[Openstack] nova/quantum/ovs configuration conundrum

Choe, Cheng-Dae whitekid at gmail.com
Fri Nov 9 09:55:53 UTC 2012


currently.
l3_agent designed as serve all tenant's traffic or
per router per l3_agent by specify router_id in l3_agent.ini

so in current architecture. if you want deploy as production scale.
I think l3_agent must be dedicated to one router 

or the another solution is needed(nvp, midonet, cisco ...) 

2012. 11. 9., 오후 3:04, Sina Sadeghi <sina at aptira.com> 작성:

> "I followed the instructions to add a route from http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_l3_agent_metadata.html but I don't immediately see how the route add helped here - but it has raised an eyebrow."
> 
> Tell me about it!
> 
> We wanted to use Quantum mostly so we could avoid being forced to upgrade from nova-network later on. Once again the difference between trunk (dev) and stable (ops) kills new OpenStack features for early production adopters. There is no way we can offer this to our customers. Are we expected to add a new route for every subnet our customers create, across every compute node, on the fly (including esoteric quantum port-list commands)?
> 
> As for the idea of having one quantum-l3-agent that NATs traffic for many compute nodes, I wasn't aware the concept of retro chic applied to network topologies :(
> 
> I shudder to think how this would operate at scale, so it looks like we will be sticking to our nova-network VLAN configuration.
> 
> 
> --
> Sina Sadeghi
> Lead Cloud Engineer
> <logo.jpg>
> Aptira Pty Ltd
> 1800 APTIRA
> aptira.com
> Follow @aptira
> 
> On 08/11/12 22:54, Kevin Jackson wrote:
>> Hi Stephen, 
>> This is what I get... (note change of namespace etc as this machine is a VM that was recreated).
>> 
>> root at openstack:~# ip netns list
>> qdhcp-3f0a3d53-f3a4-4da8-a5e0-1a97b6e51424
>> qrouter-f26858db-3ae8-431b-86a7-edab80834586
>> 
>> root at openstack:~# ip netns exec qrouter-f26858db-3ae8-431b-86a7-edab80834586 wget http://172.16.0.210:8775/
>> --2012-11-08 10:52:11--  http://172.16.0.210:8775/
>> Connecting to 172.16.0.210:8775... failed: No route to host.
>> 
>> root at openstack:~# ip netns exec qrouter-f26858db-3ae8-431b-86a7-edab80834586 ip r                          
>> default via 172.16.1.254 dev qg-c396e75e-38 
>> 10.5.5.0/24 dev qr-031aafac-19  proto kernel  scope link  src 10.5.5.1 
>> 172.16.1.0/24 dev qg-c396e75e-38  proto kernel  scope link  src 172.16.1.10 
>> 
>> So it is a problem between my router and the physical network... That 172.16.1.0/24 is an "ext-net" network created with an external router.  When I spin my instances up I use the 10.5.5.0/24 "int-net" network.
>> 
>> I followed the instructions to add a route from http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_l3_agent_metadata.html but I don't immediately see how the route add helped here - but it has raised an eyebrow.
>> 
>> The output of the port-list gave me 172.16.1.10 to use as the $ROUTER_GW_IP - which is odd as that IP was set as my external floating range start IP.  Doing a traceroute to the 172.16.0.201 address from the router namespace went via 172.16.1.10... so I've some things to play with for the time being...
>> 
>> Thanks for your help so far.  Is the Guardian looking at OpenStack for any projects (I'm from TMG)?
>> 
>> Cheers,
>> Kev
>> 
>> 
>> On 8 November 2012 10:49, Stephen Gran <stephen.gran at guardian.co.uk> wrote:
>> Hi,
>> 
>> 
>> On Thu, 2012-11-08 at 10:02 +0000, Kevin Jackson wrote:
>>> Thanks for that - the namspace thing is starting to make sense.
>>> So I see this rule in there now:
>>> 
>>> Chain quantum-l3-agent-PREROUTING (1 references)
>>>  pkts bytes target     prot opt in     out     source               destination         
>>>    62  3720 DNAT       tcp  --  *      *       0.0.0.0/0            169.254.169.254      tcp dpt:80 to:172.16.0.201:8775
>>> 
>>> But I never see a connection being made when I spin up an instance.  The instance reports no route to host.
>> 
>> It's unclear at this point if the problem is that your instance can't reach it's gateway (the quantum router), or if the quantum router can't reach the metadata server.
>> 
>> try:
>> ip netns exec qrouter-61245d6f-1195-4ca0-ba08-f0636f7d44c6 wget http://172.16.0.201:8775/
>> 
>> To rule out the latter so you know where to concentrate your efforts.
>> 
>> -- 
>> Stephen Gran
>> Senior Systems Integrator - guardian.co.uk
>> Please consider the environment before printing this email.
>> ------------------------------------------------------------------
>> Visit guardian.co.uk - website of the year
>>  
>> www.guardian.co.uk    www.observer.co.uk     www.guardiannews.com 
>>  
>> On your mobile, visit m.guardian.co.uk or download the Guardian
>> iPhone app www.guardian.co.uk/iphone and iPad edition www.guardian.co.uk/iPad 
>>  
>> Save up to 37% by subscribing to the Guardian and Observer - choose the papers you want and get full digital access. 
>> Visit guardian.co.uk/subscribe
>>  
>> ---------------------------------------------------------------------
>> This e-mail and all attachments are confidential and may also
>> be privileged. If you are not the named recipient, please notify
>> the sender and delete the e-mail and all attachments immediately.
>> Do not disclose the contents to another person. You may not use
>> the information for any purpose, or store, or copy, it in any way.
>>  
>> Guardian News & Media Limited is not liable for any computer
>> viruses or other material transmitted with or as part of this
>> e-mail. You should employ virus checking software.
>>  
>> Guardian News & Media Limited
>>  
>> A member of Guardian Media Group plc
>> Registered Office
>> PO Box 68164
>> Kings Place
>> 90 York Way
>> London
>> N1P 2AP
>>  
>> Registered in England Number 908396
>> 
>> 
>> 
>> -- 
>> Kevin Jackson
>> @itarchitectkev
>> 
>> 
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121109/b3ee6483/attachment.html>


More information about the Openstack mailing list