[Openstack] Can not ping the tenant router gateway from host

James Denton james.denton at rackspace.com
Thu Mar 5 20:15:26 UTC 2015


Hi Mitchell,


In most cases, external networks should configured as type FLAT or VLAN, since these are networks interfacing with external gateway devices like upstream firewalls, SVIs, etc. In your case, I suspect 172.29.105.254 is configured on a router of some kind, and could be VLAN 105, for example.


Since Neutron dropped the qg port of the router straight into br-ex, it's up to you to have an interface in that bridge that is connected to VLAN 105. Since eth2 is in the bridge, I would expect to see the physical switch port configured as 'access vlan 105'. If the physical switch port is a trunk port, then it would be better to put eth2.105 in the bridge. Any way you do it, the router namespace, through the qg interface, needs to communicate with the external gateway at 172.29.105.254.


GRE and VXLAN type networks are usually (in my experience) used for tenant networks (those networks created by the users). When using a Neutron router, one or more interfaces will be connected to tenant networks, and the external interface of the router connected to some tagged or untagged VLAN in the DC that can communicate with external gateways.


The config option 'external_network_bridge' in l3_agent.ini defines where the qg interface will get placed. If the option is commented out, Neutron defaults to br-ex and the behavior you see here. If the option is unconnected and left blank, as in 'external_network_bridge =        ', then qg will be treated like any other port. That is, Neutron will determine the bridge (br-int in the case of OVS, or respective brq in the case of LinuxBridge), set the local VLAN on br-int, and create the appropriate flows. You would have a 'provider/external bridge' with a physical interface inside (much like br-ex now), and OVS would create flows on br-int and the provider bridge that convert the local VLAN to the physical VLAN (or strip the VLAN altogether).

​

In your case, you may get things working if you put a tagged sub interface in br-ex in place of eth2. The GRE attribute of the network is effectively ignored.


Hope that helps.


James

________________________________
From: Mitchell Chen <mitchell.chen at mediatek.com>
Sent: Thursday, March 5, 2015 12:15 PM
To: James Denton; Kevin Benton
Cc: openstack at lists.openstack.org
Subject: RE: [Openstack] Can not ping the tenant router gateway from host

Hi James,


>>> The 'net-show' output would help me deduce what your intentions were and go from there:

root at control:# neutron net-show ext-net
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | e567fd9d-f87a-491c-b8f1-32d28de4069e |
| name                      | ext-net                              |
| provider:network_type     | gre                                  |
| provider:physical_network |                                      |
| provider:segmentation_id  | 1                                    |
| router:external           | True                                 |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | 0f5d2be9-74b0-466e-b0e6-4be8f646338a |
| tenant_id                 | 7479d4eabeb14b45a7f38269155ec0f5     |
+---------------------------+--------------------------------------+

root at control:# neutron subnet-show 0f5d2be9-74b0-466e-b0e6-4be8f646338a
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| allocation_pools | {"start": "172.29.105.101", "end": "172.29.105.127"} |
| cidr             | 172.29.105.0/24                                      |
| dns_nameservers  |                                                      |
| enable_dhcp      | False                                                |
| gateway_ip       | 172.29.105.254                                       |
| host_routes      |                                                      |
| id               | 0f5d2be9-74b0-466e-b0e6-4be8f646338a                 |
| ip_version       | 4                                                    |
| name             | ext-subnet                                           |
| network_id       | e567fd9d-f87a-491c-b8f1-32d28de4069e                 |
| tenant_id        | 7479d4eabeb14b45a7f38269155ec0f5                     |
+------------------+------------------------------------------------------+

It’s GRE turning. I will do the vlan in next project.

Thanks for looking into it,
Mitchell

From: James Denton [mailto:james.denton at rackspace.com]
Sent: Wednesday, March 04, 2015 7:30 PM
To: Mitchell Chen; Kevin Benton
Cc: openstack at lists.openstack.org
Subject: Re: [Openstack] Can not ping the tenant router gateway from host


Mitchell,



Let's start with the br-ex bridge. That's the bridge connected to the external interface of the router and the physical network:



>     Bridge br-ex
>         Port "qg-6849da02-da"
>             Interface "qg-6849da02-da"
>                 type: internal
>         Port br-ex
>             Interface br-ex
>                 type: internal
>         Port "eth2"
>             Interface "eth2"
>     ovs_version: "2.0.2"



I can't tell from the output you've provided what provider attributes, if any, you set for the network 'ext-net'. Can you provide the output of 'neutron net-show ext-net'?



As it stands, any traffic leaving the qg interface will be untagged:



> root@ control:~# ovs-ofctl dump-flows br-ex NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=558.95s, table=0, n_packets=479, n_bytes=102435,
> idle_age=10, priority=0 actions=NORMAL



So depending on the switch port configuration, traffic out the qg interface (from the Neutron router) may not reach the gateway at 172.29.105.254. Like say, if ext-net is configured as a VLAN network, there is nothing currently in place to tag the traffic accordingly, be it OVS or a eth2.x interface in br-ex. The 'external_network_bridge​' option in l3_agent.ini plays a part in this as well. The 'net-show' output would help me deduce what your intentions were and go from there.



James

________________________________
From: Mitchell Chen <mitchell.chen at mediatek.com<mailto:mitchell.chen at mediatek.com>>
Sent: Wednesday, March 4, 2015 8:12 PM
To: Kevin Benton
Cc: James Denton; openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: RE: [Openstack] Can not ping the tenant router gateway from host

The openvswitch agent seems to be all up with my neutron and three compute nodes.

root at control: # neutron agent-list
+--------------------------------------+--------------------+------------+-------+----------------+
| id                                   | agent_type         | host       | alive | admin_state_up |
+--------------------------------------+--------------------+------------+-------+----------------+
| 68eba267-b885-4aad-96a4-e8d19ac9db4a | L3 agent           | mussdhux20 | :-)   | True           |
| c0726b66-a1f4-4b00-9120-7bf0ee91a3d0 | DHCP agent         | mussdhux20 | :-)   | True           |
| d8808f97-90f8-424d-a786-45b4541af755 | Open vSwitch agent | mussdhux04 | :-)   | True           |
| e8d85451-3f6f-4b2a-94a1-6dd3e9a93cff | Metadata agent     | mussdhux20 | :-)   | True           |
| f4e51873-7e18-49a4-ab6b-94c24500e25f | Open vSwitch agent | mussdhux13 | :-)   | True           |
| f8cab47d-a0db-4de2-b457-23c4e87ccb32 | Open vSwitch agent | mussdhux10 | :-)   | True           |
| fd9ab1c9-ce62-4504-8d68-215584a70a17 | Open vSwitch agent | mussdhux20 | :-)   | True           |
+--------------------------------------+--------------------+------------+-------+----------------+

But, there is an error related to db.sock and exception happened, how is this happen? I really appreciate the light. Can this issue be fixed?

2015-03-04 12:05:40.146 1907 ERROR neutron.agent.linux.ovsdb_monitor [-] Error received from ovsdb monitor: ovsdb-client: unix:/var/run/openvswitch/db.sock: receive failed (End of file)
2015-03-04 12:05:40.148 1907 DEBUG neutron.agent.linux.async_process [-] Halting async process [['ovsdb-client', 'monitor', 'Interface', 'name,ofport', '--format=json']] in response to an error. _handle_process_error /usr/lib/python2.7/dist-packages/neutron/agent/linux/async_process.py:173
2015-03-04 12:05:40.148 1907 DEBUG neutron.agent.linux.utils [-] Running command: ['ps', '--ppid', '2452', '-o', 'pid='] create_process /usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py:48
2015-03-04 12:05:40.186 1907 DEBUG neutron.agent.linux.utils [-]
Command: ['ps', '--ppid', '2452', '-o', 'pid=']
Exit code: 1
Stdout: ''
Stderr: '' execute /usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py:75
2015-03-04 12:05:40.876 1907 DEBUG neutron.plugins.openvswitch.agent.ovs_neutron_agent [-] Agent rpc_loop - iteration:633 started rpc_loop /usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py:1287
2015-03-04 12:05:40.877 1907 DEBUG neutron.agent.linux.utils [-] Running command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ovs-ofctl', 'dump-flows', 'br-int', 'table=22'] create_process /usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py:48
2015-03-04 12:05:40.975 1907 DEBUG neutron.agent.linux.utils [-]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ovs-ofctl', 'dump-flows', 'br-int', 'table=22']
Exit code: 1
Stdout: ''
Stderr: 'ovs-ofctl: br-int is not a bridge or a socket\n' execute /usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py:75
2015-03-04 12:05:40.976 1907 ERROR neutron.agent.linux.ovs_lib [-] Unable to execute ['ovs-ofctl', 'dump-flows', 'br-int', 'table=22']. Exception:
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ovs-ofctl', 'dump-flows', 'br-int', 'table=22']
Exit code: 1
Stdout: ''
Stderr: 'ovs-ofctl: br-int is not a bridge or a socket\n'
2015-03-04 12:05:40.976 1907 DEBUG neutron.agent.linux.utils [-] Running command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ovs-vsctl', '--timeout=10', '--', '--may-exist', 'add-br', 'br-int'] create_process /usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py:48
2015-03-04 12:05:41.069 1907 DEBUG neutron.agent.linux.utils [-]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ovs-vsctl', '--timeout=10', '--', '--may-exist', 'add-br', 'br-int']
Exit code: 1
Stdout: ''
Stderr: '2015-03-04T20:05:41Z|00002|reconnect|WARN|unix:/var/run/openvswitch/db.sock: connection attempt failed (No such file or directory)\novs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)\n' execute /usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py:75
2015-03-04 12:05:41.070 1907 ERROR neutron.agent.linux.ovs_lib [-] Unable to execute ['ovs-vsctl', '--timeout=10', '--', '--may-exist', 'add-br', 'br-int']. Exception:
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ovs-vsctl', '--timeout=10', '--', '--may-exist', 'add-br', 'br-int']
Exit code: 1
Stdout: ''
Stderr: '2015-03-04T20:05:41Z|00002|reconnect|WARN|unix:/var/run/openvswitch/db.sock: connection attempt failed (No such file or directory)\novs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)\n'
2015-03-04 12:05:41.071 1907 DEBUG neutron.agent.linux.utils [-] Running command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ovs-vsctl', '--timeout=10', '--', 'set-fail-mode', 'br-int', 'secure'] create_process /usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py:48
2015-03-04 12:05:41.165 1907 DEBUG neutron.agent.linux.utils [-]
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ovs-vsctl', '--timeout=10', '--', 'set-fail-mode', 'br-int', 'secure']
Exit code: 1
Stdout: ''
Stderr: '2015-03-04T20:05:41Z|00002|reconnect|WARN|unix:/var/run/openvswitch/db.sock: connection attempt failed (No such file or directory)\novs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)\n' execute /usr/lib/python2.7/dist-packages/neutron/agent/linux/utils.py:75
2015-03-04 12:05:41.166 1907 ERROR neutron.agent.linux.ovs_lib [-] Unable to execute ['ovs-vsctl', '--timeout=10', '--', 'set-fail-mode', 'br-int', 'secure']. Exception:
Command: ['sudo', '/usr/bin/neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'ovs-vsctl', '--timeout=10', '--', 'set-fail-mode', 'br-int', 'secure']
Exit code: 1
Stdout: ''
Stderr: '2015-03-04T20:05:41Z|00002|reconnect|WARN|unix:/var/run/openvswitch/db.sock: connection attempt failed (No such file or directory)\novs-vsctl: unix:/var/run/openvswitch/db.sock: database connection failed (No such file or directory)\n'
2015-03-04 12:05:41.166 1907 DEBUG neutron.agent.linux.async_process [-] Halting async process [['ovsdb-client', 'monitor', 'Interface', 'name,ofport', '--format=json']]. stop /usr/lib/python2.7/dist-packages/neutron/agent/linux/async_process.py:90
2015-03-04 12:05:41.167 1907 CRITICAL neutron [-] Trying to re-send() an already-triggered event.
2015-03-04 12:05:41.167 1907 TRACE neutron Traceback (most recent call last):
2015-03-04 12:05:41.167 1907 TRACE neutron   File "/usr/bin/neutron-openvswitch-agent", line 10, in <module>
2015-03-04 12:05:41.167 1907 TRACE neutron     sys.exit(main())
2015-03-04 12:05:41.167 1907 TRACE neutron   File "/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1476, in main
2015-03-04 12:05:41.167 1907 TRACE neutron     agent.daemon_loop()
2015-03-04 12:05:41.167 1907 TRACE neutron   File "/usr/lib/python2.7/dist-packages/neutron/plugins/openvswitch/agent/ovs_neutron_agent.py", line 1404, in daemon_loop
2015-03-04 12:05:41.167 1907 TRACE neutron     self.rpc_loop(polling_manager=pm)
2015-03-04 12:05:41.167 1907 TRACE neutron   File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__
2015-03-04 12:05:41.167 1907 TRACE neutron     self.gen.throw(type, value, traceback)
2015-03-04 12:05:41.167 1907 TRACE neutron   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/polling.py", line 41, in get_polling_manager
2015-03-04 12:05:41.167 1907 TRACE neutron     pm.stop()
2015-03-04 12:05:41.167 1907 TRACE neutron   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/polling.py", line 108, in stop
2015-03-04 12:05:41.167 1907 TRACE neutron     self._monitor.stop()
2015-03-04 12:05:41.167 1907 TRACE neutron   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/async_process.py", line 91, in stop
2015-03-04 12:05:41.167 1907 TRACE neutron     self._kill()
2015-03-04 12:05:41.167 1907 TRACE neutron   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/ovsdb_monitor.py", line 108, in _kill
2015-03-04 12:05:41.167 1907 TRACE neutron     super(SimpleInterfaceMonitor, self)._kill(*args, **kwargs)
2015-03-04 12:05:41.167 1907 TRACE neutron   File "/usr/lib/python2.7/dist-packages/neutron/agent/linux/async_process.py", line 118, in _kill
2015-03-04 12:05:41.167 1907 TRACE neutron     self._kill_event.send()
2015-03-04 12:05:41.167 1907 TRACE neutron   File "/usr/lib/python2.7/dist-packages/eventlet/event.py", line 150, in send
2015-03-04 12:05:41.167 1907 TRACE neutron     assert self._result is NOT_USED, 'Trying to re-send() an already-triggered event.'
2015-03-04 12:05:41.167 1907 TRACE neutron AssertionError: Trying to re-send() an already-triggered event.
2015-03-04 12:05:41.167 1907 TRACE neutron
2015-03-04 12:05:41.704 6251 INFO neutron.common.config [-] Logging enabled!

From: Kevin Benton [mailto:blak111 at gmail.com]
Sent: Wednesday, March 04, 2015 5:01 PM
To: Mitchell Chen
Cc: James Denton; openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: Re: [Openstack] Can not ping the tenant router gateway from host

Did you confirm that the openvswitch agent is running on that host? Run 'neutron agent-list' to make sure it's active. If it is, check the neutron agent log (usually something like /var/log/neutron/openvswitch-agent.log) for exceptions to see if it was having issues binding the port.

On Wed, Mar 4, 2015 at 4:14 PM, Mitchell Chen <mitchell.chen at mediatek.com<mailto:mitchell.chen at mediatek.com>> wrote:
The 172.29.106.254 is the default gateway of both my neutron and control nodes. I can ping the 105 subnet from both neutron and control nodes:

root at neutron:~# ping -c 4 172.29.105.254
PING 172.29.105.254 (172.29.105.254) 56(84) bytes of data.
64 bytes from 172.29.105.254<http://172.29.105.254>: icmp_seq=1 ttl=63 time=1.83 ms
64 bytes from 172.29.105.254<http://172.29.105.254>: icmp_seq=2 ttl=63 time=1.80 ms
64 bytes from 172.29.105.254<http://172.29.105.254>: icmp_seq=3 ttl=63 time=1.80 ms
64 bytes from 172.29.105.254<http://172.29.105.254>: icmp_seq=4 ttl=63 time=1.82 ms

--- 172.29.105.254 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms

>>>Is there a route on that device (static/local) that would allow you to reach the 172.29.105.0/24<http://172.29.105.0/24> subnet? Are you able to ping the ext-net gateway (172.29.105.254) from within the router namespace?

No, the ext-net gateway (172.29.105.254) can not be pinged within the router namespace: (Is this right way to ping?)
root@ neutron:~# ip netns exec qrouter-09800b9c-7f2e-40d7-94e5-09e8f73d0302 ping -I qg-6849da02-da 172.29.105.254
PING 172.29.105.254 (172.29.105.254) from 172.29.105.101 qg-6849da02-da: 56(84) bytes of data.
From 172.29.105.101 icmp_seq=1 Destination Host Unreachable
From 172.29.105.101 icmp_seq=2 Destination Host Unreachable
From 172.29.105.101 icmp_seq=3 Destination Host Unreachable
From 172.29.105.101 icmp_seq=4 Destination Host Unreachable
From 172.29.105.101 icmp_seq=5 Destination Host Unreachable
From 172.29.105.101 icmp_seq=6 Destination Host Unreachable

>>> It means that tap is stale. You can see if there is still a corresponding Neutron port with “neutron port-list | grep 27dd1b25-62”.

Yes, there is corresponding port, bit it's status down

root at control:# neutron port-list | grep 27dd1b25-62
| 27dd1b25-621a-475f-9398-cf8e4d33a7d7 |      | fa:16:3e:49:c7:00 | {"subnet_id": "33d60404-d979-4b63-83ef-653268195872", "ip_address": "192.168.2.2"} |

root at control:# neutron port-show 27dd1b25-621a-475f-9398-cf8e4d33a7d7
+-----------------------+------------------------------------------------------------------------------------+
| Field                 | Value                                                                              |
+-----------------------+------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                               |
| allowed_address_pairs |                                                                                    |
| binding:vnic_type     | normal                                                                             |
| device_id             | dhcp0416e1db-8834-5f05-9716-ee162a01eef2-95f5f75f-577f-4827-b51c-f949fb46393b      |
| device_owner          | network:dhcp                                                                       |
| extra_dhcp_opts       |                                                                                    |
| fixed_ips             | {"subnet_id": "33d60404-d979-4b63-83ef-653268195872", "ip_address": "192.168.2.2"} |
| id                    | 27dd1b25-621a-475f-9398-cf8e4d33a7d7                                               |
| mac_address           | fa:16:3e:49:c7:00                                                                  |
| name                  |                                                                                    |
| network_id            | 95f5f75f-577f-4827-b51c-f949fb46393b                                               |
| security_groups       |                                                                                    |
| status                | DOWN                                                                               |
| tenant_id             | 1bc3de8b19384858a1a7a6395e1845e3                                                   |
+-----------------------+------------------------------------------------------------------------------------+

-----Original Message-----
From: James Denton [mailto:james.denton at rackspace.com<mailto:james.denton at rackspace.com>]
Sent: Wednesday, March 04, 2015 2:19 PM
To: Mitchell Chen
Cc: openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Subject: Re: [Openstack] Can not ping the tenant router gateway from host
Hi Mitchell,

>> I am able to ping from router to the router gateway (172.29.105.101)
>> and router to internal tenant gateway (192.168.2.1)

You are pinging these IPs within the router namespace, which I would expect to work, as those are the IPs configured on the router’s interfaces.

>> … but still can not ping from control node to the router gateway

The default route of your Neutron host appears to be 172.29.106.254. Is that also the case for the control host?

>> default via 172.29.106.254 dev eth0

Is there a route on that device (static/local) that would allow you to reach the 172.29.105.0/24<http://172.29.105.0/24> subnet? Are you able to ping the ext-net gateway (172.29.105.254) from within the router namespace?

>> I saw there is a tag 4095 in the tap port of the br-int bridge. Is this OK?

It means that tap is stale. You can see if there is still a corresponding Neutron port with “neutron port-list | grep 27dd1b25-62”.

James

> On Mar 4, 2015, at 3:03 PM, Mitchell Chen <mitchell.chen at mediatek.com<mailto:mitchell.chen at mediatek.com>> wrote:
>
> Hi All,
>
> I am struggling with not being able to ping the router gateway. I am able to ping from router to the router gateway (172.29.105.101) and router to internal tenant gateway (192.168.2.1), but still can not ping from control node to the router gateway. I am using GRE tunneling. I saw there is a tag 4095 in the tap port of the br-int bridge. Is this OK? Please advise. From the following data, is there a way to debug the issue?
>
> Thanks,
> Mitchell
>
>
> root at control:~# ovs-vsctl show
> f22d3ba4-d785-4fe7-a283-16ffbc75c434
>     Bridge br-int
>         fail_mode: secure
>         Port "qr-784a2f1c-e6"
>             tag: 1
>             Interface "qr-784a2f1c-e6"
>                 type: internal
>         Port "tap27dd1b25-62"
>             tag: 4095
>             Interface "tap27dd1b25-62"
>                 type: internal
>        Port br-int
>             Interface br-int
>                 type: internal
>         Port patch-tun
>             Interface patch-tun
>                 type: patch
>                 options: {peer=patch-int}
>     Bridge br-tun
>         Port patch-int
>             Interface patch-int
>                 type: patch
>                 options: {peer=patch-tun}
>         Port "gre-c0a801cc"
>             Interface "gre-c0a801cc"
>                 type: gre
>                 options: {in_key=flow, local_ip="192.168.1.220", out_key=flow, remote_ip="192.168.1.204"}
>         Port "gre-c0a801d5"
>             Interface "gre-c0a801d5"
>                 type: gre
>                 options: {in_key=flow, local_ip="192.168.1.220", out_key=flow, remote_ip="192.168.1.213"}
>         Port br-tun
>             Interface br-tun
>                 type: internal
>         Port "gre-c0a801d2"
>             Interface "gre-c0a801d2"
>                 type: gre
>                 options: {in_key=flow, local_ip="192.168.1.220", out_key=flow, remote_ip="192.168.1.210"}
>     Bridge br-ex
>         Port "qg-6849da02-da"
>             Interface "qg-6849da02-da"
>                 type: internal
>         Port br-ex
>             Interface br-ex
>                 type: internal
>         Port "eth2"
>             Interface "eth2"
>     ovs_version: "2.0.2"
>
> root at control:~# ovs-ofctl dump-flows br-int NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=55.846s, table=0, n_packets=2, n_bytes=214,
> idle_age=8, priority=1 actions=NORMAL cookie=0x0, duration=55.649s,
> table=22, n_packets=0, n_bytes=0, idle_age=55, priority=0 actions=drop
>
> root@ control:~# ovs-ofctl dump-flows br-tun NXST_FLOW reply
> (xid=0x4):
> cookie=0x0, duration=66.836s, table=0, n_packets=0, n_bytes=0,
> idle_age=66, priority=1,in_port=3 actions=resubmit(,2) cookie=0x0,
> duration=68.694s, table=0, n_packets=0, n_bytes=0, idle_age=68,
> priority=1,in_port=1 actions=resubmit(,1) cookie=0x0,
> duration=66.545s, table=0, n_packets=0, n_bytes=0, idle_age=66,
> priority=1,in_port=4 actions=resubmit(,2) cookie=0x0,
> duration=67.159s, table=0, n_packets=32, n_bytes=5592, idle_age=1,
> priority=1,in_port=2 actions=resubmit(,2) cookie=0x0, duration=68.59s,
> table=0, n_packets=5, n_bytes=390, idle_age=59, priority=0
> actions=drop cookie=0x0, duration=68.495s, table=1, n_packets=0,
> n_bytes=0, idle_age=68,
> priority=1,dl_dst=00:00:00:00:00:00/01:00:00:00:00:00
> actions=resubmit(,20) cookie=0x0, duration=68.391s, table=1,
> n_packets=0, n_bytes=0, idle_age=68,
> priority=1,dl_dst=01:00:00:00:00:00/01:00:00:00:00:00
> actions=resubmit(,21) cookie=0x0, duration=64.686s, table=2,
> n_packets=32, n_bytes=5592, idle_age=1, priority=1,tun_id=0x2
> actions=mod_vlan_vid:1,resubmit(,10)
> cookie=0x0, duration=68.293s, table=2, n_packets=0, n_bytes=0,
> idle_age=68, priority=0 actions=drop cookie=0x0, duration=68.193s,
> table=3, n_packets=0, n_bytes=0, idle_age=68, priority=0 actions=drop
> cookie=0x0, duration=68.082s, table=10, n_packets=32, n_bytes=5592,
> idle_age=1, priority=1
> actions=learn(table=20,hard_timeout=300,priority=1,NXM_OF_VLAN_TCI[0..
> 11],NXM_OF_ETH_DST[]=NXM_OF_ETH_SRC[],load:0->NXM_OF_VLAN_TCI[],load:N
> XM_NX_TUN_ID[]->NXM_NX_TUN_ID[],output:NXM_OF_IN_PORT[]),output:1
> cookie=0x0, duration=56.741s, table=20, n_packets=0, n_bytes=0,
> hard_timeout=300, idle_age=56, hard_age=1,
> priority=1,vlan_tci=0x0001/0x0fff,dl_dst=b2:a9:8f:0a:42:fb
> actions=load:0->NXM_OF_VLAN_TCI[],load:0x2->NXM_NX_TUN_ID[],output:2
> cookie=0x0, duration=22.544s, table=20, n_packets=0, n_bytes=0,
> hard_timeout=300, idle_age=22, hard_age=9,
> priority=1,vlan_tci=0x0001/0x0fff,dl_dst=62:bb:fb:a4:92:db
> actions=load:0->NXM_OF_VLAN_TCI[],load:0x2->NXM_NX_TUN_ID[],output:2
> cookie=0x0, duration=67.982s, table=20, n_packets=0, n_bytes=0,
> idle_age=67, priority=0 actions=resubmit(,21) cookie=0x0,
> duration=64.782s, table=21, n_packets=0, n_bytes=0, idle_age=64,
> dl_vlan=1 actions=strip_vlan,set_tunnel:0x2,output:4,output:3,output:2
> cookie=0x0, duration=67.87s, table=21, n_packets=0, n_bytes=0,
> idle_age=67, priority=0 actions=drop
>
> root@ control:~# ovs-ofctl dump-flows br-ex NXST_FLOW reply (xid=0x4):
> cookie=0x0, duration=558.95s, table=0, n_packets=479, n_bytes=102435,
> idle_age=10, priority=0 actions=NORMAL
>
> root at neutron:~# ip netns
> qrouter-09800b9c-7f2e-40d7-94e5-09e8f73d0302
> qdhcp-95f5f75f-577f-4827-b51c-f949fb46393b
> root at mussdhux20:~# ip netns exec
> qrouter-09800b9c-7f2e-40d7-94e5-09e8f73d0302 ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8<http://127.0.0.1/8> scope host lo
>        valid_lft forever preferred_lft forever
>     inet6 ::1/128 scope host
>        valid_lft forever preferred_lft forever
> 14: qr-784a2f1c-e6: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
>     link/ether fa:16:3e:d2:db:51 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.2.1/24<http://192.168.2.1/24> brd 192.168.2.255 scope global qr-784a2f1c-e6
>        valid_lft forever preferred_lft forever
>     inet6 fe80::f816:3eff:fed2:db51/64 scope link
>        valid_lft forever preferred_lft forever
> 15: qg-6849da02-da: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
>     link/ether fa:16:3e:15:c8:76 brd ff:ff:ff:ff:ff:ff
>     inet 172.29.105.101/24<http://172.29.105.101/24> brd 172.29.105.255 scope global qg-6849da02-da
>        valid_lft forever preferred_lft forever
>     inet 172.29.105.102/32<http://172.29.105.102/32> brd 172.29.105.102 scope global qg-6849da02-da
>        valid_lft forever preferred_lft forever
>     inet6 fe80::f816:3eff:fe15:c876/64 scope link
>        valid_lft forever preferred_lft forever
>
> /// I can ping from router to external router gateway root@ neutron:~#
> ip netns exec qrouter-09800b9c-7f2e-40d7-94e5-09e8f73d0302 ping -I qg-6849da02-da 172.29.105.101
> PING 172.29.105.101 (172.29.105.101) from 172.29.105.101 qg-6849da02-da: 56(84) bytes of data.
> 64 bytes from 172.29.105.101<http://172.29.105.101>: icmp_seq=1 ttl=64 time=0.067 ms
> 64 bytes from 172.29.105.101<http://172.29.105.101>: icmp_seq=2 ttl=64 time=0.048 ms
> 64 bytes from 172.29.105.101<http://172.29.105.101>: icmp_seq=3 ttl=64 time=0.062 ms
> 64 bytes from 172.29.105.101<http://172.29.105.101>: icmp_seq=4 ttl=64 time=0.051 ms
> 64 bytes from 172.29.105.101<http://172.29.105.101>: icmp_seq=5 ttl=64 time=0.061 ms
> 64 bytes from 172.29.105.101<http://172.29.105.101>: icmp_seq=6 ttl=64 time=0.050 ms ^C
> --- 172.29.105.101 ping statistics ---
> 6 packets transmitted, 6 received, 0% packet loss, time 4998ms rtt
> min/avg/max/mdev = 0.048/0.056/0.067/0.010 ms
>
> /// I can ping from router to internal tenant gateway
> root at mussdhux20:~# ip netns exec qrouter-09800b9c-7f2e-40d7-94e5-09e8f73d0302 ping -I qr-784a2f1c-e6 192.168.2.1
> PING 192.168.2.1 (192.168.2.1) from 192.168.2.1 qr-784a2f1c-e6: 56(84) bytes of data.
> 64 bytes from 192.168.2.1<http://192.168.2.1>: icmp_seq=1 ttl=64 time=0.045 ms
> 64 bytes from 192.168.2.1<http://192.168.2.1>: icmp_seq=2 ttl=64 time=0.047 ms
> 64 bytes from 192.168.2.1<http://192.168.2.1>: icmp_seq=3 ttl=64 time=0.064 ms
> 64 bytes from 192.168.2.1<http://192.168.2.1>: icmp_seq=4 ttl=64 time=0.049 ms
> 64 bytes from 192.168.2.1<http://192.168.2.1>: icmp_seq=5 ttl=64 time=0.056 ms
> 64 bytes from 192.168.2.1<http://192.168.2.1>: icmp_seq=6 ttl=64 time=0.044 ms ^C
> --- 192.168.2.1 ping statistics ---
> 6 packets transmitted, 6 received, 0% packet loss, time 4998ms rtt
> min/avg/max/mdev = 0.044/0.050/0.064/0.011 ms
>
> root@ neutron:~# ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>     inet 127.0.0.1/8<http://127.0.0.1/8> scope host lo
>        valid_lft forever preferred_lft forever
>     inet6 ::1/128 scope host
>        valid_lft forever preferred_lft forever
> 2: eth2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP group default qlen 1000
>     link/ether 00:d0:b7:9d:be:de brd ff:ff:ff:ff:ff:ff
>     inet6 fe80::2d0:b7ff:fe9d:bede/64 scope link
>        valid_lft forever preferred_lft forever
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
>     link/ether 00:02:b3:ea:fd:36 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.1.220/24<http://192.168.1.220/24> brd 192.168.1.255 scope global eth1
>        valid_lft forever preferred_lft forever
>     inet6 fe80::202:b3ff:feea:fd36/64 scope link
>        valid_lft forever preferred_lft forever
> 4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
>     link/ether 00:0f:fe:5e:2b:52 brd ff:ff:ff:ff:ff:ff
>     inet 172.29.106.220/24<http://172.29.106.220/24> brd 172.29.106.255 scope global eth0
>        valid_lft forever preferred_lft forever
>     inet6 fe80::20f:feff:fe5e:2b52/64 scope link
>        valid_lft forever preferred_lft forever
> 5: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default
>     link/ether 42:ad:09:62:3e:ff brd ff:ff:ff:ff:ff:ff
> 6: br-ex: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
>     link/ether 00:d0:b7:9d:be:de brd ff:ff:ff:ff:ff:ff
>     inet6 fe80::4460:3dff:fe54:774a/64 scope link
>        valid_lft forever preferred_lft forever
> 9: br-int: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
>     link/ether 0e:51:a9:81:c8:4b brd ff:ff:ff:ff:ff:ff
>     inet6 fe80::50b6:6dff:fe2b:497f/64 scope link
>        valid_lft forever preferred_lft forever
> 17: br-tun: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
>     link/ether 96:20:ae:89:c4:49 brd ff:ff:ff:ff:ff:ff
>     inet6 fe80::14bd:19ff:fe80:55f7/64 scope link
>        valid_lft forever preferred_lft forever
>
> root@ neutron:~# ip route
> default via 172.29.106.254 dev eth0
> 169.254.0.0/16<http://169.254.0.0/16> dev eth1  scope link  metric 1000
> 172.29.106.0/24<http://172.29.106.0/24> dev eth0  proto kernel  scope link  src 172.29.106.220
> 192.168.1.0/24<http://192.168.1.0/24> dev eth1  proto kernel  scope link  src 192.168.1.220
>
> > > root at control# neutron net-list
> +--------------------------------------+----------+------------------------------------------------------+
> | id                                   | name     | subnets                                              |
> +--------------------------------------+----------+------------------------------------------------------+
> | 95f5f75f-577f-4827-b51c-f949fb46393b | demo-net |
> | 33d60404-d979-4b63-83ef-653268195872 192.168.2.0/24<http://192.168.2.0/24>  |
> | e567fd9d-f87a-491c-b8f1-32d28de4069e | ext-net  |
> | 0f5d2be9-74b0-466e-b0e6-4be8f646338a 172.29.105.0/24<http://172.29.105.0/24> |
> +--------------------------------------+----------+------------------------------------------------------+
> root control # neutron subnet-list
> +--------------------------------------+-------------+-----------------+------------------------------------------------------+
> | id                                   | name        | cidr            | allocation_pools                                     |
> +--------------------------------------+-------------+-----------------+------------------------------------------------------+
> | 0f5d2be9-74b0-466e-b0e6-4be8f646338a | ext-subnet  | 172.29.105.0/24<http://172.29.105.0/24> | {"start": "172.29.105.101", "end": "172.29.105.127"} |
> | 33d60404-d979-4b63-83ef-653268195872 | demo-subnet | 192.168.2.0/24<http://192.168.2.0/24>  | {"start": "192.168.2.2", "end": "192.168.2.254"}     |
> +--------------------------------------+-------------+-----------------+------------------------------------------------------+
> > >
> > > root@ control# neutron subnet-show ext-subnet
> +------------------+------------------------------------------------------+
> | Field            | Value                                                |
> +------------------+------------------------------------------------------+
> | allocation_pools | {"start": "172.29.105.101", "end": "172.29.105.127"} |
> | cidr             | 172.29.105.0/24<http://172.29.105.0/24>                                      |
> | dns_nameservers  |                                                      |
> | enable_dhcp      | False                                                |
> | gateway_ip       | 172.29.105.254                                       |
> | host_routes      |                                                      |
> | id               | 0f5d2be9-74b0-466e-b0e6-4be8f646338a                 |
> | ip_version       | 4                                                    |
> | name             | ext-subnet                                           |
> | network_id       | e567fd9d-f87a-491c-b8f1-32d28de4069e                 |
> | tenant_id        | 7479d4eabeb14b45a7f38269155ec0f5                     |
> +------------------+------------------------------------------------------+
> > > root@ control# neutron subnet-show demo-subnet
> +------------------+--------------------------------------------------+
> | Field            | Value                                            |
> +------------------+--------------------------------------------------+
> | allocation_pools | {"start": "192.168.2.2", "end": "192.168.2.254"} |
> | cidr             | 192.168.2.0/24<http://192.168.2.0/24>                                   |
> | dns_nameservers  | 8.8.8.8                                          |
> | enable_dhcp      | True                                             |
> | gateway_ip       | 192.168.2.1                                      |
> | host_routes      |                                                  |
> | id               | 33d60404-d979-4b63-83ef-653268195872             |
> | ip_version       | 4                                                |
> | name             | demo-subnet                                      |
> | network_id       | 95f5f75f-577f-4827-b51c-f949fb46393b             |
> | tenant_id        | 1bc3de8b19384858a1a7a6395e1845e3                 |
> +------------------+--------------------------------------------------+
> ************* Email Confidentiality Notice ******************** The
> information contained in this e-mail message (including any
> attachments) may be confidential, proprietary, privileged, or
> otherwise exempt from disclosure under applicable laws. It is intended
> to be conveyed only to the designated recipient(s). Any use,
> dissemination, distribution, printing, retaining or copying of this
> e-mail (including its
> attachments) by unintended recipient(s) is strictly prohibited and may
> be unlawful. If you are not an intended recipient of this e-mail, or
> believe that you have received this e-mail in error, please notify the
> sender immediately (by replying to this e-mail), delete any and all
> copies of this e-mail (including any attachments) from your system,
> and do not disclose the content of this e-mail to any other person. Thank you!
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack


************* Email Confidentiality Notice ********************
The information contained in this e-mail message (including any
attachments) may be confidential, proprietary, privileged, or otherwise
exempt from disclosure under applicable laws. It is intended to be
conveyed only to the designated recipient(s). Any use, dissemination,
distribution, printing, retaining or copying of this e-mail (including its
attachments) by unintended recipient(s) is strictly prohibited and may
be unlawful. If you are not an intended recipient of this e-mail, or believe
that you have received this e-mail in error, please notify the sender
immediately (by replying to this e-mail), delete any and all copies of
this e-mail (including any attachments) from your system, and do not
disclose the content of this e-mail to any other person. Thank you!
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack



--
Kevin Benton

************* Email Confidentiality Notice ********************

The information contained in this e-mail message (including any

attachments) may be confidential, proprietary, privileged, or otherwise

exempt from disclosure under applicable laws. It is intended to be

conveyed only to the designated recipient(s). Any use, dissemination,

distribution, printing, retaining or copying of this e-mail (including its

attachments) by unintended recipient(s) is strictly prohibited and may

be unlawful. If you are not an intended recipient of this e-mail, or believe

that you have received this e-mail in error, please notify the sender

immediately (by replying to this e-mail), delete any and all copies of

this e-mail (including any attachments) from your system, and do not

disclose the content of this e-mail to any other person. Thank you!



************* Email Confidentiality Notice ********************
The information contained in this e-mail message (including any
attachments) may be confidential, proprietary, privileged, or otherwise
exempt from disclosure under applicable laws. It is intended to be
conveyed only to the designated recipient(s). Any use, dissemination,
distribution, printing, retaining or copying of this e-mail (including its
attachments) by unintended recipient(s) is strictly prohibited and may
be unlawful. If you are not an intended recipient of this e-mail, or believe
that you have received this e-mail in error, please notify the sender
immediately (by replying to this e-mail), delete any and all copies of
this e-mail (including any attachments) from your system, and do not
disclose the content of this e-mail to any other person. Thank you!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150305/85a74388/attachment.html>


More information about the Openstack mailing list