[Openstack] [essex vlan]cannot ping vm on other compute node

George Mihaiescu George.Mihaiescu at Q9.com
Wed Feb 27 18:22:01 UTC 2013


Try these commands:

Conf term
Vlan 105
State active


George



-----Original Message-----
From: openstack-bounces+george.mihaiescu=q9.com at lists.launchpad.net [mailto:openstack-bounces+george.mihaiescu=q9.com at lists.launchpad.net] On Behalf Of Ajiva Fan
Sent: Wednesday, February 27, 2013 5:23 AM
To: Salvatore Orlando
Cc: openstack at lists.launchpad.net
Subject: Re: [Openstack] [essex vlan]cannot ping vm on other compute node

thanks you for reply
special thanks to Aaron Rosen

the situation is that:
1) openstack is in vlan mode
2) switcher is in trunk mode, all vlan id is allowed
3) vlan in switcher's allowed list, active list and (not pruned) list
can communicate with each other. vlan only in allowed list but not in
the other two list is isolated
4) i tried the way which is from official site guide to set pruned
list but it does not work, the switcher just ignore the prune command
and hold the original config ( i will ask our network administrator
and find more help from cisco site )


now i think openstack is running fine ( at least from my point of view)
and i think swither trunk port is running basically correct

here is my env:

switcher port {22,23}
sw-31#show interfaces fastEthernet 0/22 trunk

Port        Mode         Encapsulation  Status        Native vlan
Fa0/22      on           802.1q         trunking      1

Port      Vlans allowed on trunk
Fa0/22      1-4094

Port        Vlans allowed and active in management domain
Fa0/22      1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/22      1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001

from openstack control node terminal:
# nova-manage network create --label admin-network-01
--fixed_range_v4=10.0.12.0/24 --vlan=105 --project_id=<admin_id>
# nova-manage network create --label admin-network-02
--fixed_range_v4=10.0.13.0/24 --vlan=101 --project_id=<admin_id>
# nova boot --image cirros --flavor 1 --availability_zone nova:control test01
# nova boot --image cirros --flavor 1 --availability_zone nova:compute test02

now test01 and test02 get two vlan ip addr, and control node and
compute node get two bridge
NOTE: *** vlan101 *** is in switcher's active list and "spanning tree
forwarding state and not pruned" list, but vlan105 is not, vlan105
just in allowed list

control node:
br105 10.0.12.6
br101 10.0.13.6
compute node
br105 10.0.12.4
br101 10.0.13.4

from control node i can ping 10.0.13.4 but cannot ping 10.0.12.4
so the root cause may be the active list and the pruned list of switcher

is there any one meet such problem?
maybe i'm fool or i'm just fooled by some odd issue

please help me

On 2/27/13, Salvatore Orlando <sorlando at nicira.com> wrote:
> I'm not sure I followed the thread correctly from the beginning, but I
> read that you have configured you NIC for private VM networking, in
> VLAN mode, on VLAN 105.
> Is that correct?
>
> In general trunking all your switch ports used for VM networking will
> save you the hassle of adding the VLANs you are using in your setup
> one by one.
> Also, there's quite a difference between VLAN access mode and trunk
> mode. I rarely use Cisco switches, but when I do I always put them in
> trunk mode explicitly.
> The list of allowed vlan is a sort of filter that you apply on a trunk
> port. So perhaps you might want to put all your ports in trunk mode
> and use the vlan range defined in nova.conf as allowed vlan list.
>
> Salvatore
>
> On 27 February 2013 10:18, Ajiva Fan <aji.zqfan at gmail.com> wrote:
>> thank you very much.
>>
>> actullaly, i have already try these command yesterday, it does not work.
>>
>> currently, i find that vlan id in active list and not pruned list can
>> be passed by switcher, vlan id not in the two list cannot will be
>> droped even they are in allowed list.....
>> but the network administrator (and the internet pages) tells me that
>> if vlan is in allowed list, it can go through trunk mode port.....
>>
>>
>>
>>
>> there is some hardware info may not be useful, but i list it here,
>> hope it will help someone else.
>> cisco catalyst 2950 switcher only hava
>> """sw-31(config)#interface gigabitEthernet 0/2?
>> .  :  <0-2> """
>> so i just operate on fastEthernet 0/22
>> """sw-31(config)#interface fastEthernet 0/22?
>> .  :  <0-24> """
>> and 2950 defaultly
>> 1)allowed all vlan id on trunk mode
>> 2)only support 802.1q on trunk mode
>> so the following commands:
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan 1-4094
>> will not work.
>>
>>
>> On 2/27/13, Aaron Rosen <arosen at nicira.com> wrote:
>>> Perhaps:
>>>
>>> interface gigbbit 0/22
>>> switchport mode trunk
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan 1-4094
>>> interface gigbbit 0/23
>>> switchport mode trunk
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan 1-4094
>>>
>>>
>>>
>>> On Wed, Feb 27, 2013 at 12:02 AM, Ajiva Fan <aji.zqfan at gmail.com> wrote:
>>>>
>>>> since i notice that in switcher:
>>>> sw-31>show interface fastEthernet 0/22 trunk
>>>>
>>>> Port        Mode         Encapsulation  Status        Native vlan
>>>> Fa0/22      on           802.1q         trunking      1
>>>>
>>>> Port      Vlans allowed on trunk
>>>> Fa0/22      1-4094
>>>>
>>>> Port        Vlans allowed and active in management domain
>>>> Fa0/22
>>>> 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001
>>>>
>>>> Port        Vlans in spanning tree forwarding state and not pruned
>>>> Fa0/22
>>>> 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001
>>>>
>>>> the vlan 5 is active in management domain but 105 is not, so i try the
>>>> same workflow as before but change vlan id 5 to 110, ping gets no
>>>> reply as vlan105
>>>>
>>>> so may be i should add vlan105 to active list ? sorry i'm a green hand
>>>> to switcher and got confused.
>>>> 1) what the different between the allowd list and active list
>>>> 2) if i should add active list manually, so does the cloud admin, if
>>>> he create a vlan for a tenant, he should add to switcher active list
>>>> too? is there any way automatically recoginize the vlan tag and allow
>>>> it pass?
>>>> maybe add a range to active list, for example, 100-4000? it's
>>>> ugly......
>>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>

_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack at lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp




More information about the Openstack mailing list