[Openstack] Openstack Kilo Vxlan tunnel single NIC setup
Andreas Scheuring
scheuran at linux.vnet.ibm.com
Thu Nov 12 09:17:32 UTC 2015
What you see is the expected behavior. A Tun (vxlan/gre) port is created
for each other Node (that runs the neutron-openvswitch-agent) in your
Openstack Cluster. So if you have a single node - no other Openstack
node - no tun port.
It's not a use case that an external (non Openstack managed System) Node
is participating in your Openstack internal tunnel network.
The current ovs implementation knows exactly which vm is reachable via
which mac on which other hypervisor via which tunnel port. All these
logic is implemented via openflow rules, which steer the traffic to the
correct tun device. Traffic that does not match those rules, will be
dropped (I guess).
You can only achieve this with an external vxlan network. I personally
haven't tried this so far creating it with Openstack. But for a prove of
concept you could create the tun port on your own on br-ex (instead of
plugging your interface into br-ex).
Hope this helps.
--
Andreas
(IRC: scheuran)
On Do, 2015-11-12 at 09:36 +0100, Amir Huskić wrote:
> Thank you all for suggestions and sorry for late answer. Now I have PC
> with two interfaces; eth0 for br-ex (LAN) and eth1 for vxlan/gre
> tunnel interface. Br-ex is working fine and also I can ping and access
> VM using floating IP. But still facing issue with vxlan/gre tunnels.
> Vxlan/gre port is not created on br-tun.
>
>
> As I already wrote I'm trying to enable L2 connectivity between VMs
> running on single node Openstack Kilo instalation (Devstack) and
> external Linux host using vxlan/gre tunnel. Since there are now two
> NICs I'll open new thread.
>
>
> Regards,
> Amir
>
> On Mon, Oct 19, 2015 at 12:36 PM, Akash Gunjal <akgunjal at in.ibm.com>
> wrote:
> Hi Amir,
>
> One point to check is the security rules set in your
> controller. Check if you have set the ingress/egress rules set
> for ICMP protocol (ping) which will otherwise block traffic
> from external hosts to the tenant VM.
>
> Regards,
> Akash
>
> Inactive hide details for yatin kumbhare ---10/19/2015
> 03:56:22 PM---Hi Amir, Not quite sure, as I haven't tried such
> a thing.yatin kumbhare ---10/19/2015 03:56:22 PM---Hi Amir,
> Not quite sure, as I haven't tried such a thing.
>
> From: yatin kumbhare <yatinkumbhare at gmail.com>
> To: Amir Huskić <amir.huskic at gmail.com>
> Cc: "openstack at lists.openstack.org"
> <openstack at lists.openstack.org>
> Date: 10/19/2015 03:56 PM
> Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single
> NIC setup
>
>
>
> ______________________________________________________________
>
>
>
> Hi Amir,
>
> Not quite sure, as I haven't tried such a thing.
>
> but IMHO, you might require l2-gateway.
>
> Kind of this: https://www.youtube.com/watch?v=74Wfr4myf5k
>
> Regards,
> Yatin
>
> On Mon, Oct 19, 2015 at 4:35 AM, Amir Huskić
> <amir.huskic at gmail.com> wrote:
> Hello James,
>
> I use underscores in ml2 config file as You suggested.
> Also made some changes in config file. Here is
> available:
> https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0
>
> Summary:
> - can ping from OS host to external gw and external
> linux host
> - can ping from tenant VM to external gw and external
> linux host
> - can't ping OS host and tenant VM floating IP from
> external linux host
> - tcpdump on br-ex and eth0 interface is showing arp
> request during ping request from linux external host
> using vxlan segment
>
> For additional info please check info from CLI screen
> here:
> https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0
>
> Accidently I deleted symbolic link in log files
> pointing to agent log. Unfortunately I don't know how
> to create it again with proper permissions. I tried
> with chmod and chown using reference command but
> without much success.
>
> lrwxrwxrwx 1 amir amir 43 Sep 19 15:26
> screen-n-sch.log
> -> /opt/stack/logs/n-sch.log.2015-09-19-150746
> -rw-r--r-- 1 amir amir 245730291 Okt 18 14:00
> screen-q-agt.log
> lrwxrwxrwx 1 amir amir 44 Sep 19 15:25
> screen-q-dhcp.log
> -> /opt/stack/logs/q-dhcp.log.2015-09-19-150746
>
>
> Thank you for your help and time.
>
> Kind regards,
> Amir
>
> On Wed, Oct 14, 2015 at 4:06 PM, James Denton
> <james.denton at rackspace.com> wrote:
> Hi Amir,
>
> A couple of recommendations:
>
> - Your vxlan_group setting has an extra dot at the end
> that may be causing issues:
> [ml2_type_vxlan]
> vxlan_group = 239.0.0.0.
> - Your [OVS] block has some incorrect options. Use
> underscores rather than spaces:
> [ovs]
> bridge_mappings = public:br-ex
> local_ip = 192.168.100.100
> vxlan_udp_port = 8472
> tunnel type = vxlan
> tunnel id ranges = 1001:2000
> tenant network type = vxlan
> enable tunneling = true
> - Same goes for [agent] as well:
> [agent]
> tunnel_types = vxlan
> root_helper_daemon =
> sudo /usr/local/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
> root_helper =
> sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
> #tunnel_types = vxlan
> vxlan_udp_port = 8472
> l2 population = false
> Start by correcting those issues and restart the OVS
> agents across your hosts. The agent log may be of help
> here as well.
>
> James
> On Oct 14, 2015, at 2:38 AM, Amir
> Huskić <amir.huskic at gmail.com> wrote:
>
> Hello,
>
> there is also my ml2_conf.ini
> file: https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini
>
> Could problem be related to single NIC
> installation? Is it possible to have
> same interface for bridge mappings and
> also for tunnel bridge? Example below:
>
> bridge_mappings = public:br-ex
> integration bridge = br-int
> tunnel bridge = br-ex
>
> Thank you.
> Regards,
> Amir
>
>
> On Mon, Oct 12, 2015 at 3:53 PM, Amir
> Huskić <amir.huskic at gmail.com> wrote:
> Hi all,
>
> I'm trying to setup up
> Openstack test lab.
>
> I deployed Openstack Kilo
> (Devstack) on PC running
> Ubuntu LTS 14.02 with single
> NIC.
> Tenants are isolated with
> vxlan networks. I can ping
> from VMs to external network
> PCs, SSH login from external
> PCs to tenants VMs floating IP
> address, etc.
>
> I would like also to connect
> tenant VMs to external network
> physical Linux host using
> vxlan tunnel and have L2
> connectivity between VM and
> physical Linux host over L3
> network.
>
> Vxlan interface on Linux
> physical host is up and
> running. When I am trying to
> ping from Linux physical host
> to Openstack VM (not floating
> IP) using same subnet L2
> address (example ping from
> 192.168.10.10 to
> 192.168.10.11) UDP packets on
> port 8472 are coming to
> Openstack br-ex interface with
> ARP request.
>
> Problem is that I can't setup
> vxlan tunnel on Openstack.
> Command "sudo ovs-vsctl show"
> doesn't show any vxlan
> tunnels.
> Also when I try to ping from
> VM to Linux host using L2 IP
> address (ping from
> 192.168.10.11 to
> 192.168.10.10) tcpdump on
> br-ex doesn't show anything.
>
> My ml2_conf.ini files is
> configured following this
> guide:
> http://www.opencloudblog.com/?p=300
>
> Thanks in advance for your
> help,
>
> Regards,
> Amir
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to :
> openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
>
>
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
More information about the Openstack
mailing list