[Openstack] Please help!!!!Openvswitch attacked by ICMP!!!!!!!
sammiestoel at gmail.com
Fri Sep 18 04:21:45 UTC 2015
You should not use dhcp on br-ex. OpenStack will setup the ip for you when
you create the neutron provider network and neutron router. I am in the
same campus as you and can share you how to setup the network later face to
face if you want.
Following document will be helpful to understand this scenario:
On Sep 18, 2015 10:27 AM, "applyhhj" <applyhhj at 163.com> wrote:
> Thank you for your reply. One more thing, I actually use "dhclient br-ex"
> to get ip from dhcp server of our campus network. Is it ok to do so?
> Because some people think I should not assign IP to the br-ex bridge. But
> in this case, the whole openstack network is not able to access to the
> outside internet.
> *发件人：*Erdősi Péter <fazy at niif.hu>
> *发送时间：*2015-09-18 02:05
> *主题：*Re: [Openstack] Please help!!!!Openvswitch attacked by ICMP!!!!!!!
> *收件人：*"applyhhj"<applyhhj at 163.com>,"openstack"<
> openstack at lists.openstack.org>
> 2015.09.17. 17:55 keltezéssel, applyhhj írta:
> I am using ubuntu 15.04 and I am following Guidance for ubuntu 14.04.
> Configuration for eth2 is:
> # external network interface
> auto eth2
> iface eth2 inet manual
> up ip link set dev $IFACE up
> down ip link set dev $IFACE down
> By the way ther is no ip in eth2 after bridging it to br-ex.
> It's totally normal... you do not need IP to br-ex, or eth2...
> Try to imagine this:
> You have a (virtual) switch, and you have ports on that...
> Your goal is, give internet access to machines, which "plugged" on this
> ports in the switch...
> In the real life, you have to use an "uplink" port, where packet goes,
> when the other machine is not directly connected to switch...
> The eth2 - br-ex situation is all the same... You have a switch, and your
> uplink connection will be the eth2 interface the port is the br-ex, and you
> put it togather, which does not require any layer 3 setup, only the L2...
> (port is up, and capable to forward ethernet frames)
> That's why you only pull up the interface without IP address, cause nobody
> never needs direct connection from eth2 to neutron host (you possibly have
> management network for that)
> Overall, i think, your configuration is good with eth2 and br-ex, without
> If I were you, I start to check traffic on all interface (on network node,
> and qrouters also) and figure out, how this packet came from, and what they
> want to reach... (not based on IP, only follow the ICMP traffic path with
> For example:
> If your packets goes from/to Internet from/to any VM, you must see traffic
> on eth2 and br-ex, and that traffic also can be found in one of the
> qrouters, and somewhere beetween compute and neutron node (based on
> isolation, what you choosen before)
> Start a few tcpdump, and track it down :)
> Mailing list:
> Post to : openstack at lists.openstack.org
> Unsubscribe :
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openstack