[Openstack] Openstack Kilo Vxlan tunnel single NIC setup
Amir Huskić
amir.huskic at gmail.com
Thu Nov 12 11:57:23 UTC 2015
Thank you Andreas. I'll try it. I've opened new thread with additional info
(here:
http://lists.openstack.org/pipermail/openstack/2015-November/014564.html)
and subject: Vxlan/gre port is not created in br-tun Kilo. There are also
config files.
Regards,
Amir
On Thu, Nov 12, 2015 at 10:17 AM, Andreas Scheuring <
scheuran at linux.vnet.ibm.com> wrote:
> What you see is the expected behavior. A Tun (vxlan/gre) port is created
> for each other Node (that runs the neutron-openvswitch-agent) in your
> Openstack Cluster. So if you have a single node - no other Openstack
> node - no tun port.
>
> It's not a use case that an external (non Openstack managed System) Node
> is participating in your Openstack internal tunnel network.
>
> The current ovs implementation knows exactly which vm is reachable via
> which mac on which other hypervisor via which tunnel port. All these
> logic is implemented via openflow rules, which steer the traffic to the
> correct tun device. Traffic that does not match those rules, will be
> dropped (I guess).
>
> You can only achieve this with an external vxlan network. I personally
> haven't tried this so far creating it with Openstack. But for a prove of
> concept you could create the tun port on your own on br-ex (instead of
> plugging your interface into br-ex).
>
> Hope this helps.
>
>
>
> --
> Andreas
> (IRC: scheuran)
>
>
>
> On Do, 2015-11-12 at 09:36 +0100, Amir Huskić wrote:
> > Thank you all for suggestions and sorry for late answer. Now I have PC
> > with two interfaces; eth0 for br-ex (LAN) and eth1 for vxlan/gre
> > tunnel interface. Br-ex is working fine and also I can ping and access
> > VM using floating IP. But still facing issue with vxlan/gre tunnels.
> > Vxlan/gre port is not created on br-tun.
> >
> >
> > As I already wrote I'm trying to enable L2 connectivity between VMs
> > running on single node Openstack Kilo instalation (Devstack) and
> > external Linux host using vxlan/gre tunnel. Since there are now two
> > NICs I'll open new thread.
> >
> >
> > Regards,
> > Amir
> >
> > On Mon, Oct 19, 2015 at 12:36 PM, Akash Gunjal <akgunjal at in.ibm.com>
> > wrote:
> > Hi Amir,
> >
> > One point to check is the security rules set in your
> > controller. Check if you have set the ingress/egress rules set
> > for ICMP protocol (ping) which will otherwise block traffic
> > from external hosts to the tenant VM.
> >
> > Regards,
> > Akash
> >
> > Inactive hide details for yatin kumbhare ---10/19/2015
> > 03:56:22 PM---Hi Amir, Not quite sure, as I haven't tried such
> > a thing.yatin kumbhare ---10/19/2015 03:56:22 PM---Hi Amir,
> > Not quite sure, as I haven't tried such a thing.
> >
> > From: yatin kumbhare <yatinkumbhare at gmail.com>
> > To: Amir Huskić <amir.huskic at gmail.com>
> > Cc: "openstack at lists.openstack.org"
> > <openstack at lists.openstack.org>
> > Date: 10/19/2015 03:56 PM
> > Subject: Re: [Openstack] Openstack Kilo Vxlan tunnel single
> > NIC setup
> >
> >
> >
> > ______________________________________________________________
> >
> >
> >
> > Hi Amir,
> >
> > Not quite sure, as I haven't tried such a thing.
> >
> > but IMHO, you might require l2-gateway.
> >
> > Kind of this: https://www.youtube.com/watch?v=74Wfr4myf5k
> >
> > Regards,
> > Yatin
> >
> > On Mon, Oct 19, 2015 at 4:35 AM, Amir Huskić
> > <amir.huskic at gmail.com> wrote:
> > Hello James,
> >
> > I use underscores in ml2 config file as You suggested.
> > Also made some changes in config file. Here is
> > available:
> >
> https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0
> >
> > Summary:
> > - can ping from OS host to external gw and external
> > linux host
> > - can ping from tenant VM to external gw and external
> > linux host
> > - can't ping OS host and tenant VM floating IP from
> > external linux host
> > - tcpdump on br-ex and eth0 interface is showing arp
> > request during ping request from linux external host
> > using vxlan segment
> >
> > For additional info please check info from CLI screen
> > here:
> >
> https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0
> >
> > Accidently I deleted symbolic link in log files
> > pointing to agent log. Unfortunately I don't know how
> > to create it again with proper permissions. I tried
> > with chmod and chown using reference command but
> > without much success.
> >
> > lrwxrwxrwx 1 amir amir 43 Sep 19 15:26
> > screen-n-sch.log
> > -> /opt/stack/logs/n-sch.log.2015-09-19-150746
> > -rw-r--r-- 1 amir amir 245730291 Okt 18 14:00
> > screen-q-agt.log
> > lrwxrwxrwx 1 amir amir 44 Sep 19 15:25
> > screen-q-dhcp.log
> > -> /opt/stack/logs/q-dhcp.log.2015-09-19-150746
> >
> >
> > Thank you for your help and time.
> >
> > Kind regards,
> > Amir
> >
> > On Wed, Oct 14, 2015 at 4:06 PM, James Denton
> > <james.denton at rackspace.com> wrote:
> > Hi Amir,
> >
> > A couple of recommendations:
> >
> > - Your vxlan_group setting has an extra dot at the end
> > that may be causing issues:
> > [ml2_type_vxlan]
> > vxlan_group = 239.0.0.0.
> > - Your [OVS] block has some incorrect options. Use
> > underscores rather than spaces:
> > [ovs]
> > bridge_mappings = public:br-ex
> > local_ip = 192.168.100.100
> > vxlan_udp_port = 8472
> > tunnel type = vxlan
> > tunnel id ranges = 1001:2000
> > tenant network type = vxlan
> > enable tunneling = true
> > - Same goes for [agent] as well:
> > [agent]
> > tunnel_types = vxlan
> > root_helper_daemon =
> > sudo /usr/local/bin/neutron-rootwrap-daemon
> /etc/neutron/rootwrap.conf
> > root_helper =
> > sudo /usr/local/bin/neutron-rootwrap
> /etc/neutron/rootwrap.conf
> > #tunnel_types = vxlan
> > vxlan_udp_port = 8472
> > l2 population = false
> > Start by correcting those issues and restart the OVS
> > agents across your hosts. The agent log may be of help
> > here as well.
> >
> > James
> > On Oct 14, 2015, at 2:38 AM, Amir
> > Huskić <amir.huskic at gmail.com> wrote:
> >
> > Hello,
> >
> > there is also my ml2_conf.ini
> > file:
> https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini
> >
> > Could problem be related to single NIC
> > installation? Is it possible to have
> > same interface for bridge mappings and
> > also for tunnel bridge? Example below:
> >
> > bridge_mappings = public:br-ex
> > integration bridge = br-int
> > tunnel bridge = br-ex
> >
> > Thank you.
> > Regards,
> > Amir
> >
> >
> > On Mon, Oct 12, 2015 at 3:53 PM, Amir
> > Huskić <amir.huskic at gmail.com> wrote:
> > Hi all,
> >
> > I'm trying to setup up
> > Openstack test lab.
> >
> > I deployed Openstack Kilo
> > (Devstack) on PC running
> > Ubuntu LTS 14.02 with single
> > NIC.
> > Tenants are isolated with
> > vxlan networks. I can ping
> > from VMs to external network
> > PCs, SSH login from external
> > PCs to tenants VMs floating IP
> > address, etc.
> >
> > I would like also to connect
> > tenant VMs to external network
> > physical Linux host using
> > vxlan tunnel and have L2
> > connectivity between VM and
> > physical Linux host over L3
> > network.
> >
> > Vxlan interface on Linux
> > physical host is up and
> > running. When I am trying to
> > ping from Linux physical host
> > to Openstack VM (not floating
> > IP) using same subnet L2
> > address (example ping from
> > 192.168.10.10 to
> > 192.168.10.11) UDP packets on
> > port 8472 are coming to
> > Openstack br-ex interface with
> > ARP request.
> >
> > Problem is that I can't setup
> > vxlan tunnel on Openstack.
> > Command "sudo ovs-vsctl show"
> > doesn't show any vxlan
> > tunnels.
> > Also when I try to ping from
> > VM to Linux host using L2 IP
> > address (ping from
> > 192.168.10.11 to
> > 192.168.10.10) tcpdump on
> > br-ex doesn't show anything.
> >
> > My ml2_conf.ini files is
> > configured following this
> > guide:
> >
> http://www.opencloudblog.com/?p=300
> >
> > Thanks in advance for your
> > help,
> >
> > Regards,
> > Amir
> >
> >
> _______________________________________________
> > Mailing list:
> >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to :
> > openstack at lists.openstack.org
> > Unsubscribe :
> >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> >
> > _______________________________________________
> > Mailing list:
> >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe :
> >
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > _______________________________________________
> > Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to : openstack at lists.openstack.org
> > Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151112/f3d59fb6/attachment.html>
More information about the Openstack
mailing list