[Openstack] Openstack Kilo Vxlan tunnel single NIC setup

Amir Huskić amir.huskic at gmail.com
Thu Nov 12 11:57:23 UTC 2015


Thank you Andreas. I'll try it. I've opened new thread with additional info
(here:
http://lists.openstack.org/pipermail/openstack/2015-November/014564.html)
and subject: Vxlan/gre port is not created in br-tun Kilo. There are also
config files.

Regards,
Amir

On Thu, Nov 12, 2015 at 10:17 AM, Andreas Scheuring <
scheuran at linux.vnet.ibm.com> wrote:

> What you see is the expected behavior. A Tun (vxlan/gre) port is created
> for each other Node (that runs the neutron-openvswitch-agent) in your
> Openstack Cluster. So if you have a single node - no other Openstack
> node - no tun port.
>
> It's not a use case that an external (non Openstack managed System) Node
> is participating in your Openstack internal tunnel network.
>
> The current ovs implementation knows exactly which vm is reachable via
> which mac on which other hypervisor via which tunnel port. All these
> logic is implemented via openflow rules, which steer the traffic to the
> correct tun device. Traffic that does not match those rules, will be
> dropped (I guess).
>
> You can only achieve this with an external vxlan network. I personally
> haven't tried this so far creating it with Openstack. But for a prove of
> concept you could create the tun port on your own on br-ex (instead of
> plugging your interface into br-ex).
>
> Hope this helps.
>
>
>
> --
> Andreas
> (IRC: scheuran)
>
>
>
> On Do, 2015-11-12 at 09:36 +0100, Amir Huskić wrote:
> > Thank you all for suggestions and sorry for late answer. Now I have PC
> > with two interfaces; eth0 for br-ex (LAN) and eth1 for vxlan/gre
> > tunnel interface. Br-ex is working fine and also I can ping and access
> > VM using floating IP. But still facing issue with vxlan/gre tunnels.
> > Vxlan/gre port is not created on br-tun.
> >
> >
> > As I already wrote I'm trying to enable L2 connectivity between VMs
> > running on single node Openstack Kilo instalation (Devstack) and
> > external Linux host using vxlan/gre tunnel. Since there are now two
> > NICs I'll open new thread.
> >
> >
> > Regards,
> > Amir
> >
> > On Mon, Oct 19, 2015 at 12:36 PM, Akash Gunjal <akgunjal at in.ibm.com>
> > wrote:
> >         Hi Amir,
> >
> >         One point to check is the security rules set in your
> >         controller. Check if you have set the ingress/egress rules set
> >         for ICMP protocol (ping) which will otherwise block traffic
> >         from external hosts to the tenant VM.
> >
> >         Regards,
> >         Akash
> >
> >         Inactive hide details for yatin kumbhare ---10/19/2015
> >         03:56:22 PM---Hi Amir, Not quite sure, as I haven't tried such
> >         a thing.yatin kumbhare ---10/19/2015 03:56:22 PM---Hi Amir,
> >         Not quite sure, as I haven't tried such a thing.
> >
> >         From: yatin kumbhare <yatinkumbhare at gmail.com>
> >         To: Amir Huskić <amir.huskic at gmail.com>
> >         Cc: "openstack at lists.openstack.org"
> >         <openstack at lists.openstack.org>
> >         Date: 10/19/2015 03:56 PM
> >         Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single
> >         NIC setup
> >
> >
> >
> >         ______________________________________________________________
> >
> >
> >
> >         Hi Amir,
> >
> >         Not quite sure, as I haven't tried such a thing.
> >
> >         but IMHO, you might require l2-gateway.
> >
> >         Kind of this: https://www.youtube.com/watch?v=74Wfr4myf5k
> >
> >         Regards,
> >         Yatin
> >
> >         On Mon, Oct 19, 2015 at 4:35 AM, Amir Huskić
> >         <amir.huskic at gmail.com> wrote:
> >                 Hello James,
> >
> >                 I use underscores in ml2 config file as You suggested.
> >                 Also made some changes in config file. Here is
> >                 available:
> >
> https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0
> >
> >                 Summary:
> >                 - can ping from OS host to external gw and external
> >                 linux host
> >                 - can ping from tenant VM to external gw and external
> >                 linux host
> >                 - can't ping OS host and tenant VM floating IP from
> >                 external linux host
> >                 - tcpdump on br-ex and eth0 interface is showing arp
> >                 request during ping request from linux external host
> >                 using vxlan segment
> >
> >                 For additional info please check info from CLI screen
> >                 here:
> >
> https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0
> >
> >                 Accidently I deleted symbolic link in log files
> >                 pointing to agent log. Unfortunately I don't know how
> >                 to create it again with proper permissions. I tried
> >                 with chmod and chown using reference command but
> >                 without much success.
> >
> >                 lrwxrwxrwx  1 amir amir        43 Sep 19 15:26
> >                 screen-n-sch.log
> >                 -> /opt/stack/logs/n-sch.log.2015-09-19-150746
> >                 -rw-r--r--  1 amir amir 245730291 Okt 18 14:00
> >                 screen-q-agt.log
> >                 lrwxrwxrwx  1 amir amir        44 Sep 19 15:25
> >                 screen-q-dhcp.log
> >                 -> /opt/stack/logs/q-dhcp.log.2015-09-19-150746
> >
> >
> >                 Thank you for your help and time.
> >
> >                 Kind regards,
> >                 Amir
> >
> >                 On Wed, Oct 14, 2015 at 4:06 PM, James Denton
> >                 <james.denton at rackspace.com> wrote:
> >                 Hi Amir,
> >
> >                 A couple of recommendations:
> >
> >                 - Your vxlan_group setting has an extra dot at the end
> >                 that may be causing issues:
> >                 [ml2_type_vxlan]
> >                 vxlan_group = 239.0.0.0.
> >                 - Your [OVS] block has some incorrect options. Use
> >                 underscores rather than spaces:
> >                 [ovs]
> >                 bridge_mappings = public:br-ex
> >                 local_ip = 192.168.100.100
> >                 vxlan_udp_port = 8472
> >                 tunnel type = vxlan
> >                 tunnel id ranges = 1001:2000
> >                 tenant network type = vxlan
> >                 enable tunneling = true
> >                 - Same goes for [agent] as well:
> >                 [agent]
> >                 tunnel_types = vxlan
> >                 root_helper_daemon =
> >                 sudo /usr/local/bin/neutron-rootwrap-daemon
> /etc/neutron/rootwrap.conf
> >                 root_helper =
> >                 sudo /usr/local/bin/neutron-rootwrap
> /etc/neutron/rootwrap.conf
> >                 #tunnel_types = vxlan
> >                 vxlan_udp_port = 8472
> >                 l2 population = false
> >                 Start by correcting those issues and restart the OVS
> >                 agents across your hosts. The agent log may be of help
> >                 here as well.
> >
> >                 James
> >                                 On Oct 14, 2015, at 2:38 AM, Amir
> >                                 Huskić <amir.huskic at gmail.com> wrote:
> >
> >                                 Hello,
> >
> >                                 there is also my ml2_conf.ini
> >                                 file:
> https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini
> >
> >                                 Could problem be related to single NIC
> >                                 installation? Is it possible to have
> >                                 same interface for bridge mappings and
> >                                 also for tunnel bridge? Example below:
> >
> >                                 bridge_mappings = public:br-ex
> >                                 integration bridge = br-int
> >                                 tunnel bridge = br-ex
> >
> >                                 Thank you.
> >                                 Regards,
> >                                 Amir
> >
> >
> >                                 On Mon, Oct 12, 2015 at 3:53 PM, Amir
> >                                 Huskić <amir.huskic at gmail.com> wrote:
> >                                         Hi all,
> >
> >                                         I'm trying to setup up
> >                                         Openstack test lab.
> >
> >                                         I deployed Openstack Kilo
> >                                         (Devstack) on PC running
> >                                         Ubuntu LTS 14.02 with single
> >                                         NIC.
> >                                         Tenants are isolated with
> >                                         vxlan networks. I can ping
> >                                         from VMs to external network
> >                                         PCs, SSH login from external
> >                                         PCs to tenants VMs floating IP
> >                                         address, etc.
> >
> >                                         I would like also to connect
> >                                         tenant VMs to external network
> >                                         physical Linux host using
> >                                         vxlan tunnel and have L2
> >                                         connectivity between VM and
> >                                         physical Linux host over L3
> >                                         network.
> >
> >                                         Vxlan interface on Linux
> >                                         physical host is up and
> >                                         running. When I am trying to
> >                                         ping from Linux physical host
> >                                         to Openstack VM (not floating
> >                                         IP) using same subnet L2
> >                                         address (example ping from
> >                                         192.168.10.10 to
> >                                         192.168.10.11) UDP packets on
> >                                         port 8472 are coming to
> >                                         Openstack br-ex interface with
> >                                         ARP request.
> >
> >                                         Problem is that I can't setup
> >                                         vxlan tunnel on Openstack.
> >                                         Command "sudo ovs-vsctl show"
> >                                         doesn't show any vxlan
> >                                         tunnels.
> >                                         Also when I try to ping from
> >                                         VM to Linux host using L2 IP
> >                                         address (ping from
> >                                         192.168.10.11 to
> >                                         192.168.10.10) tcpdump on
> >                                         br-ex doesn't show anything.
> >
> >                                         My ml2_conf.ini files is
> >                                         configured following this
> >                                         guide:
> >
> http://www.opencloudblog.com/?p=300
> >
> >                                         Thanks in advance for your
> >                                         help,
> >
> >                                         Regards,
> >                                         Amir
> >
> >
>  _______________________________________________
> >                                 Mailing list:
> >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >                                 Post to     :
> >                                 openstack at lists.openstack.org
> >                                 Unsubscribe :
> >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> >
> >                 _______________________________________________
> >                 Mailing list:
> >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >                 Post to     : openstack at lists.openstack.org
> >                 Unsubscribe :
> >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >         _______________________________________________
> >         Mailing list:
> >         http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >         Post to     : openstack at lists.openstack.org
> >         Unsubscribe :
> >         http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to     : openstack at lists.openstack.org
> > Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151112/f3d59fb6/attachment.html>


More information about the Openstack mailing list