[Openstack] Openstack Digest, Vol 32, Issue 18

Khushbu Parakh khushbuparakh at hotmail.com
Wed Feb 17 13:45:58 UTC 2016


Hi,
I am khushbu an GSOC applicant.  So I want help knowing more about this bug. https://blueprints.launchpad.net/zaqar/+spec/prefix-queue-paginationor some documentation like what exactly they mean or how to approach and the link to repo we need to make changes as I am new to this project.

Regards,
Khushbu ParakhArya College Of Engineering and ITLinkedin: http://linkedin.com/in/khushbuparakhabout.me/khushbu.parakh
 				 



> From: openstack-request at lists.openstack.org
> Subject: Openstack Digest, Vol 32, Issue 18
> To: openstack at lists.openstack.org
> Date: Wed, 17 Feb 2016 12:00:04 +0000
> 
> Send Openstack mailing list submissions to
> 	openstack at lists.openstack.org
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> or, via email, send a message with subject or body 'help' to
> 	openstack-request at lists.openstack.org
> 
> You can reach the person managing the list at
> 	openstack-owner at lists.openstack.org
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Openstack digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: [OpenStack] [CINDER] how to get updated pool info when
>       multi users create volumes on pool configured? (yang, xing)
>    2. Guest networking and magic IP (Andre Goree)
>    3. Nexus 9K - Nexus: Segment is an invalid type or not	supported
>       by this driver?? (Michael Gale)
>    4. Re: Nexus 9K - Nexus: Segment is an invalid type or	not
>       supported by this driver?? (Anthony T CHOW)
>    5. Re: Nexus 9K - Nexus: Segment is an invalid type or not
>       supported by this driver?? (Michael Gale)
>    6. Re: Virtual Firewall Appliance (Martinx - ?????)
>    7. Re: Nexus 9K - Nexus: Segment is an invalid type or not
>       supported by this driver?? (Anthony T CHOW)
>    8. add an extra external network (Priyanka)
>    9. Re: add an extra external network (Erik McCormick)
>   10. Re: Guest networking and magic IP (Tomas Vondra)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Tue, 16 Feb 2016 18:47:34 +0000
> From: "yang, xing" <xing.yang at emc.com>
> To: Dilip Sunkum Manjunath <Dilip.SunkumManjunath at toshiba-tsip.com>
> Cc: "itzdilip at gmail.com" <itzdilip at gmail.com>,
> 	"openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: Re: [Openstack] [OpenStack] [CINDER] how to get updated pool
> 	info when multi users create volumes on pool configured?
> Message-ID: <875B4123-013F-4924-B9BD-CAF125925F09 at emc.com>
> Content-Type: text/plain; charset="us-ascii"
> 
> Sounds good.  Let me know how it goes.  
> 
> Thanks Dilip,
> Xing
> 
> 
> > On Feb 16, 2016, at 1:21 AM, Dilip Sunkum Manjunath <Dilip.SunkumManjunath at toshiba-tsip.com> wrote:
> > 
> > Hi Xing,
> > 
> > 
> > Thanks for replay,
> > 
> > 
> > 
> > I tried because the use case was to support both in single pool.
> > 
> > I was thinking in same as to read the volume type in scheduler,  however since it is a new requirement that affects everyone it might not be good to change now.
> > 
> > I shall try with the other approach pools for thin /thick and update you.
> > 
> > 
> > Thanks
> > Dilip
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > -----Original Message-----
> > From: yang, xing [mailto:xing.yang at emc.com] 
> > Sent: Friday, February 12, 2016 12:42 PM
> > To: Dilip Sunkum Manjunath
> > Cc: openstack at lists.openstack.org; itzdilip at gmail.com
> > Subject: Re: [OpenStack] [CINDER] how to get updated pool info when multi users create volumes on pool configured?
> > 
> > Hi Dilip,
> > 
> > I see.  If thin_provisioning is true and max_over_subscription_ratio is valid, the scheduler will treat it as thin provisioning.  We do not prevent driver from reporting both thin and thick support to be true.  However, I think we need to make a change.
> > 
> > I suggest that you have one pool for thin and the other one for thick but don't report both thin and thick support from the same pool.  That will avoid this problem.
> > 
> > Another possible alternative is to require thin/thick provisioning to be in extra specs and use that info in the scheduler, however that will be a new requirement that affects everyone.  So I am not in favor of that approach.
> > 
> > Can you use one pool for thin and another for thick in your testing?
> > 
> > Thanks,
> > Xing
> > 
> > 
> > 
> >> On Feb 12, 2016, at 12:05 AM, Dilip Sunkum Manjunath <Dilip.SunkumManjunath at toshiba-tsip.com> wrote:
> >> 
> >> max_over_subscription_ratio
> > The information contained in this e-mail message and in any
> > attachments/annexure/appendices is confidential to the 
> > recipient and may contain privileged information. 
> > If you are not the intended recipient, please notify the
> > sender and delete the message along with any 
> > attachments/annexure/appendices. You should not disclose,
> > copy or otherwise use the information contained in the
> > message or any annexure. Any views expressed in this e-mail 
> > are those of the individual sender except where the sender 
> > specifically states them to be the views of 
> > Toshiba Software India Pvt. Ltd. (TSIP),Bangalore.
> > 
> > Although this transmission and any attachments are believed to be
> > free of any virus or other defect that might affect any computer 
> > system into which it is received and opened, it is the responsibility
> > of the recipient to ensure that it is virus free and no responsibility 
> > is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or
> > damage arising in any way from its use.
> > 
> 
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Tue, 16 Feb 2016 15:37:06 -0500
> From: Andre Goree <andre at drenet.net>
> To: openstack at lists.openstack.org
> Subject: [Openstack] Guest networking and magic IP
> Message-ID: <2ae919336ea558e2c957b3c6121f7d07 at drenet.net>
> Content-Type: text/plain; charset=US-ASCII; format=flowed
> 
> I have some questions regarding the way that networking is handled via 
> qemu/kvm+libvirt, namely I'm trying to replicate OpenStack's use of the 
> magic IP on newly spun-up instances.  My apologies in advance if this is 
> not the proper mailing list for such a question.  I've already been to 
> the libvirt mailing list, but to no avail.
> 
> I am trying to determine how exactly I can manipulate traffic from a 
> _guest's_ NIC using iptables on the _host_.  On the host, there is a 
> bridged virtual NIC that corresponds to the guest's NIC.  That interface 
> does not have an IP setup on it on the host, however within the vm 
> itself the IP is configured and everything works as expected.  I was 
> told on the libvirt list that nwfilter handles things like this, but 
> after further discussion was able to determine that nwfilter does NOT 
> handle a situation in which one would redirect traffic destined for one 
> IP to another IP -- a situation that iptables would normally handle.
> 
> I'm wondering, in that case, how OpenStack is (seemingly) "magically" 
> making this happen?  Because libvirt (via nwfilter) handles outbound 
> traffic produced by a guest system (and thus, that traffic does not 
> traverse iptables) that there would be no way to facilitate this...but 
> as we all know, OpenStack does it :)
> 
> Any insight or pointing in the right direction would be so helpful, 
> thanks in advance!
> 
> 
> -- 
> Andre Goree
> -=-=-=-=-=-
> Email     - andre at drenet.net
> Website   - http://www.drenet.net
> PGP key   - http://www.drenet.net/pubkey.txt
> -=-=-=-=-=-
> 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Tue, 16 Feb 2016 13:41:44 -0700
> From: Michael Gale <gale.michael at gmail.com>
> To: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: [Openstack] Nexus 9K - Nexus: Segment is an invalid type or
> 	not	supported by this driver??
> Message-ID:
> 	<CA+YXe5kNKqJjjtbX69x4qoPFpzVQ2DYj6ZBuDnsh0p2mVJbcvw at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> 
> Hello,
> 
>     I am having issues getting my Liberty environment working with VXLAN
> and N9K.
> 
> Currently I am getting the following errors in the logs on startup:
> --snip--
> 2016-02-16 13:18:42.097 595 WARNING
> networking_cisco.plugins.ml2.drivers.cisco.nexus.mech_cisco_nexus
> [req-825a9891-0467-4958-86ca-c98486a7bf52 - - - - -] Nexus: Segment is an
> invalid type or not supported by this driv
> er. Network type = vxlan Physical network = None. Event not processed.
> --snip--
> 
> When trying to launch an instance:
> --snip--
> ERROR neutron.plugins.ml2.managers
> [req-d15ab080-7aa4-46e5-a5c3-b62a13c5646d d2b4e18cf27d41418845439f5d788523
> eaa185709c79477fa1e3edfffa4e4c7f - - -] Failed to bind port
> 9b32f0e7-6b5b-4ced-84b7-262ea12e090c on host compute1
> 
> Nexus: Segment is None, Event not processed
> --snip--
> 
> I am assuming I am missing something in the configuration file however I
> can't figure it out. Any help is greatly appreciated.
> 
> Thanks
> Michael
> 
> Here is my ml2_conf.ini
> 
> --snip--
> # ML2 general
> [ml2]
> type_drivers = flat,vlan,nexus_vxlan,local
> tenant_network_types = nexus_vxlan
> mechanism_drivers = linuxbridge,l2population,cisco_nexus
> extension_drivers = port_security
> path_mtu = 0
> segment_mtu = 0
> 
> 
> 
> # ML2 VLAN networks
> [ml2_type_vlan]
> network_vlan_ranges = physeth1:100:163
> 
> [ml2_mech_cisco_nexus:10.92.192.45]
> infra1_neutron_agents_container-ee5293cb=1/17
> infra1_neutron_server_container-ed083568=1/17
> infra2_neutron_agents_container-65f32f70=1/18
> infra2_neutron_server_container-1e0b996b=1/18
> infra3_neutron_agents_container-2faafbe7=1/19
> infra3_neutron_server_container-9eabc975=1/19
> compute1=1/21
> compute2=1/22
> username=openstack
> password=foo123
> ssh_port=22
> physnet=physeth1
> 
> [ml2_mech_cisco_nexus:10.92.192.46]
> infra1_neutron_agents_container-ee5293cb=1/17
> infra1_neutron_server_container-ed083568=1/17
> infra2_neutron_agents_container-65f32f70=1/18
> infra2_neutron_server_container-1e0b996b=1/18
> infra3_neutron_agents_container-2faafbe7=1/19
> infra3_neutron_server_container-9eabc975=1/19
> compute1=1/21
> compute2=1/22
> username=openstack
> password=foo123
> ssh_port=22
> physnet=physeth1
> 
> # ML2 VXLAN networks
> [ml2_type_vxlan]
> vxlan_group =
> vni_ranges = 1:1000
> 
> [ml2_type_nexus_vxlan]
> # Comma-separated list of <vni_min>:<vni_max> tuples enumerating
> # ranges of VXLAN VNI IDs that are available for tenant network allocation.
> vni_ranges=50000:55000
> 
> # Multicast groups for the VXLAN interface. When configured, will
> # enable sending all broadcast traffic to this multicast group. Comma
> separated
> # list of min:max ranges of multicast IP's
> # NOTE: must be a valid multicast IP, invalid IP's will be discarded
> mcast_ranges=225.1.1.1:225.1.1.2
> 
> # Security groups
> [securitygroup]
> enable_security_group = True
> enable_ipset = True
> 
> --snip--
> 
> 
> and my linuxbridge_agent.ini:
> --snip--
> # Linux bridge agent physical interface mappings
> [linux_bridge]
> 
> physical_interface_mappings = physeth1:eth11
> 
> # Linux bridge agent VXLAN networks
> [vxlan]
> 
> enable_vxlan = True
> vxlan_group =
> # VXLAN local tunnel endpoint
> local_ip = 10.96.2.141
> l2_population = True
> 
> 
> # Agent
> [agent]
> prevent_arp_spoofing = False
> 
> # Security groups
> [securitygroup]
> firewall_driver =
> neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
> enable_security_group = True
> 
> --snip--
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160216/8ddf820d/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 4
> Date: Tue, 16 Feb 2016 20:53:44 +0000
> From: Anthony T CHOW <anthony.chow at al-enterprise.com>
> To: Michael Gale <gale.michael at gmail.com>,
> 	"openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: Re: [Openstack] Nexus 9K - Nexus: Segment is an invalid type
> 	or	not	supported by this driver??
> Message-ID:
> 	<HE1PR08MB0427E643C54E32D3B2557626D6AD0 at HE1PR08MB0427.eurprd08.prod.outlook.com>
> 	
> Content-Type: text/plain; charset="utf-8"
> 
> Michael,
> 
> Are you using Linux Bridge or OvS?
> 
> There is a bug report: Linux bridge does not work with cisco_nexus ml2 plugins
> 
> https://bugs.launchpad.net/networking-cisco/+bug/1421024
> 
> anthony.
> 
> From: Michael Gale [mailto:gale.michael at gmail.com]
> Sent: Tuesday, February 16, 2016 12:42 PM
> To: openstack at lists.openstack.org
> Subject: [Openstack] Nexus 9K - Nexus: Segment is an invalid type or not supported by this driver??
> 
> Hello,
> 
>     I am having issues getting my Liberty environment working with VXLAN and N9K.
> 
> Currently I am getting the following errors in the logs on startup:
> --snip--
> 2016-02-16 13:18:42.097 595 WARNING networking_cisco.plugins.ml2.drivers.cisco.nexus.mech_cisco_nexus [req-825a9891-0467-4958-86ca-c98486a7bf52 - - - - -] Nexus: Segment is an invalid type or not supported by this driv
> er. Network type = vxlan Physical network = None. Event not processed.
> --snip--
> 
> When trying to launch an instance:
> --snip--
> ERROR neutron.plugins.ml2.managers [req-d15ab080-7aa4-46e5-a5c3-b62a13c5646d d2b4e18cf27d41418845439f5d788523 eaa185709c79477fa1e3edfffa4e4c7f - - -] Failed to bind port 9b32f0e7-6b5b-4ced-84b7-262ea12e090c on host compute1
> 
> Nexus: Segment is None, Event not processed
> --snip--
> 
> I am assuming I am missing something in the configuration file however I can't figure it out. Any help is greatly appreciated.
> 
> Thanks
> Michael
> 
> Here is my ml2_conf.ini
> 
> --snip--
> # ML2 general
> [ml2]
> type_drivers = flat,vlan,nexus_vxlan,local
> tenant_network_types = nexus_vxlan
> mechanism_drivers = linuxbridge,l2population,cisco_nexus
> extension_drivers = port_security
> path_mtu = 0
> segment_mtu = 0
> 
> 
> 
> # ML2 VLAN networks
> [ml2_type_vlan]
> network_vlan_ranges = physeth1:100:163
> 
> [ml2_mech_cisco_nexus:10.92.192.45]
> infra1_neutron_agents_container-ee5293cb=1/17
> infra1_neutron_server_container-ed083568=1/17
> infra2_neutron_agents_container-65f32f70=1/18
> infra2_neutron_server_container-1e0b996b=1/18
> infra3_neutron_agents_container-2faafbe7=1/19
> infra3_neutron_server_container-9eabc975=1/19
> compute1=1/21
> compute2=1/22
> username=openstack
> password=foo123
> ssh_port=22
> physnet=physeth1
> 
> [ml2_mech_cisco_nexus:10.92.192.46]
> infra1_neutron_agents_container-ee5293cb=1/17
> infra1_neutron_server_container-ed083568=1/17
> infra2_neutron_agents_container-65f32f70=1/18
> infra2_neutron_server_container-1e0b996b=1/18
> infra3_neutron_agents_container-2faafbe7=1/19
> infra3_neutron_server_container-9eabc975=1/19
> compute1=1/21
> compute2=1/22
> username=openstack
> password=foo123
> ssh_port=22
> physnet=physeth1
> 
> # ML2 VXLAN networks
> [ml2_type_vxlan]
> vxlan_group =
> vni_ranges = 1:1000
> 
> [ml2_type_nexus_vxlan]
> # Comma-separated list of <vni_min>:<vni_max> tuples enumerating
> # ranges of VXLAN VNI IDs that are available for tenant network allocation.
> vni_ranges=50000:55000
> 
> # Multicast groups for the VXLAN interface. When configured, will
> # enable sending all broadcast traffic to this multicast group. Comma separated
> # list of min:max ranges of multicast IP's
> # NOTE: must be a valid multicast IP, invalid IP's will be discarded
> mcast_ranges=225.1.1.1:225.1.1.2
> 
> # Security groups
> [securitygroup]
> enable_security_group = True
> enable_ipset = True
> 
> --snip--
> 
> 
> and my linuxbridge_agent.ini:
> --snip--
> # Linux bridge agent physical interface mappings
> [linux_bridge]
> 
> physical_interface_mappings = physeth1:eth11
> 
> # Linux bridge agent VXLAN networks
> [vxlan]
> 
> enable_vxlan = True
> vxlan_group =
> # VXLAN local tunnel endpoint
> local_ip = 10.96.2.141
> l2_population = True
> 
> 
> # Agent
> [agent]
> prevent_arp_spoofing = False
> 
> # Security groups
> [securitygroup]
> firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
> enable_security_group = True
> 
> --snip--
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160216/98b7c0f7/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 5
> Date: Tue, 16 Feb 2016 13:57:26 -0700
> From: Michael Gale <gale.michael at gmail.com>
> To: Anthony T CHOW <anthony.chow at al-enterprise.com>
> Cc: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: Re: [Openstack] Nexus 9K - Nexus: Segment is an invalid type
> 	or not supported by this driver??
> Message-ID:
> 	<CA+YXe5mkM+oB-yYGHv-0A4ahqj+MOkQ-ap423tWYvcR2nhY+9w at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> 
> Hello,
> 
>     I am using Linux Bridge, I did see that bug report however it is marked
> as a duplicate of: https://bugs.launchpad.net/neutron/+bug/1433461 which
> indicates the issue was fixed in kilo. If I understand the report correctly.
> 
> Michael
> 
> On Tue, Feb 16, 2016 at 1:53 PM, Anthony T CHOW <
> anthony.chow at al-enterprise.com> wrote:
> 
> > Michael,
> >
> >
> >
> > Are you using Linux Bridge or OvS?
> >
> >
> >
> > There is a bug report: *Linux bridge does not work with cisco_nexus ml2
> > plugins*
> >
> >
> >
> > https://bugs.launchpad.net/networking-cisco/+bug/1421024
> >
> >
> >
> > anthony.
> >
> >
> >
> > *From:* Michael Gale [mailto:gale.michael at gmail.com]
> > *Sent:* Tuesday, February 16, 2016 12:42 PM
> > *To:* openstack at lists.openstack.org
> > *Subject:* [Openstack] Nexus 9K - Nexus: Segment is an invalid type or
> > not supported by this driver??
> >
> >
> >
> > Hello,
> >
> >
> >
> >     I am having issues getting my Liberty environment working with VXLAN
> > and N9K.
> >
> >
> >
> > Currently I am getting the following errors in the logs on startup:
> >
> > --snip--
> >
> > 2016-02-16 13:18:42.097 595 WARNING
> > networking_cisco.plugins.ml2.drivers.cisco.nexus.mech_cisco_nexus
> > [req-825a9891-0467-4958-86ca-c98486a7bf52 - - - - -] Nexus: Segment is an
> > invalid type or not supported by this driv
> >
> > er. Network type = vxlan Physical network = None. Event not processed.
> >
> > --snip--
> >
> >
> >
> > When trying to launch an instance:
> >
> > --snip--
> >
> > ERROR neutron.plugins.ml2.managers
> > [req-d15ab080-7aa4-46e5-a5c3-b62a13c5646d d2b4e18cf27d41418845439f5d788523
> > eaa185709c79477fa1e3edfffa4e4c7f - - -] Failed to bind port
> > 9b32f0e7-6b5b-4ced-84b7-262ea12e090c on host compute1
> >
> >
> >
> > Nexus: Segment is None, Event not processed
> >
> > --snip--
> >
> >
> >
> > I am assuming I am missing something in the configuration file however I
> > can't figure it out. Any help is greatly appreciated.
> >
> >
> >
> > Thanks
> >
> > Michael
> >
> >
> >
> > Here is my ml2_conf.ini
> >
> >
> >
> > --snip--
> >
> > # ML2 general
> >
> > [ml2]
> >
> > type_drivers = flat,vlan,nexus_vxlan,local
> >
> > tenant_network_types = nexus_vxlan
> >
> > mechanism_drivers = linuxbridge,l2population,cisco_nexus
> >
> > extension_drivers = port_security
> >
> > path_mtu = 0
> >
> > segment_mtu = 0
> >
> >
> >
> >
> >
> >
> >
> > # ML2 VLAN networks
> >
> > [ml2_type_vlan]
> >
> > network_vlan_ranges = physeth1:100:163
> >
> >
> >
> > [ml2_mech_cisco_nexus:10.92.192.45]
> >
> > infra1_neutron_agents_container-ee5293cb=1/17
> >
> > infra1_neutron_server_container-ed083568=1/17
> >
> > infra2_neutron_agents_container-65f32f70=1/18
> >
> > infra2_neutron_server_container-1e0b996b=1/18
> >
> > infra3_neutron_agents_container-2faafbe7=1/19
> >
> > infra3_neutron_server_container-9eabc975=1/19
> >
> > compute1=1/21
> >
> > compute2=1/22
> >
> > username=openstack
> >
> > password=foo123
> >
> > ssh_port=22
> >
> > physnet=physeth1
> >
> >
> >
> > [ml2_mech_cisco_nexus:10.92.192.46]
> >
> > infra1_neutron_agents_container-ee5293cb=1/17
> >
> > infra1_neutron_server_container-ed083568=1/17
> >
> > infra2_neutron_agents_container-65f32f70=1/18
> >
> > infra2_neutron_server_container-1e0b996b=1/18
> >
> > infra3_neutron_agents_container-2faafbe7=1/19
> >
> > infra3_neutron_server_container-9eabc975=1/19
> >
> > compute1=1/21
> >
> > compute2=1/22
> >
> > username=openstack
> >
> > password=foo123
> >
> > ssh_port=22
> >
> > physnet=physeth1
> >
> >
> >
> > # ML2 VXLAN networks
> >
> > [ml2_type_vxlan]
> >
> > vxlan_group =
> >
> > vni_ranges = 1:1000
> >
> >
> >
> > [ml2_type_nexus_vxlan]
> >
> > # Comma-separated list of <vni_min>:<vni_max> tuples enumerating
> >
> > # ranges of VXLAN VNI IDs that are available for tenant network allocation.
> >
> > vni_ranges=50000:55000
> >
> >
> >
> > # Multicast groups for the VXLAN interface. When configured, will
> >
> > # enable sending all broadcast traffic to this multicast group. Comma
> > separated
> >
> > # list of min:max ranges of multicast IP's
> >
> > # NOTE: must be a valid multicast IP, invalid IP's will be discarded
> >
> > mcast_ranges=225.1.1.1:225.1.1.2
> >
> >
> >
> > # Security groups
> >
> > [securitygroup]
> >
> > enable_security_group = True
> >
> > enable_ipset = True
> >
> >
> >
> > --snip--
> >
> >
> >
> >
> >
> > and my linuxbridge_agent.ini:
> >
> > --snip--
> >
> > # Linux bridge agent physical interface mappings
> >
> > [linux_bridge]
> >
> >
> >
> > physical_interface_mappings = physeth1:eth11
> >
> >
> >
> > # Linux bridge agent VXLAN networks
> >
> > [vxlan]
> >
> >
> >
> > enable_vxlan = True
> >
> > vxlan_group =
> >
> > # VXLAN local tunnel endpoint
> >
> > local_ip = 10.96.2.141
> >
> > l2_population = True
> >
> >
> >
> >
> >
> > # Agent
> >
> > [agent]
> >
> > prevent_arp_spoofing = False
> >
> >
> >
> > # Security groups
> >
> > [securitygroup]
> >
> > firewall_driver =
> > neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
> >
> > enable_security_group = True
> >
> >
> >
> > --snip--
> >
> >
> >
> 
> 
> 
> -- 
> 
> ?The Man who says he can, and the man who says he can not.. Are both
> correct?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160216/ed5bd571/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 6
> Date: Tue, 16 Feb 2016 20:41:36 -0200
> From: Martinx - ?????  <thiagocmartinsc at gmail.com>
> To: Georgios Dimitrakakis <giorgis at acmac.uoc.gr>
> Cc: Openstack <openstack at lists.openstack.org>
> Subject: Re: [Openstack] Virtual Firewall Appliance
> Message-ID:
> 	<CAJSM8J2tizFp5wgk8CffDvXm05pZpEqLktLC0iw_LvGcjipcgg at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> 
> I don't think that you'll be able to do that in IceHouse, neither on Juno.
> 
> Only Kilo and Liberty have a native function to disable the port_security
> per port. Without it, OpenStack Neutron (and also Nova Network, I guess)
> will not allow the firewall Instance to work correctly. It will not see any
> packets that are not destined to it and also, it will not be able to
> forward packets, because the Neutron (and Nova Network), will drop the
> packets soon as it leaves the firewall Instance.
> 
> I'm not aware of a solution nice for IceHouse...
> 
> On 16 February 2016 at 06:26, Georgios Dimitrakakis <giorgis at acmac.uoc.gr>
> wrote:
> 
> > Mark and Martinx thank you both for your suggestions.
> >
> > I had tried to build PFSense in the past but without success.
> >
> > Indeed my goal is to run the virtual firewall as an instance since I am on
> > an older OpenStack version (IceHouse) with nova-networking and therefore I
> > cannot have control over the outgoing connections.
> >
> > Regards,
> >
> > G.
> >
> >
> > For running it as an Instance?
> >>
> >> You can try:
> >>
> >> - PFSense;
> >>
> >> - Zentyal;
> >>
> >> However, youll need to make use of the Neutron feature called
> >> "port_security_enabled = false" for the vNIC attached to the
> >> "internal" subnet (behind the firewall).
> >>
> >> Just a curiosity, why dont you use the Neutron native firewall that
> >> resides on each L3 Router?
> >>
> >> On 15 February 2016 at 15:56, Georgios Dimitrakakis  wrote:
> >>
> >> Hi!
> >>>
> >>> Can anyone suggest me of a virtual firewall appliance which is
> >>> compatible with OpenStack?
> >>>
> >>> Best regards,
> >>>
> >>> G.
> >>>
> >>> _______________________________________________
> >>> Mailing list:
> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [1]
> >>> Post to     : openstack at lists.openstack.org [2]
> >>> Unsubscribe :
> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [3]
> >>>
> >>
> >>
> >>
> >> Links:
> >> ------
> >> [1] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >> [2] mailto:openstack at lists.openstack.org
> >> [3] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >> [4] mailto:giorgis at acmac.uoc.gr
> >>
> >
> > _______________________________________________
> > Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to     : openstack at lists.openstack.org
> > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160216/584d71dd/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 7
> Date: Tue, 16 Feb 2016 22:43:06 +0000
> From: Anthony T CHOW <anthony.chow at al-enterprise.com>
> To: Michael Gale <gale.michael at gmail.com>
> Cc: "openstack at lists.openstack.org" <openstack at lists.openstack.org>
> Subject: Re: [Openstack] Nexus 9K - Nexus: Segment is an invalid type
> 	or not supported by this driver??
> Message-ID:
> 	<HE1PR08MB04270ADF6A8AF33DB00201FED6AD0 at HE1PR08MB0427.eurprd08.prod.outlook.com>
> 	
> Content-Type: text/plain; charset="utf-8"
> 
> Michael,
> 
> I am not a neutron expect but this bug 1433461 does not seem to be a duplicate of 1421024.
> 
> Bug 1433461 is for port binding while 1421024 is for Nexus switch not configured at all.
> 
> This is the fix for 1433461:
> 
> @@ -1337,7 +1337,7 @@ class Ml2Plugin(db_base_plugin_v2.NeutronDbPluginV2,
> 
> 1337<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=2b1c4f121e3e8ba1c5eb2ba6661bf6326e1507c5#n1337>
> 
> updated_port = self._make_port_dict(port)
> 
> 1337<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=355ab2f31cf81575c6e1c0899526177711425428#n1337>
> 
> updated_port = self._make_port_dict(port)
> 
> 1338<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=2b1c4f121e3e8ba1c5eb2ba6661bf6326e1507c5#n1338>
> 
> network = self.get_network(context,
> 
> 1338<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=355ab2f31cf81575c6e1c0899526177711425428#n1338>
> 
> network = self.get_network(context,
> 
> 1339<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=2b1c4f121e3e8ba1c5eb2ba6661bf6326e1507c5#n1339>
> 
> original_port['network_id'])
> 
> 1339<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=355ab2f31cf81575c6e1c0899526177711425428#n1339>
> 
> original_port['network_id'])
> 
> 1340<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=2b1c4f121e3e8ba1c5eb2ba6661bf6326e1507c5#n1340>
> 
> levels = db.get_binding_levels(session, port_id,
> 
> 1340<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=355ab2f31cf81575c6e1c0899526177711425428#n1340>
> 
> levels = db.get_binding_levels(session, port.id,
> 
> 1341<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=2b1c4f121e3e8ba1c5eb2ba6661bf6326e1507c5#n1341>
> 
> port.port_binding.host)
> 
> 1341<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=355ab2f31cf81575c6e1c0899526177711425428#n1341>
> 
> port.port_binding.host)
> 
> 1342<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=2b1c4f121e3e8ba1c5eb2ba6661bf6326e1507c5#n1342>
> 
> mech_context = driver_context.PortContext(
> 
> 1342<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=355ab2f31cf81575c6e1c0899526177711425428#n1342>
> 
> mech_context = driver_context.PortContext(
> 
> 1343<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=2b1c4f121e3e8ba1c5eb2ba6661bf6326e1507c5#n1343>
> 
> self, context, updated_port, network, port.port_binding,
> 
> 1343<https://git.openstack.org/cgit/openstack/neutron/tree/neutron/plugins/ml2/plugin.py?id=355ab2f31cf81575c6e1c0899526177711425428#n1343>
> 
> self, context, updated_port, network, port.port_binding,
> 
> 
> It is to correctly passing the port id to db.get_binding_levels and not just the first 11 characters of the port id.
> 
> I am interested to find out too.
> 
> Anthony.
> 
> From: Michael Gale [mailto:gale.michael at gmail.com]
> Sent: Tuesday, February 16, 2016 12:57 PM
> To: Anthony T CHOW
> Cc: openstack at lists.openstack.org
> Subject: Re: [Openstack] Nexus 9K - Nexus: Segment is an invalid type or not supported by this driver??
> 
> Hello,
> 
>     I am using Linux Bridge, I did see that bug report however it is marked as a duplicate of: https://bugs.launchpad.net/neutron/+bug/1433461 which indicates the issue was fixed in kilo. If I understand the report correctly.
> 
> Michael
> 
> On Tue, Feb 16, 2016 at 1:53 PM, Anthony T CHOW <anthony.chow at al-enterprise.com<mailto:anthony.chow at al-enterprise.com>> wrote:
> Michael,
> 
> Are you using Linux Bridge or OvS?
> 
> There is a bug report: Linux bridge does not work with cisco_nexus ml2 plugins
> 
> https://bugs.launchpad.net/networking-cisco/+bug/1421024
> 
> anthony.
> 
> From: Michael Gale [mailto:gale.michael at gmail.com<mailto:gale.michael at gmail.com>]
> Sent: Tuesday, February 16, 2016 12:42 PM
> To: openstack at lists.openstack.org<mailto:openstack at lists.openstack.org>
> Subject: [Openstack] Nexus 9K - Nexus: Segment is an invalid type or not supported by this driver??
> 
> Hello,
> 
>     I am having issues getting my Liberty environment working with VXLAN and N9K.
> 
> Currently I am getting the following errors in the logs on startup:
> --snip--
> 2016-02-16 13:18:42.097 595 WARNING networking_cisco.plugins.ml2.drivers.cisco.nexus.mech_cisco_nexus [req-825a9891-0467-4958-86ca-c98486a7bf52 - - - - -] Nexus: Segment is an invalid type or not supported by this driv
> er. Network type = vxlan Physical network = None. Event not processed.
> --snip--
> 
> When trying to launch an instance:
> --snip--
> ERROR neutron.plugins.ml2.managers [req-d15ab080-7aa4-46e5-a5c3-b62a13c5646d d2b4e18cf27d41418845439f5d788523 eaa185709c79477fa1e3edfffa4e4c7f - - -] Failed to bind port 9b32f0e7-6b5b-4ced-84b7-262ea12e090c on host compute1
> 
> Nexus: Segment is None, Event not processed
> --snip--
> 
> I am assuming I am missing something in the configuration file however I can't figure it out. Any help is greatly appreciated.
> 
> Thanks
> Michael
> 
> Here is my ml2_conf.ini
> 
> --snip--
> # ML2 general
> [ml2]
> type_drivers = flat,vlan,nexus_vxlan,local
> tenant_network_types = nexus_vxlan
> mechanism_drivers = linuxbridge,l2population,cisco_nexus
> extension_drivers = port_security
> path_mtu = 0
> segment_mtu = 0
> 
> 
> 
> # ML2 VLAN networks
> [ml2_type_vlan]
> network_vlan_ranges = physeth1:100:163
> 
> [ml2_mech_cisco_nexus:10.92.192.45]
> infra1_neutron_agents_container-ee5293cb=1/17
> infra1_neutron_server_container-ed083568=1/17
> infra2_neutron_agents_container-65f32f70=1/18
> infra2_neutron_server_container-1e0b996b=1/18
> infra3_neutron_agents_container-2faafbe7=1/19
> infra3_neutron_server_container-9eabc975=1/19
> compute1=1/21
> compute2=1/22
> username=openstack
> password=foo123
> ssh_port=22
> physnet=physeth1
> 
> [ml2_mech_cisco_nexus:10.92.192.46]
> infra1_neutron_agents_container-ee5293cb=1/17
> infra1_neutron_server_container-ed083568=1/17
> infra2_neutron_agents_container-65f32f70=1/18
> infra2_neutron_server_container-1e0b996b=1/18
> infra3_neutron_agents_container-2faafbe7=1/19
> infra3_neutron_server_container-9eabc975=1/19
> compute1=1/21
> compute2=1/22
> username=openstack
> password=foo123
> ssh_port=22
> physnet=physeth1
> 
> # ML2 VXLAN networks
> [ml2_type_vxlan]
> vxlan_group =
> vni_ranges = 1:1000
> 
> [ml2_type_nexus_vxlan]
> # Comma-separated list of <vni_min>:<vni_max> tuples enumerating
> # ranges of VXLAN VNI IDs that are available for tenant network allocation.
> vni_ranges=50000:55000
> 
> # Multicast groups for the VXLAN interface. When configured, will
> # enable sending all broadcast traffic to this multicast group. Comma separated
> # list of min:max ranges of multicast IP's
> # NOTE: must be a valid multicast IP, invalid IP's will be discarded
> mcast_ranges=225.1.1.1:225.1.1.2
> 
> # Security groups
> [securitygroup]
> enable_security_group = True
> enable_ipset = True
> 
> --snip--
> 
> 
> and my linuxbridge_agent.ini:
> --snip--
> # Linux bridge agent physical interface mappings
> [linux_bridge]
> 
> physical_interface_mappings = physeth1:eth11
> 
> # Linux bridge agent VXLAN networks
> [vxlan]
> 
> enable_vxlan = True
> vxlan_group =
> # VXLAN local tunnel endpoint
> local_ip = 10.96.2.141
> l2_population = True
> 
> 
> # Agent
> [agent]
> prevent_arp_spoofing = False
> 
> # Security groups
> [securitygroup]
> firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
> enable_security_group = True
> 
> --snip--
> 
> 
> 
> 
> --
> 
> ?The Man who says he can, and the man who says he can not.. Are both correct?
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160216/f520c0e4/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 8
> Date: Wed, 17 Feb 2016 10:18:43 +0530
> From: Priyanka <ppnaik at cse.iitb.ac.in>
> To: OpenStack Mailing List <openstack at lists.openstack.org>
> Subject: [Openstack] add an extra external network
> Message-ID: <56C3FBAB.8060106 at cse.iitb.ac.in>
> Content-Type: text/plain; charset=utf-8; format=flowed
> 
> Hi,
> 
> I have an multinode openstack juno setup with VXLAN tunneling. I have an 
> external network ext-net through which I assign  floating IPs to the 
> VMs. I have limited IPs in the external network subnet. I want to assign 
> an additional external network so that I can assign the IPs from this 
> new external network to the new VMs that I create. The VMs are attached 
> to the same internal network demo-net and router demo-router.
> 
> Thanks,
> 
> 
> Priyanka
> 
> 
> 
> ------------------------------
> 
> Message: 9
> Date: Wed, 17 Feb 2016 01:21:13 -0500
> From: Erik McCormick <emccormick at cirrusseven.com>
> To: Priyanka <ppnaik at cse.iitb.ac.in>
> Cc: OpenStack Mailing List <openstack at lists.openstack.org>
> Subject: Re: [Openstack] add an extra external network
> Message-ID:
> 	<CAHUi5cO3817Uu8kuXkYDGBTUqNTVMAuyXUwhuDydip1vwtp9eg at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
> 
> Is the additional IP block contiguous with the existing one or at least on
> the neighbirhood?
> 
> -Erik
> On Feb 17, 2016 12:06 AM, "Priyanka" <ppnaik at cse.iitb.ac.in> wrote:
> 
> > Hi,
> >
> > I have an multinode openstack juno setup with VXLAN tunneling. I have an
> > external network ext-net through which I assign  floating IPs to the VMs. I
> > have limited IPs in the external network subnet. I want to assign an
> > additional external network so that I can assign the IPs from this new
> > external network to the new VMs that I create. The VMs are attached to the
> > same internal network demo-net and router demo-router.
> >
> > Thanks,
> >
> >
> > Priyanka
> >
> > _______________________________________________
> > Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > Post to     : openstack at lists.openstack.org
> > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160217/69a5aace/attachment-0001.html>
> 
> ------------------------------
> 
> Message: 10
> Date: Wed, 17 Feb 2016 11:02:24 +0000 (UTC)
> From: Tomas Vondra <vondra at czech-itc.cz>
> To: openstack at lists.openstack.org
> Subject: Re: [Openstack] Guest networking and magic IP
> Message-ID: <loom.20160217T115824-638 at post.gmane.org>
> Content-Type: text/plain; charset=us-ascii
> 
> Andre Goree <andre at ...> writes:
> 
> > I am trying to determine how exactly I can manipulate traffic from a 
> > _guest's_ NIC using iptables on the _host_.  On the host, there is a 
> > bridged virtual NIC that corresponds to the guest's NIC.  That interface 
> > does not have an IP setup on it on the host, however within the vm 
> > itself the IP is configured and everything works as expected.  
> 
> Hi!
> No IP on the interface does not prevent you from using iptables. The kernel
> filters any packets it sees. From what I remember from the OpenStack
> developers, you can't use iptables with OpenVSwitch, but attaching rules to
> a linux brcrl bridge should be perfectly fine. 
> Tomas
> 
> 
> 
> 
> 
> 
> ------------------------------
> 
> _______________________________________________
> Openstack mailing list
> openstack at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> 
> 
> End of Openstack Digest, Vol 32, Issue 18
> *****************************************
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160217/92a7e290/attachment.html>


More information about the Openstack mailing list