[Openstack] router cannot communicate with external

ZHOU TAO A tao.a.zhou at alcatel-lucent.com
Fri Jul 25 01:58:07 UTC 2014 

Hi, Robert

Now I understands why it cannot ping external gateway.
l3-agent failed to set vlan tag on gateway ports on br-ex.
Now I can ping the ext gateway after running the command below.
ovs-vsctl set port qg-256b404e-50 tag=73

Thanks
Tao
On 07/25/2014 09:39 AM, ZHOU TAO A wrote:
> Hi, Robert
>
> I should have more introduction of my configuration.
>
> I have two physical switches.
>
> All eth0s connected to the first switch, all eth1s connected to the 
> second switch.
>
> eth0 can connect to the external gateway through vlan 73, eth1 can 
> connect to external gateway through vlan 74
>
> [root at ih-controller nova]# cat /proc/net/vlan/
> config   eth1.74
> [root at ih-controller nova]# cat /proc/net/vlan/*
> VLAN Dev name    | VLAN ID
> Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
> eth1.74        | 74  | eth1
> eth1.74  VID: 74         REORDER_HDR: 1  dev->priv_flags: 1
>          total frames received     28985786
>           total bytes received  26536401548
>       Broadcast/Multicast Rcvd     14856460
>
>       total frames transmitted      7855954
>        total bytes transmitted    852065213
>             total headroom inc            0
>            total encap on xmit            0
> Device: eth1
> INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0
>  EGRESS priority mappings:
> [root at ih-controller nova]# ip netns exec 
> qrouter-e3119ff4-2fac-4226-9e63-009cfce8ac4c tcpdump
> -enlpi qg-256b404e-50 arptcpdump: verbose output suppressed, use -v or 
> -vv for full protocol decode
> listening on usbmon1, link-type USB_LINUX_MMAPPED (USB with padded 
> Linux header), capture size 65535 bytes
> 09:29:25.822677 CONTROL SUBMIT to 1:2:0
> 09:29:25.822838 CONTROL COMPLETE from 1:2:0
> 09:29:25.822869 CONTROL SUBMIT to 1:1:0
> 09:29:25.822869 CONTROL COMPLETE from 1:1:0
> 09:29:27.980731 INTERRUPT COMPLETE to 1:2:1
> 09:29:27.980735 CONTROL SUBMIT to 1:2:0
> 09:29:27.980908 CONTROL COMPLETE from 1:2:0
> 09:29:27.980964 CONTROL SUBMIT to 1:1:0
> 09:29:27.980969 CONTROL COMPLETE from 1:1:0
> 09:29:30.980679 INTERRUPT COMPLETE to 1:1:1
>
> Below is my /etc/neutron/plugin.ini
>
> [ml2]
> type_drivers = vlan
> tenant_network_types = vlan
> mechanism_drivers = openvswitch
> [ml2_type_flat]
> [ml2_type_vlan]
> network_vlan_ranges = physnet2:1:4000,physnet1
> [ml2_type_gre]
> [ml2_type_vxlan]
> [securitygroup]
> firewall_driver = 
> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
> enable_security_group = True
> [ovs]
> integration_bridge = br-int
> bridge_mappings = physnet2:br-eth1,physnet1:br-ex
>
> Thanks
> Tao
>
>
> -------- Original Message --------
> Subject: 	Re: [Openstack] router cannot communicate with external
> Date: 	Thu, 24 Jul 2014 23:22:43 +1200
> From: 	Robert Collins <robertc at robertcollins.net>
> To: 	ZHOU TAO A <tao.a.zhou at alcatel-lucent.com>
>
>
>
> On 24 July 2014 14:56, ZHOU TAO A<tao.a.zhou at alcatel-lucent.com>  wrote:
> > Hi,
> >
> > I have installed icehouse with ovs vlan configuration.
>
> We need to check your exterior bridge configuration. In icehouse when
> using vlans the exterior bridge has to be layered on top of a tagging
> device (e.g. a vconfig vlanXXXX device) - or you need to apply my
> patchhttps://review.openstack.org/#/c/108494/  which teaches the l3
> agent to setup an access port rather than an untagged port.
>
> On the network node, please run
> ip address
> ovs-vsctl show
> cat /proc/net/vlan/*
>
> which should let us tell.
>
> And/or we can also check by tcpdump:
> ip netns exec qrouter-e3119ff4-2fac-4226-9e63-009cfce8ac4c tcpdump
> -enlpi qg-256b404e-50 arp
> and look at the frame types - you'll see .q tagged frames.
>
> If you have a trunk port, you can use ovs-vsctl to do a quick manual fix:
> ovs-vsctl set port qg-256b404e-50 tag=XX where XX is your vlan id, but
> this will be lost if you fail the router over or the port is recreated
> for any reason.
>
> Alternatively you can remove whichever ethN device br-ex is on and add
> a vconfig vlan port instead, or apply my patch above.
>
> -Rob
>
> > Network node and controller node coexists.
> >
> > The problem is I can ping the public IP address of my router but cannot ping
> > external gateway from my instance.
> >
> > My instance has internal IP 192.48.1.51 and a floating IP 135.252.167.187.
> > My router has subnet 192.48.1.0/24 and gateway 135.252.167.186
> >
> > [root at ih-controller neutron]# ip netns exec
> > qrouter-e3119ff4-2fac-4226-9e63-009cfce8ac4c ping 135.252.167.1
> > PING 135.252.167.1 (135.252.167.1) 56(84) bytes of data.
> > From 135.252.167.186 icmp_seq=2 Destination Host Unreachable
> > From 135.252.167.186 icmp_seq=3 Destination Host Unreachable
> > From 135.252.167.186 icmp_seq=4 Destination Host Unreachable
> >
> >
> > [root at ih-controller neutron]# neutron router-list
> > +--------------------------------------+------------+-----------------------------------------------------------------------------+
> > | id                                   | name       | external_gateway_info
> > |
> > +--------------------------------------+------------+-----------------------------------------------------------------------------+
> > | e3119ff4-2fac-4226-9e63-009cfce8ac4c | router_ext | {"network_id":
> > "0b78bc26-0374-47ed-8f0b-66d18e3bd86b", "enable_snat": true} |
> > +--------------------------------------+------------+-----------------------------------------------------------------------------+
> >
> > ip netns exec qrouter-e3119ff4-2fac-4226-9e63-009cfce8ac4c ifconfig
> > lo        Link encap:Local Loopback
> >           inet addr:127.0.0.1  Mask:255.0.0.0
> >           inet6 addr: ::1/128 Scope:Host
> >           UP LOOPBACK RUNNING  MTU:16436  Metric:1
> >           RX packets:4 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:0
> >           RX bytes:448 (448.0 b)  TX bytes:448 (448.0 b)
> >
> > qg-256b404e-50 Link encap:Ethernet  HWaddr FA:16:3E:2A:D3:D0
> >           inet addr:135.252.167.186  Bcast:135.252.167.255
> > Mask:255.255.255.0
> >           inet6 addr: fe80::f816:3eff:fe2a:d3d0/64 Scope:Link
> >           UP BROADCAST RUNNING  MTU:1500  Metric:1
> >           RX packets:191469 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:1293 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:0
> >           RX bytes:16274751 (15.5 MiB)  TX bytes:123922 (121.0 KiB)
> >
> > qr-c87773a3-79 Link encap:Ethernet  HWaddr FA:16:3E:03:42:C3
> >           inet addr:192.48.1.254  Bcast:192.48.1.255  Mask:255.255.255.0
> >           inet6 addr: fe80::f816:3eff:fe03:42c3/64 Scope:Link
> >           UP BROADCAST RUNNING  MTU:1500  Metric:1
> >           RX packets:1286 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:0
> >           RX bytes:124478 (121.5 KiB)  TX bytes:1986 (1.9 KiB)
> >
> >
> >
> >
> > _______________________________________________
> > Mailing list:http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to     :openstack at lists.openstack.org
> > Unsubscribe :http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
>
>
>
> -- 
> Robert Collins<rbtcollins at hp.com>
> Distinguished Technologist
> HP Converged Cloud
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140725/1d4cd4a3/attachment.html>

More information about the Openstack mailing list