[Openstack] nova/quantum/ovs configuration conundrum

Sina Sadeghi sina at aptira.com
Fri Nov 9 06:04:34 UTC 2012 

"I followed the instructions to add a route from 
http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_l3_agent_metadata.html 
but I don't immediately see how the route add helped here - but it has 
raised an eyebrow."

Tell me about it!

We wanted to use Quantum mostly so we could avoid being forced to 
upgrade from nova-network later on. Once again the difference between 
trunk (dev) and stable (ops) kills new OpenStack features for early 
production adopters. There is no way we can offer this to our customers. 
Are we expected to add a new route for every subnet our customers 
create, across every compute node, on the fly (including esoteric 
quantum port-list commands)?

As for the idea of having one quantum-l3-agent that NATs traffic for 
many compute nodes, I wasn't aware the concept of retro chic applied to 
network topologies :(

I shudder to think how this would operate at scale, so it looks like we 
will be sticking to our nova-network VLAN configuration.


--
*Sina Sadeghi*
Lead Cloud Engineer

*Aptira Pty Ltd*
1800 APTIRA
aptira.com <http://www.aptira.com>
Follow @aptira <https://twitter.com/#/aptira>

On 08/11/12 22:54, Kevin Jackson wrote:
> Hi Stephen,
> This is what I get... (note change of namespace etc as this machine is 
> a VM that was recreated).
>
> root at openstack:~# ip netns list
> qdhcp-3f0a3d53-f3a4-4da8-a5e0-1a97b6e51424
> qrouter-f26858db-3ae8-431b-86a7-edab80834586
>
> root at openstack:~# ip netns exec 
> qrouter-f26858db-3ae8-431b-86a7-edab80834586 wget 
> http://172.16.0.210:8775/
> --2012-11-08 10:52:11-- http://172.16.0.210:8775/
> Connecting to 172.16.0.210:8775... failed: No route to host.
>
> root at openstack:~# ip netns exec 
> qrouter-f26858db-3ae8-431b-86a7-edab80834586 ip r
> default via 172.16.1.254 dev qg-c396e75e-38
> 10.5.5.0/24 <http://10.5.5.0/24> dev qr-031aafac-19  proto kernel  
> scope link  src 10.5.5.1
> 172.16.1.0/24 <http://172.16.1.0/24> dev qg-c396e75e-38  proto kernel  
> scope link  src 172.16.1.10
>
> So it is a problem between my router and the physical network... That 
> 172.16.1.0/24 <http://172.16.1.0/24> is an "ext-net" network created 
> with an external router.  When I spin my instances up I use the 
> 10.5.5.0/24 <http://10.5.5.0/24> "int-net" network.
>
> I followed the instructions to add a route from 
> http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_l3_agent_metadata.html 
> but I don't immediately see how the route add helped here - but it has 
> raised an eyebrow.
>
> The output of the port-list gave me 172.16.1.10 to use as the 
> $ROUTER_GW_IP - which is odd as that IP was set as my external 
> floating range start IP.  Doing a traceroute to the 172.16.0.201 
> address from the router namespace went via 172.16.1.10... so I've some 
> things to play with for the time being...
>
> Thanks for your help so far.  Is the Guardian looking at OpenStack for 
> any projects (I'm from TMG)?
>
> Cheers,
> Kev
>
>
> On 8 November 2012 10:49, Stephen Gran <stephen.gran at guardian.co.uk 
> <mailto:stephen.gran at guardian.co.uk>> wrote:
>
>     Hi,
>
>
>     On Thu, 2012-11-08 at 10:02 +0000, Kevin Jackson wrote:
>>     Thanks for that - the namspace thing is starting to make sense.
>>     So I see this rule in there now:
>>
>>     Chain quantum-l3-agent-PREROUTING (1 references)
>>      pkts bytes target     prot opt in     out source              
>>     destination
>>        62  3720 DNAT       tcp  --  *      * 0.0.0.0/0
>>     <http://0.0.0.0/0> 169.254.169.254      tcp dpt:80
>>     to:172.16.0.201:8775 <http://172.16.0.201:8775>
>>
>>     But I never see a connection being made when I spin up an
>>     instance.  The instance reports no route to host.
>
>     It's unclear at this point if the problem is that your instance
>     can't reach it's gateway (the quantum router), or if the quantum
>     router can't reach the metadata server.
>
>     try:
>     ip netns exec qrouter-61245d6f-1195-4ca0-ba08-f0636f7d44c6 wget
>     http://172.16.0.201:8775/
>
>     To rule out the latter so you know where to concentrate your efforts.
>
>     -- 
>     Stephen Gran
>     Senior Systems Integrator -guardian.co.uk  <http://guardian.co.uk>
>
>     Please consider the environment before printing this email.
>     ------------------------------------------------------------------
>     Visitguardian.co.uk  <http://guardian.co.uk>  - website of the year
>       
>     www.guardian.co.uk  <http://www.guardian.co.uk>     www.observer.co.uk  <http://www.observer.co.uk>      www.guardiannews.com  <http://www.guardiannews.com>  
>       
>     On your mobile, visitm.guardian.co.uk  <http://m.guardian.co.uk>  or download the Guardian
>     iPhone appwww.guardian.co.uk/iphone  <http://www.guardian.co.uk/iphone>  and iPad editionwww.guardian.co.uk/iPad  <http://www.guardian.co.uk/iPad>  
>       
>     Save up to 37% by subscribing to the Guardian and Observer - choose the papers you want and get full digital access.
>     Visitguardian.co.uk/subscribe  <http://guardian.co.uk/subscribe>
>       
>     ---------------------------------------------------------------------
>     This e-mail and all attachments are confidential and may also
>     be privileged. If you are not the named recipient, please notify
>     the sender and delete the e-mail and all attachments immediately.
>     Do not disclose the contents to another person. You may not use
>     the information for any purpose, or store, or copy, it in any way.
>       
>     Guardian News & Media Limited is not liable for any computer
>     viruses or other material transmitted with or as part of this
>     e-mail. You should employ virus checking software.
>       
>     Guardian News & Media Limited
>       
>     A member of Guardian Media Group plc
>     Registered Office
>     PO Box 68164
>     Kings Place
>     90 York Way
>     London
>     N1P 2AP
>       
>     Registered in England Number 908396
>
>
>
>
> -- 
> Kevin Jackson
> @itarchitectkev
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121109/421a10d5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo.jpg
Type: image/jpeg
Size: 15934 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121109/421a10d5/attachment.jpg>

More information about the Openstack mailing list