----------------------+------------------------------------+-------------------------------------------------+
>> > >
>> >
>> +-------------------+---------------------+--------------------------------------------------------------+
>> > > | rootwrap: Section | Key |
>> > > Value |
>> > >
>> >
>> +-------------------+---------------------+--------------------------------------------------------------+
>> > > | DEFAULT | filters_path |
>> > > /etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap |
>> > > | DEFAULT | exec_dirs |
>> > > /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin |
>> > > | DEFAULT | use_syslog |
>> > > False |
>> > > | DEFAULT | syslog_log_facility |
>> > > syslog |
>> > > | DEFAULT | syslog_log_level |
>> > > ERROR |
>> > >
>> >
>> +-------------------+---------------------+--------------------------------------------------------------+
>> > >
>> >
>> +-------------------+----------------------+--------------------------+
>> > > | ml2_conf: Section | Key | Value
>> > |
>> > >
>> >
>> +-------------------+----------------------+--------------------------+
>> > > | ml2 | extension_drivers | port_security
>> > |
>> > > | ml2 | mechanism_drivers |
>> > linuxbridge,l2population |
>> > > | ml2 | tenant_network_types | vxlan
>> > |
>> > > | ml2 | type_drivers | flat,vlan,vxlan
>> > |
>> > > | ml2_type_flat | flat_networks | public
>> > |
>> > > | ml2_type_vxlan | vni_ranges | 1:1000
>> > |
>> > > | securitygroup | enable_ipset | True
>> > |
>> > >
>> >
>> +-------------------+----------------------+--------------------------+
>> > >
>> >
>> +-------------------+--------------------------+-----------------------------------------------------+
>> > > | l3_agent: Section | Key |
>> > > Value |
>> > >
>> >
>> +-------------------+--------------------------+-----------------------------------------------------+
>> > > | DEFAULT | external_network_bridge
>> > > | |
>> > > | DEFAULT | verbose |
>> > > True |
>> > > | DEFAULT | interface_driver |
>> > > neutron.agent.linux.interface.BridgeInterfaceDriver |
>> > >
>> >
>> +-------------------+--------------------------+-----------------------------------------------------+
>> > >
>> >
>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>> > > | linuxbridge_agent: Section | Key |
>> > > Value |
>> > >
>> >
>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>> > > | linux_bridge | physical_interface_mappings |
>> > > public:enp3s0 |
>> > > | vxlan | l2_population |
>> > > True |
>> > > | vxlan | local_ip |
>> > > 172.22.10.99 |
>> > > | vxlan | enable_vxlan |
>> > > True |
>> > > | agent | prevent_arp_spoofing |
>> > > True |
>> > > | securitygroup | firewall_driver |
>> > > neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
>> > > | securitygroup | enable_security_group |
>> > > True |
>> > >
>> >
>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>> > >
>> >
>> +---------------------+--------------------------+-----------------------------------------------------+
>> > > | dhcp_agent: Section | Key |
>> > > Value |
>> > >
>> >
>> +---------------------+--------------------------+-----------------------------------------------------+
>> > > | DEFAULT | dnsmasq_config_file |
>> > > /etc/neutron/dnsmasq-neutron.conf |
>> > > | DEFAULT | verbose |
>> > > True |
>> > > | DEFAULT | enable_isolated_metadata |
>> > > True |
>> > > | DEFAULT | dhcp_driver |
>> > > neutron.agent.linux.dhcp.Dnsmasq |
>> > > | DEFAULT | interface_driver |
>> > > neutron.agent.linux.interface.BridgeInterfaceDriver |
>> > >
>> >
>> +---------------------+--------------------------+-----------------------------------------------------+
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > > - Christopher T. Hull
>> > > I am presently seeking a new career opportunity Please see
>> > career page
>> > > http://chrishull.com/career
>> > > 333 Orchard Ave, Sunnyvale CA. 94085
>> > > (415) 385 4865 <tel:%28415%29%20385%204865>
>> > > chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>
>> > <mailto:chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>>
>> > > http://chrishull.com
>> > >
>> > >
>> > >
>> > > On Wed, Mar 23, 2016 at 8:50 AM, <chrishull42 at gmail.com <mailto:
>> chrishull42 at gmail.com>
>> > > <mailto:chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>>>
>> wrote:
>> > >
>> > > Thanks. Will check that.
>> > > When I create an instance in the public or private nets they
>> ping.
>> > > Why do router ports behave differently than instance ports?
>> Only
>> > > the Northbound router port is down and won't ping. Will
>> check
>> > > settings ASAP thanks
>> > >
>> > > Chris.
>> > >
>> > > Sent from my iPhone
>> > >
>> > > On Mar 23, 2016, at 7:52 AM, Kevin Benton <kevin at benton.pub
>> > > <mailto:kevin at benton.pub <mailto:kevin at benton.pub>>> wrote:
>> > >
>> > >> Ok. The same settings should apply to Linux bridge.
>> > >>
>> > >> Make sure you have external_network_bridge defined in your L3
>> > >> agent as an empty value.
>> > >>
>> > >> Then your external network should be created with the
>> provider
>> > >> type of 'flat' and the physical network corresponding to the
>> one
>> > >> you have defined in your bridge mappings in the L2 agent
>> that
>> > >> attaches to the bridge going to your external physical
>> network.
>> > >>
>> > >> On Mar 23, 2016 7:25 AM, <chrishull42 at gmail.com <mailto:
>> chrishull42 at gmail.com>
>> > >> <mailto:chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>>>
>> wrote:
>> > >>
>> > >> Kevin;
>> > >> Thank you Very much. I'll check. I did a manual
>> Liberty
>> > >> install so I may have done something wrong. I am using
>> > >> LinuxBridge (not OpenVSwitch) if that helps. Will post
>> > >> results to list soon. Would like to be able to use
>> floating
>> > >> IPs, a more convenient form of ipTables basically.
>> > >>
>> > >> Chris.
>> > >>
>> > >> Sent from my iPhone
>> > >>
>> > >> On Mar 23, 2016, at 7:16 AM, Kevin Benton <
>> kevin at benton.pub
>> > >> <mailto:kevin at benton.pub <mailto:kevin at benton.pub>>>
>> wrote:
>> > >>
>> > >>> Do you have external_network_bridge set to an empty
>> value in
>> > >>> the l3 agent config? If not, the l3 agent will use a
>> legacy
>> > >>> mode of wiring up the port and it's status field may
>> not be
>> > >>> ACTIVE.
>> > >>>
>> > >>> The routers are tested thousands of times in the gate
>> every
>> > >>> day, so they work. It's just a matter of getting your
>> > >>> configuration correct.
>> > >>>
>> > >>> Yes, you can use a VM to route as well.
>> > >>>
>> > >>> On Mar 23, 2016 7:06 AM, <chrishull42 at gmail.com
>> <mailto:chrishull42 at gmail.com>
>> > >>> <mailto:chrishull42 at gmail.com <mailto:
>> chrishull42 at gmail.com>>> wrote:
>> > >>>
>> > >>> Hi all;
>> > >>> It appears that Liberty Neutron routers do not work.
>> > >>> The Northbound port is always Down.
>> > >>>
>> > >>> What I'd like to do is dedicate an instance
>> (CentOS) to
>> > >>> routing between the Public net and other nets. Has
>> > >>> anyone done this. Setting up the router is trivial.
>> > >>> But I'm a little worried about interaction with
>> Neutron
>> > >>> Ports. I need to assign fixed IPs so I can route
>> from
>> > >>> the Internet to a server instance.
>> > >>>
>> > >>> Ideas?
>> > >>>
>> > >>> Thanks
>> > >>> - Chris.
>> > >>>
>> > >>> Sent from my iPhone
>> > >>> _______________________________________________
>> > >>> OpenStack-operators mailing list
>> > >>> OpenStack-operators at lists.openstack.org
>> > <mailto:OpenStack-operators at lists.openstack.org>
>> > >>> <mailto:OpenStack-operators at lists.openstack.org
>> > <mailto:OpenStack-operators at lists.openstack.org>>
>> > >>>
>> >
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>> > >>>
>> > >
>> > >
>> > >
>> > > _______________________________________________
>> > > OpenStack-operators mailing list
>> > > OpenStack-operators at lists.openstack.org
>> > <mailto:OpenStack-operators at lists.openstack.org>
>> > >
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>> > >
>> >
>> > Definitely the external_network_bridge needs to be explicitly set to
>> > nothing. That's not the default. I've never had to change the
>> default
>> > gateway_external_network_id when I set external_network_bridge to a
>> > blank value.
>> >
>> > Note that after making changes to external_network_bridge, I've
>> have to
>> > delete and recreate the router/port/network that was created before
>> > that change.
>> >
>> > I assume that your bridge mappings are correct in
>> > /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:
>> >
>> > bridge_mappings =datacentre:br-ex # or whatever you have locally
>> >
>> > And that the physical_network of the external network matches the
>> > network name in the bridge_mappings that corresponds to the bridge
>> > containing the physical interface? Probably your instance ports
>> > wouldn't work if those things weren't correct, but those are also
>> areas
>> > where I see failures similar to this.
>> >
>> > --
>> > Dan Sneddon | Principal OpenStack Engineer
>> > dsneddon at redhat.com <mailto:dsneddon at redhat.com> |
>> > redhat.com/openstack <http://redhat.com/openstack>
>> > 650.254.4025 <tel:650.254.4025> | dsneddon:irc
>> @dxs:twitter
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > OpenStack-operators mailing list
>> > OpenStack-operators at lists.openstack.org
>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>> >
>>
>> I didn't mean to confuse you by assuming that you were running Open
>> vSwitch. You don't have to run Open vSwitch, and some things do work
>> differently when using Linux bridge.
>>
>> If your IP address is no longer on enp3s0, then that might be an
>> indicator that you have a bridge subsuming enp3s0. In that case, I'm
>> pretty sure that the physical_interface_mapping should be
>> public:<bridge>. I spend a lot more time with OVS deployments, though.
>>
>> --
>> Dan Sneddon | Principal OpenStack Engineer
>> dsneddon at redhat.com | redhat.com/openstack
>> 650.254.4025 | dsneddon:irc @dxs:twitter
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160324/8dfa2ba5/attachment.html>
More information about the OpenStack-operators
mailing list