[Openstack] Can not ping the tenant router gateway from host
Mitchell Chen
mitchell.chen at mediatek.com
Thu Mar 5 00:14:57 UTC 2015
The 172.29.106.254 is the default gateway of both my neutron and control nodes. I can ping the 105 subnet from both neutron and control nodes:
root at neutron:~# ping -c 4 172.29.105.254
PING 172.29.105.254 (172.29.105.254) 56(84) bytes of data.
64 bytes from 172.29.105.254: icmp_seq=1 ttl=63 time=1.83 ms
64 bytes from 172.29.105.254: icmp_seq=2 ttl=63 time=1.80 ms
64 bytes from 172.29.105.254: icmp_seq=3 ttl=63 time=1.80 ms
64 bytes from 172.29.105.254: icmp_seq=4 ttl=63 time=1.82 ms
--- 172.29.105.254 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
>>>Is there a route on that device (static/local) that would allow you to reach the 172.29.105.0/24 subnet? Are you able to ping the ext-net gateway (172.29.105.254) from within the router namespace?
No, the ext-net gateway (172.29.105.254) can not be pinged within the router namespace: (Is this right way to ping?)
root@ neutron:~# ip netns exec qrouter-09800b9c-7f2e-40d7-94e5-09e8f73d0302 ping -I qg-6849da02-da 172.29.105.254
PING 172.29.105.254 (172.29.105.254) from 172.29.105.101 qg-6849da02-da: 56(84) bytes of data.
From 172.29.105.101 icmp_seq=1 Destination Host Unreachable
From 172.29.105.101 icmp_seq=2 Destination Host Unreachable
From 172.29.105.101 icmp_seq=3 Destination Host Unreachable
From 172.29.105.101 icmp_seq=4 Destination Host Unreachable
From 172.29.105.101 icmp_seq=5 Destination Host Unreachable
From 172.29.105.101 icmp_seq=6 Destination Host Unreachable
>>> It means that tap is stale. You can see if there is still a corresponding Neutron port with “neutron port-list | grep 27dd1b25-62”.
Yes, there is corresponding port, bit it's status down
root at control:# neutron port-list | grep 27dd1b25-62
| 27dd1b25-621a-475f-9398-cf8e4d33a7d7 | | fa:16:3e:49:c7:00 | {"subnet_id": "33d60404-d979-4b63-83ef-653268195872", "ip_address": "192.168.2.2"} |
root at control:# neutron port-show 27dd1b25-621a-475f-9398-cf8e4d33a7d7
+-----------------------+------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:vnic_type | normal |
| device_id | dhcp0416e1db-8834-5f05-9716-ee162a01eef2-95f5f75f-577f-4827-b51c-f949fb46393b |
| device_owner | network:dhcp |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "33d60404-d979-4b63-83ef-653268195872", "ip_address": "192.168.2.2"} |
| id | 27dd1b25-621a-475f-9398-cf8e4d33a7d7 |
| mac_address | fa:16:3e:49:c7:00 |
| name | |
| network_id | 95f5f75f-577f-4827-b51c-f949fb46393b |
| security_groups | |
| status | DOWN |
| tenant_id | 1bc3de8b19384858a1a7a6395e1845e3 |
+-----------------------+------------------------------------------------------------------------------------+
-----Original Message-----
From: James Denton [mailto:james.denton at rackspace.com]
Sent: Wednesday, March 04, 2015 2:19 PM
To: Mitchell Chen
Cc: openstack at lists.openstack.org
Subject: Re: [Openstack] Can not ping the tenant router gateway from host
Hi Mitchell,
>> I am able to ping from router to the router gateway (172.29.105.101)
>> and router to internal tenant gateway (192.168.2.1)
You are pinging these IPs within the router namespace, which I would expect to work, as those are the IPs configured on the router’s interfaces.
>> … but still can not ping from control node to the router gateway
The default route of your Neutron host appears to be 172.29.106.254. Is that also the case for the control host?
>> default via 172.29.106.254 dev eth0
Is there a route on that device (static/local) that would allow you to reach the 172.29.105.0/24 subnet? Are you able to ping the ext-net gateway (172.29.105.254) from within the router namespace?
>> I saw there is a tag 4095 in the tap port of the br-int bridge. Is this OK?
It means that tap is stale. You can see if there is still a corresponding Neutron port with “neutron port-list | grep 27dd1b25-62”.
James
> On Mar 4, 2015, at 3:03 PM, Mitchell Chen <mitchell.chen at mediatek.com> wrote:
>
> Hi All,
>
> I am struggling with not being able to ping the router gateway. I am able to ping from router to the router gateway (172.29.105.101) and router to internal tenant gateway (192.168.2.1), but still can not ping from control node to the router gateway. I am using GRE tunneling. I saw there is a tag 4095 in the tap port of the br-int bridge. Is this OK? Please advise. From the following data, is there a way to debug the issue?
>
> Thanks,
> Mitchell
>
>
> root at control:~# ovs-vsctl show
> f22d3ba4-d785-4fe7-a283-16ffbc75c434
> Bridge br-int
> fail_mode: secure
> Port "qr-784a2f1c-e6"
> tag: 1
> Interface "qr-784a2f1c-e6"
> type: internal
> Port "tap27dd1b25-62"
> tag: 4095
> Interface "tap27dd1b25-62"
> type: internal
> Port br-int
> Interface br-int
> type: internal
> Port patch-tun
> Interface patch-tun
> type: patch
> options: {peer=patch-int}
> Bridge br-tun
> Port patch-int
> Interface patch-int
> type: patch
> options: {peer=patch-tun}
> Port "gre-c0a801cc"
> Interface "gre-c0a801cc"
> type: gre
> options: {in_key=flow, local_ip="192.168.1.220", out_key=flow, remote_ip="192.168.1.204"}
> Port "gre-c0a801d5"
> Interface "gre-c0a801d5"
> type: gre
> options: {in_key=flow, local_ip="192.168.1.220", out_key=flow, remote_ip="192.168.1.213"}
> Port br-tun
> Interface br-tun
> type: internal
> Port "gre-c0a801d2"
> Interface "gre-c0a801d2"
> type: gre
> options: {in_key=flow, local_ip="192.168.1.220", out_key=flow, remote_ip="192.168.1.210"}
> Bridge br-ex
> Port "qg-6849da02-da"
> Interface "qg-6849da02-da"
> type: internal
> Port br-ex
> Interface br-ex
> type: internal
> Port "eth2"
> Interface "eth2"
> ovs_version: "2.0.2"
>
> root at control:~# ovs-ofctl dump-flows br-int NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=55.846s, table=0, n_packets=2, n_bytes=214,
> idle_age=8, priority=1 actions=NORMAL cookie=0x0, duration=55.649s,
> table=22, n_packets=0, n_bytes=0, idle_age=55, priority=0 actions=drop
>
> root@ control:~# ovs-ofctl dump-flows br-tun NXST_FLOW reply
> (xid=0x4):
> cookie=0x0, duration=66.836s, table=0, n_packets=0, n_bytes=0,
> idle_age=66, priority=1,in_port=3 actions=resubmit(,2) cookie=0x0,
> duration=68.694s, table=0, n_packets=0, n_bytes=0, idle_age=68,
> priority=1,in_port=1 actions=resubmit(,1) cookie=0x0,
> duration=66.545s, table=0, n_packets=0, n_bytes=0, idle_age=66,
> priority=1,in_port=4 actions=resubmit(,2) cookie=0x0,
> duration=67.159s, table=0, n_packets=32, n_bytes=5592, idle_age=1,
> priority=1,in_port=2 actions=resubmit(,2) cookie=0x0, duration=68.59s,
> table=0, n_packets=5, n_bytes=390, idle_age=59, priority=0
> actions=drop cookie=0x0, duration=68.495s, table=1, n_packets=0,
> n_bytes=0, idle_age=68,
> priority=1,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00
> actions=resubmit(,20) cookie=0x0, duration=68.391s, table=1,
> n_packets=0, n_bytes=0, idle_age=68,
> priority=1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
> actions=resubmit(,21) cookie=0x0, duration=64.686s, table=2,
> n_packets=32, n_bytes=5592, idle_age=1, priority=1,tun_id=0x2
> actions=mod_vlan_vid:1,resubmit(,10)
> cookie=0x0, duration=68.293s, table=2, n_packets=0, n_bytes=0,
> idle_age=68, priority=0 actions=drop cookie=0x0, duration=68.193s,
> table=3, n_packets=0, n_bytes=0, idle_age=68, priority=0 actions=drop
> cookie=0x0, duration=68.082s, table=10, n_packets=32, n_bytes=5592,
> idle_age=1, priority=1
> actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..
> 11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:N
> XM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
> cookie=0x0, duration=56.741s, table=20, n_packets=0, n_bytes=0,
> hard_timeout=300, idle_age=56, hard_age=1,
> priority=1,vlan_tci=0x0001/0x0fff,dl_dst=b2:a9:8f:0a:42:fb
> actions=load:0->NXM_OF_VLAN_TCI[],load:0x2->NXM_NX_TUN_ID[],output:2
> cookie=0x0, duration=22.544s, table=20, n_packets=0, n_bytes=0,
> hard_timeout=300, idle_age=22, hard_age=9,
> priority=1,vlan_tci=0x0001/0x0fff,dl_dst=62:bb:fb:a4:92:db
> actions=load:0->NXM_OF_VLAN_TCI[],load:0x2->NXM_NX_TUN_ID[],output:2
> cookie=0x0, duration=67.982s, table=20, n_packets=0, n_bytes=0,
> idle_age=67, priority=0 actions=resubmit(,21) cookie=0x0,
> duration=64.782s, table=21, n_packets=0, n_bytes=0, idle_age=64,
> dl_vlan=1 actions=strip_vlan,set_tunnel:0x2,output:4,output:3,output:2
> cookie=0x0, duration=67.87s, table=21, n_packets=0, n_bytes=0,
> idle_age=67, priority=0 actions=drop
>
> root@ control:~# ovs-ofctl dump-flows br-ex NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=558.95s, table=0, n_packets=479, n_bytes=102435,
> idle_age=10, priority=0 actions=NORMAL
>
> root at neutron:~# ip netns
> qrouter-09800b9c-7f2e-40d7-94e5-09e8f73d0302
> qdhcp-95f5f75f-577f-4827-b51c-f949fb46393b
> root at mussdhux20:~# ip netns exec
> qrouter-09800b9c-7f2e-40d7-94e5-09e8f73d0302 ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 14: qr-784a2f1c-e6: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
> link/ether fa:16:3e:d2:db:51 brd ff:ff:ff:ff:ff:ff
> inet 192.168.2.1/24 brd 192.168.2.255 scope global qr-784a2f1c-e6
> valid_lft forever preferred_lft forever
> inet6 fe80::f816:3eff:fed2:db51/64 scope link
> valid_lft forever preferred_lft forever
> 15: qg-6849da02-da: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
> link/ether fa:16:3e:15:c8:76 brd ff:ff:ff:ff:ff:ff
> inet 172.29.105.101/24 brd 172.29.105.255 scope global qg-6849da02-da
> valid_lft forever preferred_lft forever
> inet 172.29.105.102/32 brd 172.29.105.102 scope global qg-6849da02-da
> valid_lft forever preferred_lft forever
> inet6 fe80::f816:3eff:fe15:c876/64 scope link
> valid_lft forever preferred_lft forever
>
> /// I can ping from router to external router gateway root@ neutron:~#
> ip netns exec qrouter-09800b9c-7f2e-40d7-94e5-09e8f73d0302 ping -I qg-6849da02-da 172.29.105.101
> PING 172.29.105.101 (172.29.105.101) from 172.29.105.101 qg-6849da02-da: 56(84) bytes of data.
> 64 bytes from 172.29.105.101: icmp_seq=1 ttl=64 time=0.067 ms
> 64 bytes from 172.29.105.101: icmp_seq=2 ttl=64 time=0.048 ms
> 64 bytes from 172.29.105.101: icmp_seq=3 ttl=64 time=0.062 ms
> 64 bytes from 172.29.105.101: icmp_seq=4 ttl=64 time=0.051 ms
> 64 bytes from 172.29.105.101: icmp_seq=5 ttl=64 time=0.061 ms
> 64 bytes from 172.29.105.101: icmp_seq=6 ttl=64 time=0.050 ms ^C
> --- 172.29.105.101 ping statistics ---
> 6 packets transmitted, 6 received, 0% packet loss, time 4998ms rtt
> min/avg/max/mdev = 0.048/0.056/0.067/0.010 ms
>
> /// I can ping from router to internal tenant gateway
> root at mussdhux20:~# ip netns exec qrouter-09800b9c-7f2e-40d7-94e5-09e8f73d0302 ping -I qr-784a2f1c-e6 192.168.2.1
> PING 192.168.2.1 (192.168.2.1) from 192.168.2.1 qr-784a2f1c-e6: 56(84) bytes of data.
> 64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.045 ms
> 64 bytes from 192.168.2.1: icmp_seq=2 ttl=64 time=0.047 ms
> 64 bytes from 192.168.2.1: icmp_seq=3 ttl=64 time=0.064 ms
> 64 bytes from 192.168.2.1: icmp_seq=4 ttl=64 time=0.049 ms
> 64 bytes from 192.168.2.1: icmp_seq=5 ttl=64 time=0.056 ms
> 64 bytes from 192.168.2.1: icmp_seq=6 ttl=64 time=0.044 ms ^C
> --- 192.168.2.1 ping statistics ---
> 6 packets transmitted, 6 received, 0% packet loss, time 4998ms rtt
> min/avg/max/mdev = 0.044/0.050/0.064/0.011 ms
>
> root@ neutron:~# ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> valid_lft forever preferred_lft forever
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: eth2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP group default qlen 1000
> link/ether 00:d0:b7:9d:be:de brd ff:ff:ff:ff:ff:ff
> inet6 fe80::2d0:b7ff:fe9d:bede/64 scope link
> valid_lft forever preferred_lft forever
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
> link/ether 00:02:b3:ea:fd:36 brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.220/24 brd 192.168.1.255 scope global eth1
> valid_lft forever preferred_lft forever
> inet6 fe80::202:b3ff:feea:fd36/64 scope link
> valid_lft forever preferred_lft forever
> 4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
> link/ether 00:0f:fe:5e:2b:52 brd ff:ff:ff:ff:ff:ff
> inet 172.29.106.220/24 brd 172.29.106.255 scope global eth0
> valid_lft forever preferred_lft forever
> inet6 fe80::20f:feff:fe5e:2b52/64 scope link
> valid_lft forever preferred_lft forever
> 5: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default
> link/ether 42:ad:09:62:3e:ff brd ff:ff:ff:ff:ff:ff
> 6: br-ex: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
> link/ether 00:d0:b7:9d:be:de brd ff:ff:ff:ff:ff:ff
> inet6 fe80::4460:3dff:fe54:774a/64 scope link
> valid_lft forever preferred_lft forever
> 9: br-int: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
> link/ether 0e:51:a9:81:c8:4b brd ff:ff:ff:ff:ff:ff
> inet6 fe80::50b6:6dff:fe2b:497f/64 scope link
> valid_lft forever preferred_lft forever
> 17: br-tun: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
> link/ether 96:20:ae:89:c4:49 brd ff:ff:ff:ff:ff:ff
> inet6 fe80::14bd:19ff:fe80:55f7/64 scope link
> valid_lft forever preferred_lft forever
>
> root@ neutron:~# ip route
> default via 172.29.106.254 dev eth0
> 169.254.0.0/16 dev eth1 scope link metric 1000
> 172.29.106.0/24 dev eth0 proto kernel scope link src 172.29.106.220
> 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.220
>
> > > root at control# neutron net-list
> +--------------------------------------+----------+------------------------------------------------------+
> | id | name | subnets |
> +--------------------------------------+----------+------------------------------------------------------+
> | 95f5f75f-577f-4827-b51c-f949fb46393b | demo-net |
> | 33d60404-d979-4b63-83ef-653268195872 192.168.2.0/24 |
> | e567fd9d-f87a-491c-b8f1-32d28de4069e | ext-net |
> | 0f5d2be9-74b0-466e-b0e6-4be8f646338a 172.29.105.0/24 |
> +--------------------------------------+----------+------------------------------------------------------+
> root control # neutron subnet-list
> +--------------------------------------+-------------+-----------------+------------------------------------------------------+
> | id | name | cidr | allocation_pools |
> +--------------------------------------+-------------+-----------------+------------------------------------------------------+
> | 0f5d2be9-74b0-466e-b0e6-4be8f646338a | ext-subnet | 172.29.105.0/24 | {"start": "172.29.105.101", "end": "172.29.105.127"} |
> | 33d60404-d979-4b63-83ef-653268195872 | demo-subnet | 192.168.2.0/24 | {"start": "192.168.2.2", "end": "192.168.2.254"} |
> +--------------------------------------+-------------+-----------------+------------------------------------------------------+
> > >
> > > root@ control# neutron subnet-show ext-subnet
> +------------------+------------------------------------------------------+
> | Field | Value |
> +------------------+------------------------------------------------------+
> | allocation_pools | {"start": "172.29.105.101", "end": "172.29.105.127"} |
> | cidr | 172.29.105.0/24 |
> | dns_nameservers | |
> | enable_dhcp | False |
> | gateway_ip | 172.29.105.254 |
> | host_routes | |
> | id | 0f5d2be9-74b0-466e-b0e6-4be8f646338a |
> | ip_version | 4 |
> | name | ext-subnet |
> | network_id | e567fd9d-f87a-491c-b8f1-32d28de4069e |
> | tenant_id | 7479d4eabeb14b45a7f38269155ec0f5 |
> +------------------+------------------------------------------------------+
> > > root@ control# neutron subnet-show demo-subnet
> +------------------+--------------------------------------------------+
> | Field | Value |
> +------------------+--------------------------------------------------+
> | allocation_pools | {"start": "192.168.2.2", "end": "192.168.2.254"} |
> | cidr | 192.168.2.0/24 |
> | dns_nameservers | 8.8.8.8 |
> | enable_dhcp | True |
> | gateway_ip | 192.168.2.1 |
> | host_routes | |
> | id | 33d60404-d979-4b63-83ef-653268195872 |
> | ip_version | 4 |
> | name | demo-subnet |
> | network_id | 95f5f75f-577f-4827-b51c-f949fb46393b |
> | tenant_id | 1bc3de8b19384858a1a7a6395e1845e3 |
> +------------------+--------------------------------------------------+
> ************* Email Confidentiality Notice ******************** The
> information contained in this e-mail message (including any
> attachments) may be confidential, proprietary, privileged, or
> otherwise exempt from disclosure under applicable laws. It is intended
> to be conveyed only to the designated recipient(s). Any use,
> dissemination, distribution, printing, retaining or copying of this
> e-mail (including its
> attachments) by unintended recipient(s) is strictly prohibited and may
> be unlawful. If you are not an intended recipient of this e-mail, or
> believe that you have received this e-mail in error, please notify the
> sender immediately (by replying to this e-mail), delete any and all
> copies of this e-mail (including any attachments) from your system,
> and do not disclose the content of this e-mail to any other person. Thank you!
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
************* Email Confidentiality Notice ********************
The information contained in this e-mail message (including any
attachments) may be confidential, proprietary, privileged, or otherwise
exempt from disclosure under applicable laws. It is intended to be
conveyed only to the designated recipient(s). Any use, dissemination,
distribution, printing, retaining or copying of this e-mail (including its
attachments) by unintended recipient(s) is strictly prohibited and may
be unlawful. If you are not an intended recipient of this e-mail, or believe
that you have received this e-mail in error, please notify the sender
immediately (by replying to this e-mail), delete any and all copies of
this e-mail (including any attachments) from your system, and do not
disclose the content of this e-mail to any other person. Thank you!
More information about the Openstack
mailing list