[Openstack-operators] Manual router setup

Christopher Hull chrishull42 at gmail.com
Thu Mar 24 19:05:10 UTC 2016


Hmmm.   Curiously enough, I now see this.   This was not the case prior to
the creation of the nets and subnets in OpenStack.    OpenStack somehow did
this.

brq9ee73442-5a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
---->>>>>>  inet 172.22.10.99  <<<<<-------
        netmask 255.255.255.0  broadcast 172.22.10.255
        inet6 2602:306:31fd:1020:4815:7eff:fef4:99cf  prefixlen 64  scopeid
0x0<global>
        inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95  prefixlen 64  scopeid
0x0<global>
        inet6 fe80::70b5:65ff:fea6:c5d9  prefixlen 64  scopeid 0x20<link>
        ether 4a:15:7e:f4:99:cf  txqueuelen 0  (Ethernet)
        RX packets 188163  bytes 10141407 (9.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14734  bytes 27696525 (26.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
Used to be here.
        inet6 fe80::ae9e:17ff:feec:5d95  prefixlen 64  scopeid 0x20<link>
        ether ac:9e:17:ec:5d:95  txqueuelen 1000  (Ethernet)
        RX packets 947280  bytes 1081759456 (1.0 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 504788  bytes 63547204 (60.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

So perhaps I need to change the setting in...

| linuxbridge_agent
| linux_bridge               | physical_interface_mappings |
public:enp3s0

to public:brq9ee73442-5a    ?

-Chris




- Christopher T. Hull
I am presently seeking a new career opportunity  Please see career page
http://chrishull.com/career
333 Orchard Ave, Sunnyvale CA. 94085
(415) 385 4865
chrishull42 at gmail.com
http://chrishull.com



On Thu, Mar 24, 2016 at 11:58 AM, Christopher Hull <chrishull42 at gmail.com>
wrote:

> Hi James;
>
> As further proof that I'm just learning this stuff.  :-)   Been a dev for
> decades, but this industry is vast.   Would like to gather an end to end
> understanding of how LinuxBridge, etc works sometime.   Meanwhile, here is
> the current state of my system as per your input.
>
> ... This looks bad.    I'm assuming "enabled = no" isn't right.  :-)
> Have not yet moved static IP to br-?? from ephXXX (traditionally known as
> eth0) yet.
>
> Please let me know what you see.  Thanks!  :-)
>
> [root at maersk src]# brctl show
> bridge name    bridge id        STP enabled    interfaces
> brq573956a6-13        8000.72650bf7669c    no        tap74c0d2df-39
>                             tapbb0ceef0-e6
>                             vxlan-92
> brq9ee73442-5a        8000.4a157ef499cf    no        enp3s0
>                             tap788bdea8-02
>                             tapb8f78b33-19
>                             tapbc53b8c7-6a
>                             tapd669011b-bf
> virbr0        8000.5254003394b3    yes        virbr0-nic
>
>
>
> [root at maersk src]# ./pluto.py list -p /etc
> List of all Openstack conf files found under: /etc
>
> +----------------------------+-----------------------------------------------------+
> | Name                       | Full
> Path                                           |
>
> +----------------------------+-----------------------------------------------------+
> | glance-registry.conf       |
> /etc/glance/glance-registry.conf                    |
> | dnsmasq-neutron.conf       |
> /etc/neutron/dnsmasq-neutron.conf                   |
> | ml2_conf_ofa.ini           |
> /etc/neutron/plugins/ml2/ml2_conf_ofa.ini           |
> | glance-cache.conf          |
> /etc/glance/glance-cache.conf                       |
> | ml2_conf_fslsdn.ini        |
> /etc/neutron/plugins/ml2/ml2_conf_fslsdn.ini        |
> | restproxy.ini              |
> /etc/neutron/plugins/ml2/restproxy.ini              |
> | dhcp_agent.ini             |
> /etc/neutron/dhcp_agent.ini                         |
> | neutron.conf               |
> /etc/neutron/neutron.conf                           |
> | keystone.conf              |
> /etc/keystone/keystone.conf                         |
> | sriov_agent.ini            |
> /etc/neutron/plugins/ml2/sriov_agent.ini            |
> | logging.conf               |
> /etc/keystone/logging.conf                          |
> | glance-api.conf            |
> /etc/glance/glance-api.conf                         |
> | cinder.conf                |
> /etc/cinder/cinder.conf                             |
> | metadata_agent.ini         |
> /etc/neutron/metadata_agent.ini                     |
> | glance-scrubber.conf       |
> /etc/glance/glance-scrubber.conf                    |
> | api-paste.ini              |
> /etc/cinder/api-paste.ini                           |
> | linuxbridge_agent.ini      |
> /etc/neutron/plugins/ml2/linuxbridge_agent.ini      |
> | rootwrap.conf              |
> /etc/cinder/rootwrap.conf                           |
> | ml2_conf_sriov.ini         |
> /etc/neutron/plugins/ml2/ml2_conf_sriov.ini         |
> | l3_agent.ini               |
> /etc/neutron/l3_agent.ini                           |
> | ml2_conf.ini               |
> /etc/neutron/plugins/ml2/ml2_conf.ini               |
> | nova.conf                  |
> /etc/nova/nova.conf                                 |
> | plugin.ini                 |
> /etc/neutron/plugin.ini                             |
> | ml2_conf_brocade_fi_ni.ini |
> /etc/neutron/plugins/ml2/ml2_conf_brocade_fi_ni.ini |
> | ml2_conf_brocade.ini       |
> /etc/neutron/plugins/ml2/ml2_conf_brocade.ini       |
>
> +----------------------------+-----------------------------------------------------+
> [root at maersk src]# ./pluto.py show  -p /etc   linuxbridge_agent.ini
> ml2_conf.ini ml2_conf_sriov.ini
>
> +----------------------------+-----------------------------+--------------------------------------------------------------+
> | linuxbridge_agent: Section | Key                         |
> Value                                                        |
>
> +----------------------------+-----------------------------+--------------------------------------------------------------+
> | linux_bridge               | physical_interface_mappings |
> public:enp3s0                                                |
> | vxlan                      | l2_population               |
> True                                                         |
> | vxlan                      | local_ip                    |
> 172.22.10.99                                                 |
> | vxlan                      | enable_vxlan                |
> True                                                         |
> | agent                      | prevent_arp_spoofing        |
> True                                                         |
> | securitygroup              | firewall_driver             |
> neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
> | securitygroup              | enable_security_group       |
> True                                                         |
>
> +----------------------------+-----------------------------+--------------------------------------------------------------+
> +-------------------+----------------------+--------------------------+
> | ml2_conf: Section | Key                  | Value                    |
> +-------------------+----------------------+--------------------------+
> | ml2               | extension_drivers    | port_security            |
> | ml2               | mechanism_drivers    | linuxbridge,l2population |
> | ml2               | tenant_network_types | vxlan                    |
> | ml2               | type_drivers         | flat,vlan,vxlan          |
> | ml2_type_flat     | flat_networks        | public                   |
>
> | ml2_type_vxlan    | vni_ranges           | 1:1000                   |
> | securitygroup     | enable_ipset         | True                     |
> +-------------------+----------------------+--------------------------+
> +-------------------------+-----+-------+
> | ml2_conf_sriov: Section | Key | Value |
> +-------------------------+-----+-------+
> +-------------------------+-----+-------+
>
>
>
> [root at maersk src]# ip addr
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8 scope host lo
>        valid_lft forever preferred_lft forever
>     inet6 ::1/128 scope host
>        valid_lft forever preferred_lft forever
> 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master brq9ee73442-5a state UP qlen 1000
>     link/ether ac:9e:17:ec:5d:95 brd ff:ff:ff:ff:ff:ff
>     inet6 fe80::ae9e:17ff:feec:5d95/64 scope link
>        valid_lft forever preferred_lft forever
> 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
> state DOWN
>     link/ether 52:54:00:33:94:b3 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
>        valid_lft forever preferred_lft forever
> 4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master
> virbr0 state DOWN qlen 500
>     link/ether 52:54:00:33:94:b3 brd ff:ff:ff:ff:ff:ff
> 6: tapbb0ceef0-e6 at if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc
> pfifo_fast master brq573956a6-13 state UP qlen 1000
>     link/ether ea:16:29:c8:99:25 brd ff:ff:ff:ff:ff:ff link-netnsid 0
>     inet6 fe80::e816:29ff:fec8:9925/64 scope link
>        valid_lft forever preferred_lft forever
> 7: vxlan-92: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue
> master brq573956a6-13 state UNKNOWN
>     link/ether da:88:38:4a:06:e1 brd ff:ff:ff:ff:ff:ff
>     inet6 fe80::d888:38ff:fe4a:6e1/64 scope link
>        valid_lft forever preferred_lft forever
> 8: brq573956a6-13: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc
> noqueue state UP
>     link/ether 72:65:0b:f7:66:9c brd ff:ff:ff:ff:ff:ff
>     inet6 fe80::6469:36ff:fecc:a4d8/64 scope link
>        valid_lft forever preferred_lft forever
> 9: tap74c0d2df-39 at if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc
> pfifo_fast master brq573956a6-13 state UP qlen 1000
>     link/ether 72:65:0b:f7:66:9c brd ff:ff:ff:ff:ff:ff link-netnsid 1
>     inet6 fe80::7065:bff:fef7:669c/64 scope link
>        valid_lft forever preferred_lft forever
> 10: brq9ee73442-5a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP
>     link/ether 4a:15:7e:f4:99:cf brd ff:ff:ff:ff:ff:ff
>     inet 172.22.10.99/24 brd 172.22.10.255 scope global brq9ee73442-5a
>        valid_lft forever preferred_lft forever
>     inet6 2602:306:31fd:1020:4815:7eff:fef4:99cf/64 scope global
> mngtmpaddr dynamic
>        valid_lft 2591681sec preferred_lft 604481sec
>     inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95/64 scope global
>        valid_lft 2536726sec preferred_lft 549526sec
>     inet6 fe80::70b5:65ff:fea6:c5d9/64 scope link
>        valid_lft forever preferred_lft forever
> 11: tapb8f78b33-19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast master brq9ee73442-5a state UNKNOWN qlen 500
>     link/ether fe:16:3e:bc:ab:07 brd ff:ff:ff:ff:ff:ff
>     inet6 fe80::fc16:3eff:febc:ab07/64 scope link
>        valid_lft forever preferred_lft forever
> 13: tap788bdea8-02: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast master brq9ee73442-5a state UNKNOWN qlen 500
>     link/ether fe:16:3e:11:ae:9e brd ff:ff:ff:ff:ff:ff
>     inet6 fe80::fc16:3eff:fe11:ae9e/64 scope link
>        valid_lft forever preferred_lft forever
> 15: tapbc53b8c7-6a at if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast master brq9ee73442-5a state UP qlen 1000
>     link/ether 4a:15:7e:f4:99:cf brd ff:ff:ff:ff:ff:ff link-netnsid 2
>     inet6 fe80::4815:7eff:fef4:99cf/64 scope link
>        valid_lft forever preferred_lft forever
> 16: tapd669011b-bf: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast master brq9ee73442-5a state UNKNOWN qlen 500
>     link/ether fe:16:3e:52:6d:b4 brd ff:ff:ff:ff:ff:ff
>     inet6 fe80::fc16:3eff:fe52:6db4/64 scope link
>        valid_lft forever preferred_lft forever
>
>
>
> - Christopher T. Hull
> I am presently seeking a new career opportunity  Please see career page
> http://chrishull.com/career
> 333 Orchard Ave, Sunnyvale CA. 94085
> (415) 385 4865
> chrishull42 at gmail.com
> http://chrishull.com
>
>
>
> On Thu, Mar 24, 2016 at 10:21 AM, Christopher Hull <chrishull42 at gmail.com>
> wrote:
>
>> James;
>> Hey you know...  I seem to remember zeroing out "eth0" IP 0.0.0.0 and
>> setting the static IP on br-ex under Kilo and everything worked.  That was
>> using OVS.   Perhaps I do the same, as you suggest, with LinuxBridge.
>> Wow.   Thanks.   Will try.   And if this doesn't work I'll respond with the
>> diagnostic output you requested.
>>
>> Thanks to all of you;
>> -Chris
>>
>>
>> - Christopher T. Hull
>> I am presently seeking a new career opportunity  Please see career page
>> http://chrishull.com/career
>> 333 Orchard Ave, Sunnyvale CA. 94085
>> (415) 385 4865
>> chrishull42 at gmail.com
>> http://chrishull.com
>>
>>
>>
>> On Wed, Mar 23, 2016 at 5:57 PM, James Denton <james.denton at rackspace.com
>> > wrote:
>>
>>> Hi Christopher,
>>>
>>> Routers work under Liberty and LinuxBridge just fine, in my experience,
>>> so don’t be too quick to give up on them. I promise you’ll have a tougher
>>> go at it, at this point, using another virtual machine as a router.
>>>
>>> Some tips:
>>>
>>>
>>>    1. Use the ‘ip’ command rather than ‘ifconfig’. Output of ‘ip addr’
>>>    would be more helpful here.
>>>    2. Use ‘brctl show’ to see the virtual bridges and their members.
>>>    That output would be helpful here as well.
>>>
>>>
>>> You have an IP configured on interface enp3s0, and I can’t tell what you
>>> have set as the physical interface mappings in the ML2/LinuxBridge agent
>>> config. On older email I see this:
>>>
>>> >> physical_interface_mappings | public:enp3s0
>>>
>>> If that’s still the case, you’re going to have a hard time. The
>>> LinuxBridge agent expects to put the enp3s0 interface into the respective
>>> brq-* bridge that corresponds to the public (flat) network. Once the
>>> interface is in the bridge, you may lose connectivity to/from any address
>>> on that interface. At that point, your host will be unable to communicate
>>> with the router's gateway interface also in the bridge, and probably any
>>> external host. In this configuration, you may consider moving the IP from
>>> enp3s0 to the brq-* bridge temporarily. That should work. Give it a try and
>>> let me know.
>>>
>>> James
>>>
>>> From: Christopher Hull <chrishull42 at gmail.com>
>>> Date: Wednesday, March 23, 2016 at 7:21 PM
>>> To: Dan Sneddon <dsneddon at redhat.com>
>>> Cc: openstack-operators <openstack-operators at lists.openstack.org>
>>> Subject: Re: [Openstack-operators] Manual router setup
>>>
>>> Conclusion.  Neutron routers under Liberty (Linux Bridge) don't work.
>>> Please prove me wrong.....  Moving on to manual router creation.
>>> 1: How can I assign a fixed IP to an instance?
>>> 2: If I add routes will they get used?  I probably have to create a Port
>>> for every route (as Floating IPs do ).
>>>
>>>
>>> ------   Session:  Trying to create a working router for the 15th time.
>>> :-)  ----
>>>
>>>
>>> [root at maersk src]# ifconfig
>>> enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>>>         inet 172.22.10.99  netmask 255.255.255.0  broadcast 172.22.10.255
>>>         inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95  prefixlen 64
>>> scopeid 0x0<global>
>>>         inet6 fe80::ae9e:17ff:feec:5d95  prefixlen 64  scopeid 0x20<link>
>>>         ether ac:9e:17:ec:5d:95  txqueuelen 1000  (Ethernet)
>>>         RX packets 238  bytes 16020 (15.6 KiB)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 60  bytes 6650 (6.4 KiB)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
>>>         inet 127.0.0.1  netmask 255.0.0.0
>>>         inet6 ::1  prefixlen 128  scopeid 0x10<host>
>>>         loop  txqueuelen 0  (Local Loopback)
>>>         RX packets 4985  bytes 1060267 (1.0 MiB)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 4985  bytes 1060267 (1.0 MiB)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
>>>         inet 192.168.122.1  netmask 255.255.255.0  broadcast
>>> 192.168.122.255
>>>         ether 52:54:00:33:94:b3  txqueuelen 0  (Ethernet)
>>>         RX packets 0  bytes 0 (0.0 B)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 0  bytes 0 (0.0 B)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> [root at maersk src]# source admin-openrc.sh
>>> [root at maersk src]# clear
>>>
>>> [root at maersk src]# neutron net-create public --shared
>>> --provider:physical_network public \
>>> >    --provider:network_type flat
>>> Created a new network:
>>> +---------------------------+--------------------------------------+
>>> | Field                     | Value                                |
>>> +---------------------------+--------------------------------------+
>>> | admin_state_up            | True                                 |
>>> | id                        | 9ee73442-5a86-48c0-84da-8f650937fd08 |
>>> | mtu                       | 0                                    |
>>> | name                      | public                               |
>>> | port_security_enabled     | True                                 |
>>> | provider:network_type     | flat                                 |
>>> | provider:physical_network | public                               |
>>> | provider:segmentation_id  |                                      |
>>> | router:external           | False                                |
>>> | shared                    | True                                 |
>>> | status                    | ACTIVE                               |
>>> | subnets                   |                                      |
>>> | tenant_id                 | fdf3f98a9b0c4e9e94603d8a84ea41a8     |
>>> +---------------------------+--------------------------------------+
>>> [root at maersk src]# neutron subnet-create public 172.22.10.0/24 --name
>>> public \
>>> >    --allocation-pool start=172.22.10.10,end=172.22.10.90 \
>>> >    --dns-nameserver 172.22.10.254 --gateway 172.22.10.254
>>> --enable_dhcp False
>>> Created a new subnet:
>>> +-------------------+--------------------------------------------------+
>>> | Field             | Value                                            |
>>> +-------------------+--------------------------------------------------+
>>> | allocation_pools  | {"start": "172.22.10.10", "end": "172.22.10.90"} |
>>> | cidr              | 172.22.10.0/24                                   |
>>> | dns_nameservers   | 172.22.10.254                                    |
>>> | enable_dhcp       | False                                            |
>>> | gateway_ip        | 172.22.10.254                                    |
>>> | host_routes       |                                                  |
>>> | id                | 28683bfe-2410-4f9b-b805-ec3c7aee009a             |
>>> | ip_version        | 4                                                |
>>> | ipv6_address_mode |                                                  |
>>> | ipv6_ra_mode      |                                                  |
>>> | name              | public                                           |
>>> | network_id        | 9ee73442-5a86-48c0-84da-8f650937fd08             |
>>> | subnetpool_id     |                                                  |
>>> | tenant_id         | fdf3f98a9b0c4e9e94603d8a84ea41a8                 |
>>> +-------------------+--------------------------------------------------+
>>> [root at maersk src]# ifconfig
>>> enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>>>         inet 172.22.10.99  netmask 255.255.255.0  broadcast 172.22.10.255
>>>         inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95  prefixlen 64
>>> scopeid 0x0<global>
>>>         inet6 fe80::ae9e:17ff:feec:5d95  prefixlen 64  scopeid 0x20<link>
>>>         ether ac:9e:17:ec:5d:95  txqueuelen 1000  (Ethernet)
>>>         RX packets 5032  bytes 373870 (365.1 KiB)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 2602  bytes 3154215 (3.0 MiB)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
>>>         inet 127.0.0.1  netmask 255.0.0.0
>>>         inet6 ::1  prefixlen 128  scopeid 0x10<host>
>>>         loop  txqueuelen 0  (Local Loopback)
>>>         RX packets 46701  bytes 12008341 (11.4 MiB)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 46701  bytes 12008341 (11.4 MiB)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
>>>         inet 192.168.122.1  netmask 255.255.255.0  broadcast
>>> 192.168.122.255
>>>         ether 52:54:00:33:94:b3  txqueuelen 0  (Ethernet)
>>>         RX packets 0  bytes 0 (0.0 B)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 0  bytes 0 (0.0 B)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> [root at maersk src]# neutron net-list
>>>
>>> +--------------------------------------+--------+-----------------------------------------------------+
>>> | id                                   | name   |
>>> subnets                                             |
>>>
>>> +--------------------------------------+--------+-----------------------------------------------------+
>>> | 9ee73442-5a86-48c0-84da-8f650937fd08 | public |
>>> 28683bfe-2410-4f9b-b805-ec3c7aee009a 172.22.10.0/24 |
>>>
>>> +--------------------------------------+--------+-----------------------------------------------------+
>>> [root at maersk src]# source demo-openrc.sh
>>> [root at maersk src]# neutron net-create private
>>> Created a new network:
>>> +-----------------------+--------------------------------------+
>>> | Field                 | Value                                |
>>> +-----------------------+--------------------------------------+
>>> | admin_state_up        | True                                 |
>>> | id                    | 573956a6-1378-4100-83c2-db5c3bf9a95c |
>>> | mtu                   | 0                                    |
>>> | name                  | private                              |
>>> | port_security_enabled | True                                 |
>>> | router:external       | False                                |
>>> | shared                | False                                |
>>> | status                | ACTIVE                               |
>>> | subnets               |                                      |
>>> | tenant_id             | 7813be77b1de4196b1c6b77006afa21c     |
>>> +-----------------------+--------------------------------------+
>>> [root at maersk src]# neutron subnet-create private 192.168.10.0/24 \
>>> >      --name private --dns-nameserver 172.22.10.254 --gateway
>>> 192.168.10.1
>>> Created a new subnet:
>>>
>>> +-------------------+----------------------------------------------------+
>>> | Field             | Value
>>> |
>>>
>>> +-------------------+----------------------------------------------------+
>>> | allocation_pools  | {"start": "192.168.10.2", "end": "192.168.10.254"}
>>> |
>>> | cidr              | 192.168.10.0/24
>>> |
>>> | dns_nameservers   | 172.22.10.254
>>> |
>>> | enable_dhcp       | True
>>> |
>>> | gateway_ip        | 192.168.10.1
>>> |
>>> | host_routes       |
>>> |
>>> | id                | 83f4f5e5-13b6-41f2-af07-b96d86847e2b
>>> |
>>> | ip_version        | 4
>>> |
>>> | ipv6_address_mode |
>>> |
>>> | ipv6_ra_mode      |
>>> |
>>> | name              | private
>>> |
>>> | network_id        | 573956a6-1378-4100-83c2-db5c3bf9a95c
>>> |
>>> | subnetpool_id     |
>>> |
>>> | tenant_id         | 7813be77b1de4196b1c6b77006afa21c
>>> |
>>>
>>> +-------------------+----------------------------------------------------+
>>> [root at maersk src]# ifconfig
>>> brq573956a6-13: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
>>>         inet6 fe80::6469:36ff:fecc:a4d8  prefixlen 64  scopeid 0x20<link>
>>>         ether da:88:38:4a:06:e1  txqueuelen 0  (Ethernet)
>>>         RX packets 4  bytes 264 (264.0 B)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 7  bytes 578 (578.0 B)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>>>         inet 172.22.10.99  netmask 255.255.255.0  broadcast 172.22.10.255
>>>         inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95  prefixlen 64
>>> scopeid 0x0<global>
>>>         inet6 fe80::ae9e:17ff:feec:5d95  prefixlen 64  scopeid 0x20<link>
>>>         ether ac:9e:17:ec:5d:95  txqueuelen 1000  (Ethernet)
>>>         RX packets 5310  bytes 393373 (384.1 KiB)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 2661  bytes 3165497 (3.0 MiB)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
>>>         inet 127.0.0.1  netmask 255.0.0.0
>>>         inet6 ::1  prefixlen 128  scopeid 0x10<host>
>>>         loop  txqueuelen 0  (Local Loopback)
>>>         RX packets 50779  bytes 13259383 (12.6 MiB)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 50779  bytes 13259383 (12.6 MiB)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> tapbb0ceef0-e6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
>>>         inet6 fe80::e816:29ff:fec8:9925  prefixlen 64  scopeid 0x20<link>
>>>         ether ea:16:29:c8:99:25  txqueuelen 1000  (Ethernet)
>>>         RX packets 7  bytes 578 (578.0 B)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 13  bytes 1066 (1.0 KiB)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
>>>         inet 192.168.122.1  netmask 255.255.255.0  broadcast
>>> 192.168.122.255
>>>         ether 52:54:00:33:94:b3  txqueuelen 0  (Ethernet)
>>>         RX packets 0  bytes 0 (0.0 B)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 0  bytes 0 (0.0 B)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> vxlan-92: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
>>>         inet6 fe80::d888:38ff:fe4a:6e1  prefixlen 64  scopeid 0x20<link>
>>>         ether da:88:38:4a:06:e1  txqueuelen 0  (Ethernet)
>>>         RX packets 0  bytes 0 (0.0 B)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 0  bytes 0 (0.0 B)
>>>         TX errors 0  dropped 16 overruns 0  carrier 0  collisions 0
>>>
>>> [root at maersk src]# source admin-openrc.sh
>>> [root at maersk src]# neutron net-update public --router:external
>>> Updated network: public
>>> [root at maersk src]# source demo-openrc.sh
>>> [root at maersk src]# neutron router-create router
>>> Created a new router:
>>> +-----------------------+--------------------------------------+
>>> | Field                 | Value                                |
>>> +-----------------------+--------------------------------------+
>>> | admin_state_up        | True                                 |
>>> | external_gateway_info |                                      |
>>> | id                    | ff6a61f5-f497-43a1-b245-64ec8e87b488 |
>>> | name                  | router                               |
>>> | routes                |                                      |
>>> | status                | ACTIVE                               |
>>> | tenant_id             | 7813be77b1de4196b1c6b77006afa21c     |
>>> +-----------------------+--------------------------------------+
>>> [root at maersk src]# neutron router-interface-add router private
>>> Multiple router matches found for name 'router', use an ID to be more
>>> specific.
>>> [root at maersk src]# neutron router-list
>>> +--------------------------------------+--------+-----------------------+
>>> | id                                   | name   | external_gateway_info |
>>> +--------------------------------------+--------+-----------------------+
>>> | 5939b796-cae6-4d72-8d34-66e20afb95aa | router | null                  |
>>> | ff6a61f5-f497-43a1-b245-64ec8e87b488 | router | null                  |
>>> +--------------------------------------+--------+-----------------------+
>>> [root at maersk src]# neutron router-delete
>>> 5939b796-cae6-4d72-8d34-66e20afb95aa
>>> Deleted router: 5939b796-cae6-4d72-8d34-66e20afb95aa
>>> [root at maersk src]# neutron router-delete
>>> ff6a61f5-f497-43a1-b245-64ec8e87b488
>>> Deleted router: ff6a61f5-f497-43a1-b245-64ec8e87b488
>>> [root at maersk src]# neutron router-create router
>>> Created a new router:
>>> +-----------------------+--------------------------------------+
>>> | Field                 | Value                                |
>>> +-----------------------+--------------------------------------+
>>> | admin_state_up        | True                                 |
>>> | external_gateway_info |                                      |
>>> | id                    | a1be1dbd-1a94-4a8c-8093-45a7af89140c |
>>> | name                  | router                               |
>>> | routes                |                                      |
>>> | status                | ACTIVE                               |
>>> | tenant_id             | 7813be77b1de4196b1c6b77006afa21c     |
>>> +-----------------------+--------------------------------------+
>>> [root at maersk src]# neutron router-interface-add router private
>>> Added interface 74c0d2df-3944-43d7-8be9-2ef0d9242edc to router router.
>>> [root at maersk src]# neutron router-gateway-set router public
>>> Set gateway for router router
>>> [root at maersk src]# source admin-openrc.sh
>>> [root at maersk src]# ip netns
>>> qrouter-a1be1dbd-1a94-4a8c-8093-45a7af89140c (id: 1)
>>> qdhcp-573956a6-1378-4100-83c2-db5c3bf9a95c (id: 0)
>>> [root at maersk src]# neutron router-port-list router
>>>
>>> +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
>>> | id                                   | name | mac_address       |
>>> fixed_ips
>>> |
>>>
>>> +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
>>> | 21c8decf-e4c8-4467-9266-ca5cfb9c7c20 |      | fa:16:3e:d6:29:b4 |
>>> {"subnet_id": "28683bfe-2410-4f9b-b805-ec3c7aee009a", "ip_address":
>>> "172.22.10.10"} |
>>> | 74c0d2df-3944-43d7-8be9-2ef0d9242edc |      | fa:16:3e:7b:d6:0f |
>>> {"subnet_id": "83f4f5e5-13b6-41f2-af07-b96d86847e2b", "ip_address":
>>> "192.168.10.1"} |
>>>
>>> +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
>>> [root at maersk src]# ping 172.22.10.10
>>> PING 172.22.10.10 (172.22.10.10) 56(84) bytes of data.
>>> From 172.22.10.99 icmp_seq=1 Destination Host Unreachable
>>> From 172.22.10.99 icmp_seq=2 Destination Host Unreachable
>>> From 172.22.10.99 icmp_seq=3 Destination Host Unreachable
>>> From 172.22.10.99 icmp_seq=4 Destination Host Unreachable
>>> From 172.22.10.99 icmp_seq=5 Destination Host Unreachable
>>> From 172.22.10.99 icmp_seq=6 Destination Host Unreachable
>>> From 172.22.10.99 icmp_seq=7 Destination Host Unreachable
>>> From 172.22.10.99 icmp_seq=8 Destination Host Unreachable
>>> ^C
>>> --- 172.22.10.10 ping statistics ---
>>> 8 packets transmitted, 0 received, +8 errors, 100% packet loss, time
>>> 7000ms
>>> pipe 4
>>> [root at maersk src]# ifconfig
>>> brq573956a6-13: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
>>>         inet6 fe80::6469:36ff:fecc:a4d8  prefixlen 64  scopeid 0x20<link>
>>>         ether 72:65:0b:f7:66:9c  txqueuelen 0  (Ethernet)
>>>         RX packets 6  bytes 348 (348.0 B)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 8  bytes 648 (648.0 B)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>>>         inet 172.22.10.99  netmask 255.255.255.0  broadcast 172.22.10.255
>>>         inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95  prefixlen 64
>>> scopeid 0x0<global>
>>>         inet6 fe80::ae9e:17ff:feec:5d95  prefixlen 64  scopeid 0x20<link>
>>>         ether ac:9e:17:ec:5d:95  txqueuelen 1000  (Ethernet)
>>>         RX packets 6360  bytes 464736 (453.8 KiB)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 2867  bytes 3196849 (3.0 MiB)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
>>>         inet 127.0.0.1  netmask 255.0.0.0
>>>         inet6 ::1  prefixlen 128  scopeid 0x10<host>
>>>         loop  txqueuelen 0  (Local Loopback)
>>>         RX packets 65582  bytes 17827940 (17.0 MiB)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 65582  bytes 17827940 (17.0 MiB)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> tap74c0d2df-39: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
>>>         inet6 fe80::7065:bff:fef7:669c  prefixlen 64  scopeid 0x20<link>
>>>         ether 72:65:0b:f7:66:9c  txqueuelen 1000  (Ethernet)
>>>         RX packets 10  bytes 864 (864.0 B)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 8  bytes 648 (648.0 B)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> tapbb0ceef0-e6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
>>>         inet6 fe80::e816:29ff:fec8:9925  prefixlen 64  scopeid 0x20<link>
>>>         ether ea:16:29:c8:99:25  txqueuelen 1000  (Ethernet)
>>>         RX packets 8  bytes 648 (648.0 B)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 16  bytes 1248 (1.2 KiB)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
>>>         inet 192.168.122.1  netmask 255.255.255.0  broadcast
>>> 192.168.122.255
>>>         ether 52:54:00:33:94:b3  txqueuelen 0  (Ethernet)
>>>         RX packets 0  bytes 0 (0.0 B)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 0  bytes 0 (0.0 B)
>>>         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> vxlan-92: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
>>>         inet6 fe80::d888:38ff:fe4a:6e1  prefixlen 64  scopeid 0x20<link>
>>>         ether da:88:38:4a:06:e1  txqueuelen 0  (Ethernet)
>>>         RX packets 0  bytes 0 (0.0 B)
>>>         RX errors 0  dropped 0  overruns 0  frame 0
>>>         TX packets 0  bytes 0 (0.0 B)
>>>         TX errors 0  dropped 19 overruns 0  carrier 0  collisions 0
>>>
>>>
>>>
>>>
>>> - Christopher T. Hull
>>> I am presently seeking a new career opportunity  Please see career page
>>> http://chrishull.com/career
>>> 333 Orchard Ave, Sunnyvale CA. 94085
>>> (415) 385 4865
>>> chrishull42 at gmail.com
>>> http://chrishull.com
>>>
>>>
>>>
>>> On Wed, Mar 23, 2016 at 4:34 PM, Dan Sneddon <dsneddon at redhat.com>
>>> wrote:
>>>
>>>> On 03/23/2016 04:06 PM, Christopher Hull wrote:
>>>> > Hmmm.   Well I'm not using OpenVSwitch.  Just LinuxBridge.   My CentOS
>>>> > 7 install sees emp3s0 where eth0 would usually appear.   But this may
>>>> > need to be changed to br-ex?  The IP address no longer apperas at
>>>> > enp3s0, so perhaps that's the issue.
>>>> >
>>>> > When I make changes, I tear down all the networks and rebuild them
>>>> > according to instructions.   I do this after restarting the machine.
>>>> I
>>>> > wonder if the database needs to be updated as well.
>>>> >
>>>> > su -s /bin/sh -c "neutron-db-manage --config-file
>>>> > /etc/neutron/neutron.conf \
>>>> >   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head"
>>>> neutron
>>>> > systemctl stop neutron-server.service \
>>>> >   neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
>>>> >   neutron-metadata-agent.service
>>>> > systemctl stop neutron-l3-agent.service
>>>> > and restart.
>>>> >
>>>> > Thanks for the help.   Yes.  It's a bit confusing.   Why are router
>>>> and
>>>> > instance ports different?  It is for this reason that I figured I
>>>> could
>>>> > just create my own instance/router.  But why should I have to?    Do
>>>> > routers not work unless you use OpenVSwitch?   The Liberty install
>>>> > instructions (unlike Kilo) don't seem to require installing
>>>> OpenVSwitch.
>>>> >
>>>> > linux_bridge_agent.ini
>>>> > inux_bridge               | physical_interface_mappings |
>>>> public:enp3s0
>>>> >
>>>> > Perhaps br-ex?   Or whereever I see my static IP when doing an
>>>> > ifconfig  :-)  Was enp3s0 when CentOS was first installed, but I think
>>>> > thats changed somehow.
>>>> >
>>>> >
>>>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>>>> > | linuxbridge_agent: Section | Key                         |
>>>> > Value                                                        |
>>>> >
>>>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>>>> > | linux_bridge               | physical_interface_mappings |
>>>> > public:enp3s0                                                |
>>>> > | vxlan                      | l2_population               |
>>>> > True                                                         |
>>>> > | vxlan                      | local_ip                    |
>>>> > 172.22.10.99                                                 |
>>>> > | vxlan                      | enable_vxlan                |
>>>> > True                                                         |
>>>> > | agent                      | prevent_arp_spoofing        |
>>>> > True                                                         |
>>>> > | securitygroup              | firewall_driver             |
>>>> > neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
>>>> > | securitygroup              | enable_security_group       |
>>>> > True                                                         |
>>>> >
>>>> +----------------------------+-----------------------------+--------------------------------------------------------------+
>>>> >
>>>> >
>>>> >
>>>> > - Christopher T. Hull
>>>> > I am presently seeking a new career opportunity  Please see career
>>>> page
>>>> > http://chrishull.com/career
>>>> > 333 Orchard Ave, Sunnyvale CA. 94085
>>>> > (415) 385 4865 <tel:%28415%29%20385%204865>
>>>> > chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>
>>>> > http://chrishull.com
>>>> >
>>>> >
>>>> >
>>>> > On Wed, Mar 23, 2016 at 3:34 PM, Dan Sneddon <dsneddon at redhat.com
>>>> > <mailto:dsneddon at redhat.com>> wrote:
>>>> >
>>>> >     On 03/23/2016 03:05 PM, Christopher Hull wrote:
>>>> >     > Hi Keven / all;
>>>> >     >
>>>> >     > Re: Getting a Neutron Router to work.  (set
>>>> external_network_bridge =
>>>> >     > blank).  Apologies if this got sent twice.
>>>> >     >
>>>> >     > Nope, not quite there yet re getting the damn router to work
>>>> >     (week 3 on
>>>> >     > this issue).
>>>> >     >
>>>> >     > The Liberty install instructions indeed say to set...
>>>> >     > external_network_bridge =
>>>> >     >
>>>> >     > I'm so desperate that I thought the blank space after the =
>>>> might be
>>>> >     > the issue.  No.   Then I noticed these instructions in
>>>> >     l3_agent.ini itself.
>>>> >     > -----
>>>> >     > # When external_network_bridge is set, each L3 agent can be
>>>> >     associated
>>>> >     > # with no more than one external network. This value should be
>>>> set to
>>>> >     > the UUID
>>>> >     > # of that external network. To allow L3 agent support multiple
>>>> >     external
>>>> >     > # networks, both the external_network_bridge and
>>>> >     > gateway_external_network_id
>>>> >     > # must be left empty.
>>>> >     > # gateway_external_network_id =
>>>> >     > ----
>>>> >     >
>>>> >     > 1: Should gateway_external_network_id = be unoommented?
>>>> >     > 2: Should I reupdate the database after these changes?
>>>> >     > su -s /bin/sh -c "neutron-db-manage --config-file
>>>> >     > /etc/neutron/neutron.conf \
>>>> >     >   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade
>>>> >     head" neutron
>>>> >     >
>>>> >     > 3: Should external_network_bridge in fact be set to the UUID of
>>>> the
>>>> >     > public network?
>>>> >     >
>>>> >     > 4. All instances Ports work just fine on public and private
>>>> network.
>>>> >     > WHAT is the difference between a Neutron router northbound port
>>>> >     and an
>>>> >     > instance port on the public net.
>>>> >     >
>>>> >     > Services restarted after config change (just removed space
>>>> after =
>>>> >     > actually just in case sloppy Python coding was involved here).
>>>> In
>>>> >     > fact, I rebooted the box just to be sure.
>>>> >     >
>>>> >     > Making my own instance based router is looking better and
>>>> better all
>>>> >     > the time.   If Neutron Routers really work, maybe UFO's exist
>>>> too.
>>>> >     > :-)   j/k
>>>> >     >
>>>> >     >
>>>> >     > Seriously.  Thank you for your help.     Hope to help the
>>>> community
>>>> >     > soon too myself.  Trying to get my Gerrit account up and
>>>> running but
>>>> >     > the OpenStack.org site won't allow me to sign the Contrib
>>>> agreement
>>>> >     > with out getting a server error.
>>>> >     >
>>>> >     >
>>>> >     > ====  Config Details ======
>>>> >     > Issue   Neutron Router Northbound Port won't Ping, is Down
>>>> >     >
>>>> >     > [root at maersk src]# ./pluto.py show  -p /etc neutron
>>>> rootwrap.conf
>>>> >     > ml2_conf.ini l3_agent.ini linuxbridge_agent.ini dhcp_agent.ini
>>>> >     >
>>>> >
>>>>  +-----------------------+------------------------------------+-------------------------------------------------+
>>>> >     > | neutron: Section      | Key                                |
>>>> >     > Value                                           |
>>>> >     >
>>>> >
>>>>  +-----------------------+------------------------------------+-------------------------------------------------+
>>>> >     > | DEFAULT               | verbose                            |
>>>> >     > True                                            |
>>>> >     > | DEFAULT               | nova_url                           |
>>>> >     > http://controller:8774/v2                       |
>>>> >     > | DEFAULT               | notify_nova_on_port_data_changes   |
>>>> >     > True                                            |
>>>> >     > | DEFAULT               | notify_nova_on_port_status_changes |
>>>> >     > True                                            |
>>>> >     > | DEFAULT               | auth_strategy                      |
>>>> >     > keystone                                        |
>>>> >     > | DEFAULT               | rpc_backend                        |
>>>> >     > rabbit                                          |
>>>> >     > | DEFAULT               | allow_overlapping_ips              |
>>>> >     > True                                            |
>>>> >     > | DEFAULT               | service_plugins                    |
>>>> >     > router                                          |
>>>> >     > | DEFAULT               | core_plugin                        |
>>>> >     > ml2                                             |
>>>> >     > | keystone_authtoken    | password                           |
>>>> >     > mk4968small23buggidntpass                       |
>>>> >     > | keystone_authtoken    | username                           |
>>>> >     > neutron                                         |
>>>> >     > | keystone_authtoken    | project_name                       |
>>>> >     > service                                         |
>>>> >     > | keystone_authtoken    | user_domain_id                     |
>>>> >     > default                                         |
>>>> >     > | keystone_authtoken    | project_domain_id                  |
>>>> >     > default                                         |
>>>> >     > | keystone_authtoken    | auth_plugin                        |
>>>> >     > password                                        |
>>>> >     > | keystone_authtoken    | auth_url                           |
>>>> >     > http://controller:35357                         |
>>>> >     > | keystone_authtoken    | auth_uri                           |
>>>> >     > http://controller:5000                          |
>>>> >     > | database              | connection                         |
>>>> >     > mysql://neutron:sleestack191@controller/neutron |
>>>> >     > | nova                  | password                           |
>>>> >     > mk4968small23buggidntpass                       |
>>>> >     > | nova                  | username                           |
>>>> >     > nova                                            |
>>>> >     > | nova                  | project_name                       |
>>>> >     > service                                         |
>>>> >     > | nova                  | region_name                        |
>>>> >     > RegionOne                                       |
>>>> >     > | nova                  | user_domain_id                     |
>>>> >     > default                                         |
>>>> >     > | nova                  | project_domain_id                  |
>>>> >     > default                                         |
>>>> >     > | nova                  | auth_plugin                        |
>>>> >     > password                                        |
>>>> >     > | nova                  | auth_url                           |
>>>> >     > http://controller:35357                         |
>>>> >     > | oslo_concurrency      | lock_path                          |
>>>> >     > /var/lib/neutron/tmp                            |
>>>> >     > | oslo_messaging_rabbit | rabbit_password                    |
>>>> >     > open.g00dke232                                  |
>>>> >     > | oslo_messaging_rabbit | rabbit_userid                      |
>>>> >     > openstack                                       |
>>>> >     > | oslo_messaging_rabbit | rabbit_host                        |
>>>> >     > controller                                      |
>>>> >     >
>>>> >
>>>>  +-----------------------+------------------------------------+-------------------------------------------------+
>>>> >     >
>>>> >
>>>>  +-------------------+---------------------+--------------------------------------------------------------+
>>>> >     > | rootwrap: Section | Key                 |
>>>> >     > Value                                                        |
>>>> >     >
>>>> >
>>>>  +-------------------+---------------------+--------------------------------------------------------------+
>>>> >     > | DEFAULT           | filters_path        |
>>>> >     > /etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap            |
>>>> >     > | DEFAULT           | exec_dirs           |
>>>> >     > /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin |
>>>> >     > | DEFAULT           | use_syslog          |
>>>> >     > False                                                        |
>>>> >     > | DEFAULT           | syslog_log_facility |
>>>> >     > syslog                                                       |
>>>> >     > | DEFAULT           | syslog_log_level    |
>>>> >     > ERROR                                                        |
>>>> >     >
>>>> >
>>>>  +-------------------+---------------------+--------------------------------------------------------------+
>>>> >     >
>>>> >
>>>>  +-------------------+----------------------+--------------------------+
>>>> >     > | ml2_conf: Section | Key                  | Value
>>>> >         |
>>>> >     >
>>>> >
>>>>  +-------------------+----------------------+--------------------------+
>>>> >     > | ml2               | extension_drivers    | port_security
>>>> >         |
>>>> >     > | ml2               | mechanism_drivers    |
>>>> >     linuxbridge,l2population |
>>>> >     > | ml2               | tenant_network_types | vxlan
>>>> >         |
>>>> >     > | ml2               | type_drivers         | flat,vlan,vxlan
>>>> >         |
>>>> >     > | ml2_type_flat     | flat_networks        | public
>>>> >          |
>>>> >     > | ml2_type_vxlan    | vni_ranges           | 1:1000
>>>> >          |
>>>> >     > | securitygroup     | enable_ipset         | True
>>>> >          |
>>>> >     >
>>>> >
>>>>  +-------------------+----------------------+--------------------------+
>>>> >     >
>>>> >
>>>>  +-------------------+--------------------------+-----------------------------------------------------+
>>>> >     > | l3_agent: Section | Key                      |
>>>> >     > Value                                               |
>>>> >     >
>>>> >
>>>>  +-------------------+--------------------------+-----------------------------------------------------+
>>>> >     > | DEFAULT           | external_network_bridge
>>>> >     > |                                                     |
>>>> >     > | DEFAULT           | verbose                  |
>>>> >     > True                                                |
>>>> >     > | DEFAULT           | interface_driver         |
>>>> >     > neutron.agent.linux.interface.BridgeInterfaceDriver |
>>>> >     >
>>>> >
>>>>  +-------------------+--------------------------+-----------------------------------------------------+
>>>> >     >
>>>> >
>>>>  +----------------------------+-----------------------------+--------------------------------------------------------------+
>>>> >     > | linuxbridge_agent: Section | Key                         |
>>>> >     > Value                                                        |
>>>> >     >
>>>> >
>>>>  +----------------------------+-----------------------------+--------------------------------------------------------------+
>>>> >     > | linux_bridge               | physical_interface_mappings |
>>>> >     > public:enp3s0                                                |
>>>> >     > | vxlan                      | l2_population               |
>>>> >     > True                                                         |
>>>> >     > | vxlan                      | local_ip                    |
>>>> >     > 172.22.10.99                                                 |
>>>> >     > | vxlan                      | enable_vxlan                |
>>>> >     > True                                                         |
>>>> >     > | agent                      | prevent_arp_spoofing        |
>>>> >     > True                                                         |
>>>> >     > | securitygroup              | firewall_driver             |
>>>> >     > neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
>>>> >     > | securitygroup              | enable_security_group       |
>>>> >     > True                                                         |
>>>> >     >
>>>> >
>>>>  +----------------------------+-----------------------------+--------------------------------------------------------------+
>>>> >     >
>>>> >
>>>>  +---------------------+--------------------------+-----------------------------------------------------+
>>>> >     > | dhcp_agent: Section | Key                      |
>>>> >     > Value                                               |
>>>> >     >
>>>> >
>>>>  +---------------------+--------------------------+-----------------------------------------------------+
>>>> >     > | DEFAULT             | dnsmasq_config_file      |
>>>> >     > /etc/neutron/dnsmasq-neutron.conf                   |
>>>> >     > | DEFAULT             | verbose                  |
>>>> >     > True                                                |
>>>> >     > | DEFAULT             | enable_isolated_metadata |
>>>> >     > True                                                |
>>>> >     > | DEFAULT             | dhcp_driver              |
>>>> >     > neutron.agent.linux.dhcp.Dnsmasq                    |
>>>> >     > | DEFAULT             | interface_driver         |
>>>> >     > neutron.agent.linux.interface.BridgeInterfaceDriver |
>>>> >     >
>>>> >
>>>>  +---------------------+--------------------------+-----------------------------------------------------+
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     > - Christopher T. Hull
>>>> >     > I am presently seeking a new career opportunity  Please see
>>>> >     career page
>>>> >     > http://chrishull.com/career
>>>> >     > 333 Orchard Ave, Sunnyvale CA. 94085
>>>> >     > (415) 385 4865 <tel:%28415%29%20385%204865>
>>>> >     > chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>
>>>> >     <mailto:chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>>
>>>> >     > http://chrishull.com
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     > On Wed, Mar 23, 2016 at 8:50 AM, <chrishull42 at gmail.com
>>>> <mailto:chrishull42 at gmail.com>
>>>> >     > <mailto:chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>>>
>>>> wrote:
>>>> >     >
>>>> >     >     Thanks. Will check that.
>>>> >     >     When I create an instance in the public or private nets
>>>> they ping.
>>>> >     >     Why do router ports behave differently than instance
>>>> ports?  Only
>>>> >     >     the Northbound router port is down and won't ping.   Will
>>>> check
>>>> >     >     settings ASAP thanks
>>>> >     >
>>>> >     >     Chris.
>>>> >     >
>>>> >     >     Sent from my iPhone
>>>> >     >
>>>> >     >     On Mar 23, 2016, at 7:52 AM, Kevin Benton <kevin at benton.pub
>>>> >     >     <mailto:kevin at benton.pub <mailto:kevin at benton.pub>>> wrote:
>>>> >     >
>>>> >     >>     Ok. The same settings should apply to Linux bridge.
>>>> >     >>
>>>> >     >>     Make sure you have external_network_bridge defined in your
>>>> L3
>>>> >     >>     agent as an empty value.
>>>> >     >>
>>>> >     >>     Then your external network should be created with the
>>>> provider
>>>> >     >>     type of 'flat' and the physical network corresponding to
>>>> the one
>>>> >     >>     you have defined in your bridge mappings in the L2 agent
>>>> that
>>>> >     >>     attaches to the bridge going to your external physical
>>>> network.
>>>> >     >>
>>>> >     >>     On Mar 23, 2016 7:25 AM, <chrishull42 at gmail.com <mailto:
>>>> chrishull42 at gmail.com>
>>>> >     >>     <mailto:chrishull42 at gmail.com <mailto:
>>>> chrishull42 at gmail.com>>> wrote:
>>>> >     >>
>>>> >     >>         Kevin;
>>>> >     >>         Thank you Very much.  I'll check.   I did a manual
>>>> Liberty
>>>> >     >>         install so I may have done something wrong.  I am using
>>>> >     >>         LinuxBridge (not OpenVSwitch) if that helps.  Will post
>>>> >     >>         results to list soon.  Would like to be able to use
>>>> floating
>>>> >     >>         IPs, a more convenient form of ipTables basically.
>>>> >     >>
>>>> >     >>         Chris.
>>>> >     >>
>>>> >     >>         Sent from my iPhone
>>>> >     >>
>>>> >     >>         On Mar 23, 2016, at 7:16 AM, Kevin Benton <
>>>> kevin at benton.pub
>>>> >     >>         <mailto:kevin at benton.pub <mailto:kevin at benton.pub>>>
>>>> wrote:
>>>> >     >>
>>>> >     >>>         Do you have external_network_bridge set to an empty
>>>> value in
>>>> >     >>>         the l3 agent config? If not, the l3 agent will use a
>>>> legacy
>>>> >     >>>         mode of wiring up the port and it's status field may
>>>> not be
>>>> >     >>>         ACTIVE.
>>>> >     >>>
>>>> >     >>>         The routers are tested thousands of times in the gate
>>>> every
>>>> >     >>>         day, so they work. It's just a matter of getting your
>>>> >     >>>         configuration correct.
>>>> >     >>>
>>>> >     >>>         Yes, you can use a VM to route as well.
>>>> >     >>>
>>>> >     >>>         On Mar 23, 2016 7:06 AM, <chrishull42 at gmail.com
>>>> <mailto:chrishull42 at gmail.com>
>>>> >     >>>         <mailto:chrishull42 at gmail.com <mailto:
>>>> chrishull42 at gmail.com>>> wrote:
>>>> >     >>>
>>>> >     >>>             Hi all;
>>>> >     >>>             It appears that Liberty Neutron routers do not
>>>> work.
>>>> >     >>>             The Northbound port is always Down.
>>>> >     >>>
>>>> >     >>>             What I'd like to do is dedicate an instance
>>>> (CentOS) to
>>>> >     >>>             routing between the Public net and other nets.
>>>> Has
>>>> >     >>>             anyone done this.  Setting up the router is
>>>> trivial.
>>>> >     >>>             But I'm a little worried about interaction with
>>>> Neutron
>>>> >     >>>             Ports.  I need to assign fixed IPs so I can route
>>>> from
>>>> >     >>>             the Internet to a server instance.
>>>> >     >>>
>>>> >     >>>             Ideas?
>>>> >     >>>
>>>> >     >>>             Thanks
>>>> >     >>>             - Chris.
>>>> >     >>>
>>>> >     >>>             Sent from my iPhone
>>>> >     >>>             _______________________________________________
>>>> >     >>>             OpenStack-operators mailing list
>>>> >     >>>             OpenStack-operators at lists.openstack.org
>>>> >     <mailto:OpenStack-operators at lists.openstack.org>
>>>> >     >>>             <mailto:OpenStack-operators at lists.openstack.org
>>>> >     <mailto:OpenStack-operators at lists.openstack.org>>
>>>> >     >>>
>>>> >
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>> >     >>>
>>>> >     >
>>>> >     >
>>>> >     >
>>>> >     > _______________________________________________
>>>> >     > OpenStack-operators mailing list
>>>> >     > OpenStack-operators at lists.openstack.org
>>>> >     <mailto:OpenStack-operators at lists.openstack.org>
>>>> >     >
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>> >     >
>>>> >
>>>> >     Definitely the external_network_bridge needs to be explicitly set
>>>> to
>>>> >     nothing. That's not the default. I've never had to change the
>>>> default
>>>> >     gateway_external_network_id when I set external_network_bridge to
>>>> a
>>>> >     blank value.
>>>> >
>>>> >     Note that after making changes to external_network_bridge, I've
>>>> have to
>>>> >     delete and recreate the router/port/network that was created
>>>> before
>>>> >     that change.
>>>> >
>>>> >     I assume that your bridge mappings are correct in
>>>> >     /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:
>>>> >
>>>> >     bridge_mappings =datacentre:br-ex  # or whatever you have locally
>>>> >
>>>> >     And that the physical_network of the external network matches the
>>>> >     network name in the bridge_mappings that corresponds to the bridge
>>>> >     containing the physical interface? Probably your instance ports
>>>> >     wouldn't work if those things weren't correct, but those are also
>>>> areas
>>>> >     where I see failures similar to this.
>>>> >
>>>> >     --
>>>> >     Dan Sneddon         |  Principal OpenStack Engineer
>>>> >     dsneddon at redhat.com <mailto:dsneddon at redhat.com> |
>>>> >     redhat.com/openstack <http://redhat.com/openstack>
>>>> >     650.254.4025 <tel:650.254.4025>        |  dsneddon:irc
>>>>  @dxs:twitter
>>>> >
>>>> >
>>>> >
>>>> >
>>>> > _______________________________________________
>>>> > OpenStack-operators mailing list
>>>> > OpenStack-operators at lists.openstack.org
>>>> >
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>> >
>>>>
>>>> I didn't mean to confuse you by assuming that you were running Open
>>>> vSwitch. You don't have to run Open vSwitch, and some things do work
>>>> differently when using Linux bridge.
>>>>
>>>> If your IP address is no longer on enp3s0, then that might be an
>>>> indicator that you have a bridge subsuming enp3s0. In that case, I'm
>>>> pretty sure that the physical_interface_mapping should be
>>>> public:<bridge>. I spend a lot more time with OVS deployments, though.
>>>>
>>>> --
>>>> Dan Sneddon         |  Principal OpenStack Engineer
>>>> dsneddon at redhat.com |  redhat.com/openstack
>>>> 650.254.4025        |  dsneddon:irc   @dxs:twitter
>>>>
>>>> _______________________________________________
>>>> OpenStack-operators mailing list
>>>> OpenStack-operators at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160324/575c5e9c/attachment-0001.html>


More information about the OpenStack-operators mailing list