[Openstack] Openstack Kilo Vxlan tunnel single NIC setup

Akash Gunjal akgunjal at in.ibm.com
Mon Oct 19 10:36:56 UTC 2015


Hi Amir,

One point to check is the security rules set in your controller. Check if
you have set the ingress/egress rules set for ICMP protocol (ping) which
will otherwise block traffic from external hosts to the tenant VM.

Regards,
Akash



From:	yatin kumbhare <yatinkumbhare at gmail.com>
To:	Amir Huskić <amir.huskic at gmail.com>
Cc:	"openstack at lists.openstack.org" <openstack at lists.openstack.org>
Date:	10/19/2015 03:56 PM
Subject:	Re: [Openstack] Openstack Kilo Vxlan tunnel single NIC setup



Hi Amir,

Not quite sure, as I haven't tried such a thing.

but IMHO, you might require l2-gateway.

Kind of this: https://www.youtube.com/watch?v=74Wfr4myf5k

Regards,
Yatin

On Mon, Oct 19, 2015 at 4:35 AM, Amir Huskić <amir.huskic at gmail.com> wrote:
  Hello James,

  I use underscores in ml2 config file as You suggested. Also made some
  changes in config file. Here is available:
  https://www.dropbox.com/s/fuzwiyuyfngyyl2/ml2_conf.ini?dl=0

  Summary:
  - can ping from OS host to external gw and external linux host
  - can ping from tenant VM to external gw and external linux host
  - can't ping OS host and tenant VM floating IP from external linux host
  - tcpdump on br-ex and eth0 interface is showing arp request during ping
  request from linux external host using vxlan segment

  For additional info please check info from CLI screen here:
  https://www.dropbox.com/s/fv5hen4jbo6fmby/CLI_debug.txt?dl=0

  Accidently I deleted symbolic link in log files pointing to agent log.
  Unfortunately I don't know how to create it again with proper
  permissions. I tried with chmod and chown using reference command but
  without much success.

  lrwxrwxrwx  1 amir amir        43 Sep 19 15:26 screen-n-sch.log ->
  /opt/stack/logs/n-sch.log.2015-09-19-150746
  -rw-r--r--  1 amir amir 245730291 Okt 18 14:00 screen-q-agt.log
  lrwxrwxrwx  1 amir amir        44 Sep 19 15:25 screen-q-dhcp.log ->
  /opt/stack/logs/q-dhcp.log.2015-09-19-150746


  Thank you for your help and time.

  Kind regards,
  Amir
  
  
  


  On Wed, Oct 14, 2015 at 4:06 PM, James Denton <james.denton at rackspace.com
  > wrote:
   Hi Amir,

   A couple of recommendations:

   - Your vxlan_group setting has an extra dot at the end that may be
   causing issues:
   [ml2_type_vxlan]
   vxlan_group = 239.0.0.0.
   - Your [OVS] block has some incorrect options. Use underscores rather
   than spaces:
   [ovs]
   bridge_mappings = public:br-ex
   local_ip = 192.168.100.100
   vxlan_udp_port = 8472
   tunnel type = vxlan
   tunnel id ranges = 1001:2000
   tenant network type = vxlan
   enable tunneling = true
   - Same goes for [agent] as well:
   [agent]
   tunnel_types = vxlan
   root_helper_daemon =
   sudo /usr/local/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
   root_helper =
   sudo /usr/local/bin/neutron-rootwrap /etc/neutron/rootwrap.conf
   #tunnel_types = vxlan
   vxlan_udp_port = 8472
   l2 population = false
   Start by correcting those issues and restart the OVS agents across your
   hosts. The agent log may be of help here as well.

   James

         On Oct 14, 2015, at 2:38 AM, Amir Huskić <amir.huskic at gmail.com>
         wrote:

         Hello,

         there is also my ml2_conf.ini file:
         https://dl.dropboxusercontent.com/u/4298410/ml2_conf.ini

         Could problem be related to single NIC installation? Is it
         possible to have same interface for bridge mappings and also for
         tunnel bridge? Example below:

         bridge_mappings = public:br-ex
         integration bridge = br-int
         tunnel bridge = br-ex

         Thank you.
         Regards,
         Amir


         On Mon, Oct 12, 2015 at 3:53 PM, Amir Huskić <
         amir.huskic at gmail.com> wrote:
           Hi all,

           I'm trying to setup up Openstack test lab.

           I deployed Openstack Kilo (Devstack) on PC running Ubuntu LTS
           14.02 with single NIC.
           Tenants are isolated with vxlan networks. I can ping from VMs to
           external network PCs, SSH login from external PCs to tenants VMs
           floating IP address, etc.

           I would like also to connect tenant VMs to external network
           physical Linux host using vxlan tunnel and have L2 connectivity
           between VM and physical Linux host over L3 network.

           Vxlan interface on Linux physical host is up and running. When I
           am trying to ping from Linux physical host to Openstack VM (not
           floating IP) using same subnet L2 address (example ping from
           192.168.10.10 to 192.168.10.11) UDP packets on port 8472 are
           coming to Openstack br-ex interface with ARP request.

           Problem is that I can't setup vxlan tunnel on Openstack.
           Command "sudo ovs-vsctl show" doesn't show any vxlan tunnels.
           Also when I try to ping from VM to Linux host using L2 IP
           address (ping from 192.168.10.11 to 192.168.10.10) tcpdump on
           br-ex doesn't show anything.

           My ml2_conf.ini files is configured following this guide:
           http://www.opencloudblog.com/?p=300

           Thanks in advance for your help,

           Regards,
           Amir

         _______________________________________________
         Mailing list:
         http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
         Post to     : openstack at lists.openstack.org
         Unsubscribe :
         http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack



  _______________________________________________
  Mailing list:
  http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
  Post to     : openstack at lists.openstack.org
  Unsubscribe :
  http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151019/5410ef9c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151019/5410ef9c/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ecblank.gif
Type: image/gif
Size: 45 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20151019/5410ef9c/attachment-0001.gif>


More information about the Openstack mailing list