[Openstack] Can not ping the tenant router gateway from host
James Denton
james.denton at rackspace.com
Wed Mar 4 22:19:29 UTC 2015
Hi Mitchell,
>> I am able to ping from router to the router gateway (172.29.105.101) and router to internal tenant gateway (192.168.2.1)
You are pinging these IPs within the router namespace, which I would expect to work, as those are the IPs configured on the router’s interfaces.
>> … but still can not ping from control node to the router gateway
The default route of your Neutron host appears to be 172.29.106.254. Is that also the case for the control host?
>> default via 172.29.106.254 dev eth0
Is there a route on that device (static/local) that would allow you to reach the 172.29.105.0/24 subnet? Are you able to ping the ext-net gateway (172.29.105.254) from within the router namespace?
>> I saw there is a tag 4095 in the tap port of the br-int bridge. Is this OK?
It means that tap is stale. You can see if there is still a corresponding Neutron port with “neutron port-list | grep 27dd1b25-62”.
James
> On Mar 4, 2015, at 3:03 PM, Mitchell Chen <mitchell.chen at mediatek.com> wrote:
>
> Hi All,
>
> I am struggling with not being able to ping the router gateway. I am able to ping from router to the router gateway (172.29.105.101) and router to internal tenant gateway (192.168.2.1), but still can not ping from control node to the router gateway. I am using GRE tunneling. I saw there is a tag 4095 in the tap port of the br-int bridge. Is this OK? Please advise. From the following data, is there a way to debug the issue?
>
> Thanks,
> Mitchell
>
>
> root at control:~# ovs-vsctl show
> f22d3ba4-d785-4fe7-a283-16ffbc75c434
> Bridge br-int
> fail_mode: secure
> Port "qr-784a2f1c-e6"
> tag: 1
> Interface "qr-784a2f1c-e6"
> type: internal
> Port "tap27dd1b25-62"
> tag: 4095
> Interface "tap27dd1b25-62"
> type: internal
> Port br-int
> Interface br-int
> type: internal
> Port patch-tun
> Interface patch-tun
> type: patch
> options: {peer=patch-int}
> Bridge br-tun
> Port patch-int
> Interface patch-int
> type: patch
> options: {peer=patch-tun}
> Port "gre-c0a801cc"
> Interface "gre-c0a801cc"
> type: gre
> options: {in_key=flow, local_ip="192.168.1.220", out_key=flow, remote_ip="192.168.1.204"}
> Port "gre-c0a801d5"
> Interface "gre-c0a801d5"
> type: gre
> options: {in_key=flow, local_ip="192.168.1.220", out_key=flow, remote_ip="192.168.1.213"}
> Port br-tun
> Interface br-tun
> type: internal
> Port "gre-c0a801d2"
> Interface "gre-c0a801d2"
> type: gre
> options: {in_key=flow, local_ip="192.168.1.220", out_key=flow, remote_ip="192.168.1.210"}
> Bridge br-ex
> Port "qg-6849da02-da"
> Interface "qg-6849da02-da"
> type: internal
> Port br-ex
> Interface br-ex
> type: internal
> Port "eth2"
> Interface "eth2"
> ovs_version: "2.0.2"
>
> root at control:~# ovs-ofctl dump-flows br-int
> NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=55.846s, table=0, n_packets=2, n_bytes=214, idle_age=8, priority=1 actions=NORMAL
> cookie=0x0, duration=55.649s, table=22, n_packets=0, n_bytes=0, idle_age=55, priority=0 actions=drop
>
> root@ control:~# ovs-ofctl dump-flows br-tun
> NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=66.836s, table=0, n_packets=0, n_bytes=0, idle_age=66, priority=1,in_port=3 actions=resubmit(,2)
> cookie=0x0, duration=68.694s, table=0, n_packets=0, n_bytes=0, idle_age=68, priority=1,in_port=1 actions=resubmit(,1)
> cookie=0x0, duration=66.545s, table=0, n_packets=0, n_bytes=0, idle_age=66, priority=1,in_port=4 actions=resubmit(,2)
> cookie=0x0, duration=67.159s, table=0, n_packets=32, n_bytes=5592, idle_age=1, priority=1,in_port=2 actions=resubmit(,2)
> cookie=0x0, duration=68.59s, table=0, n_packets=5, n_bytes=390, idle_age=59, priority=0 actions=drop
> cookie=0x0, duration=68.495s, table=1, n_packets=0, n_bytes=0, idle_age=68, priority=1,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,20)
> cookie=0x0, duration=68.391s, table=1, n_packets=0, n_bytes=0, idle_age=68, priority=1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00 actions=resubmit(,21)
> cookie=0x0, duration=64.686s, table=2, n_packets=32, n_bytes=5592, idle_age=1, priority=1,tun_id=0x2 actions=mod_vlan_vid:1,resubmit(,10)
> cookie=0x0, duration=68.293s, table=2, n_packets=0, n_bytes=0, idle_age=68, priority=0 actions=drop
> cookie=0x0, duration=68.193s, table=3, n_packets=0, n_bytes=0, idle_age=68, priority=0 actions=drop
> cookie=0x0, duration=68.082s, table=10, n_packets=32, n_bytes=5592, idle_age=1, priority=1 actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:NXM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
> cookie=0x0, duration=56.741s, table=20, n_packets=0, n_bytes=0, hard_timeout=300, idle_age=56, hard_age=1, priority=1,vlan_tci=0x0001/0x0fff,dl_dst=b2:a9:8f:0a:42:fb actions=load:0->NXM_OF_VLAN_TCI[],load:0x2->NXM_NX_TUN_ID[],output:2
> cookie=0x0, duration=22.544s, table=20, n_packets=0, n_bytes=0, hard_timeout=300, idle_age=22, hard_age=9, priority=1,vlan_tci=0x0001/0x0fff,dl_dst=62:bb:fb:a4:92:db actions=load:0->NXM_OF_VLAN_TCI[],load:0x2->NXM_NX_TUN_ID[],output:2
> cookie=0x0, duration=67.982s, table=20, n_packets=0, n_bytes=0, idle_age=67, priority=0 actions=resubmit(,21)
> cookie=0x0, duration=64.782s, table=21, n_packets=0, n_bytes=0, idle_age=64, dl_vlan=1 actions=strip_vlan,set_tunnel:0x2,output:4,output:3,output:2
> cookie=0x0, duration=67.87s, table=21, n_packets=0, n_bytes=0, idle_age=67, priority=0 actions=drop
>
> root@ control:~# ovs-ofctl dump-flows br-ex
> NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=558.95s, table=0, n_packets=479, n_bytes=102435, idle_age=10, priority=0 actions=NORMAL
>
> root at neutron:~# ip netns
> qrouter-09800b9c-7f2e-40d7-94e5-09e8f73d0302
> qdhcp-95f5f75f-577f-4827-b51c-f949fb46393b
> root at mussdhux20:~# ip netns exec qrouter-09800b9c-7f2e-40d7-94e5-09e8f73d0302 ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 14: qr-784a2f1c-e6: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
> link/ether fa:16:3e:d2:db:51 brd ff:ff:ff:ff:ff:ff
> inet 192.168.2.1/24 brd 192.168.2.255 scope global qr-784a2f1c-e6
> valid_lft forever preferred_lft forever
> inet6 fe80::f816:3eff:fed2:db51/64 scope link
> valid_lft forever preferred_lft forever
> 15: qg-6849da02-da: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
> link/ether fa:16:3e:15:c8:76 brd ff:ff:ff:ff:ff:ff
> inet 172.29.105.101/24 brd 172.29.105.255 scope global qg-6849da02-da
> valid_lft forever preferred_lft forever
> inet 172.29.105.102/32 brd 172.29.105.102 scope global qg-6849da02-da
> valid_lft forever preferred_lft forever
> inet6 fe80::f816:3eff:fe15:c876/64 scope link
> valid_lft forever preferred_lft forever
>
> /// I can ping from router to external router gateway
> root@ neutron:~# ip netns exec qrouter-09800b9c-7f2e-40d7-94e5-09e8f73d0302 ping -I qg-6849da02-da 172.29.105.101
> PING 172.29.105.101 (172.29.105.101) from 172.29.105.101 qg-6849da02-da: 56(84) bytes of data.
> 64 bytes from 172.29.105.101: icmp_seq=1 ttl=64 time=0.067 ms
> 64 bytes from 172.29.105.101: icmp_seq=2 ttl=64 time=0.048 ms
> 64 bytes from 172.29.105.101: icmp_seq=3 ttl=64 time=0.062 ms
> 64 bytes from 172.29.105.101: icmp_seq=4 ttl=64 time=0.051 ms
> 64 bytes from 172.29.105.101: icmp_seq=5 ttl=64 time=0.061 ms
> 64 bytes from 172.29.105.101: icmp_seq=6 ttl=64 time=0.050 ms
> ^C
> --- 172.29.105.101 ping statistics ---
> 6 packets transmitted, 6 received, 0% packet loss, time 4998ms
> rtt min/avg/max/mdev = 0.048/0.056/0.067/0.010 ms
>
> /// I can ping from router to internal tenant gateway
> root at mussdhux20:~# ip netns exec qrouter-09800b9c-7f2e-40d7-94e5-09e8f73d0302 ping -I qr-784a2f1c-e6 192.168.2.1
> PING 192.168.2.1 (192.168.2.1) from 192.168.2.1 qr-784a2f1c-e6: 56(84) bytes of data.
> 64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.045 ms
> 64 bytes from 192.168.2.1: icmp_seq=2 ttl=64 time=0.047 ms
> 64 bytes from 192.168.2.1: icmp_seq=3 ttl=64 time=0.064 ms
> 64 bytes from 192.168.2.1: icmp_seq=4 ttl=64 time=0.049 ms
> 64 bytes from 192.168.2.1: icmp_seq=5 ttl=64 time=0.056 ms
> 64 bytes from 192.168.2.1: icmp_seq=6 ttl=64 time=0.044 ms
> ^C
> --- 192.168.2.1 ping statistics ---
> 6 packets transmitted, 6 received, 0% packet loss, time 4998ms
> rtt min/avg/max/mdev = 0.044/0.050/0.064/0.011 ms
>
> root@ neutron:~# ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: eth2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP group default qlen 1000
> link/ether 00:d0:b7:9d:be:de brd ff:ff:ff:ff:ff:ff
> inet6 fe80::2d0:b7ff:fe9d:bede/64 scope link
> valid_lft forever preferred_lft forever
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
> link/ether 00:02:b3:ea:fd:36 brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.220/24 brd 192.168.1.255 scope global eth1
> valid_lft forever preferred_lft forever
> inet6 fe80::202:b3ff:feea:fd36/64 scope link
> valid_lft forever preferred_lft forever
> 4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
> link/ether 00:0f:fe:5e:2b:52 brd ff:ff:ff:ff:ff:ff
> inet 172.29.106.220/24 brd 172.29.106.255 scope global eth0
> valid_lft forever preferred_lft forever
> inet6 fe80::20f:feff:fe5e:2b52/64 scope link
> valid_lft forever preferred_lft forever
> 5: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default
> link/ether 42:ad:09:62:3e:ff brd ff:ff:ff:ff:ff:ff
> 6: br-ex: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
> link/ether 00:d0:b7:9d:be:de brd ff:ff:ff:ff:ff:ff
> inet6 fe80::4460:3dff:fe54:774a/64 scope link
> valid_lft forever preferred_lft forever
> 9: br-int: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
> link/ether 0e:51:a9:81:c8:4b brd ff:ff:ff:ff:ff:ff
> inet6 fe80::50b6:6dff:fe2b:497f/64 scope link
> valid_lft forever preferred_lft forever
> 17: br-tun: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
> link/ether 96:20:ae:89:c4:49 brd ff:ff:ff:ff:ff:ff
> inet6 fe80::14bd:19ff:fe80:55f7/64 scope link
> valid_lft forever preferred_lft forever
>
> root@ neutron:~# ip route
> default via 172.29.106.254 dev eth0
> 169.254.0.0/16 dev eth1 scope link metric 1000
> 172.29.106.0/24 dev eth0 proto kernel scope link src 172.29.106.220
> 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.220
>
> > > root at control# neutron net-list
> +--------------------------------------+----------+------------------------------------------------------+
> | id | name | subnets |
> +--------------------------------------+----------+------------------------------------------------------+
> | 95f5f75f-577f-4827-b51c-f949fb46393b | demo-net | 33d60404-d979-4b63-83ef-653268195872 192.168.2.0/24 |
> | e567fd9d-f87a-491c-b8f1-32d28de4069e | ext-net | 0f5d2be9-74b0-466e-b0e6-4be8f646338a 172.29.105.0/24 |
> +--------------------------------------+----------+------------------------------------------------------+
> root control # neutron subnet-list
> +--------------------------------------+-------------+-----------------+------------------------------------------------------+
> | id | name | cidr | allocation_pools |
> +--------------------------------------+-------------+-----------------+------------------------------------------------------+
> | 0f5d2be9-74b0-466e-b0e6-4be8f646338a | ext-subnet | 172.29.105.0/24 | {"start": "172.29.105.101", "end": "172.29.105.127"} |
> | 33d60404-d979-4b63-83ef-653268195872 | demo-subnet | 192.168.2.0/24 | {"start": "192.168.2.2", "end": "192.168.2.254"} |
> +--------------------------------------+-------------+-----------------+------------------------------------------------------+
> > >
> > > root@ control# neutron subnet-show ext-subnet
> +------------------+------------------------------------------------------+
> | Field | Value |
> +------------------+------------------------------------------------------+
> | allocation_pools | {"start": "172.29.105.101", "end": "172.29.105.127"} |
> | cidr | 172.29.105.0/24 |
> | dns_nameservers | |
> | enable_dhcp | False |
> | gateway_ip | 172.29.105.254 |
> | host_routes | |
> | id | 0f5d2be9-74b0-466e-b0e6-4be8f646338a |
> | ip_version | 4 |
> | name | ext-subnet |
> | network_id | e567fd9d-f87a-491c-b8f1-32d28de4069e |
> | tenant_id | 7479d4eabeb14b45a7f38269155ec0f5 |
> +------------------+------------------------------------------------------+
> > > root@ control# neutron subnet-show demo-subnet
> +------------------+--------------------------------------------------+
> | Field | Value |
> +------------------+--------------------------------------------------+
> | allocation_pools | {"start": "192.168.2.2", "end": "192.168.2.254"} |
> | cidr | 192.168.2.0/24 |
> | dns_nameservers | 8.8.8.8 |
> | enable_dhcp | True |
> | gateway_ip | 192.168.2.1 |
> | host_routes | |
> | id | 33d60404-d979-4b63-83ef-653268195872 |
> | ip_version | 4 |
> | name | demo-subnet |
> | network_id | 95f5f75f-577f-4827-b51c-f949fb46393b |
> | tenant_id | 1bc3de8b19384858a1a7a6395e1845e3 |
> +------------------+--------------------------------------------------+
> ************* Email Confidentiality Notice ********************
> The information contained in this e-mail message (including any
> attachments) may be confidential, proprietary, privileged, or otherwise
> exempt from disclosure under applicable laws. It is intended to be
> conveyed only to the designated recipient(s). Any use, dissemination,
> distribution, printing, retaining or copying of this e-mail (including its
> attachments) by unintended recipient(s) is strictly prohibited and may
> be unlawful. If you are not an intended recipient of this e-mail, or believe
> that you have received this e-mail in error, please notify the sender
> immediately (by replying to this e-mail), delete any and all copies of
> this e-mail (including any attachments) from your system, and do not
> disclose the content of this e-mail to any other person. Thank you!
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150304/9d4b0c27/attachment.sig>
More information about the Openstack
mailing list