[Openstack] private network issue ( kola-ansible pike/stable deployment )
s serge
abricus at yandex.ru
Sun Apr 8 15:07:58 UTC 2018
Hello,
Thanks,
The problem was related to MTU.
Actually, I have another installation which is configured to set 1450(1500 - 50 VxLAN header length) for guest VM interfaces.
That setup runs in 'regular' network environments with 1500 MTU on host interfaces and use linuxbridge.
There is a reson why I didn't looked at that at first thing for the current case:
The hosts private network interfaces has set to MTU 9000
Open vSwitch is used to connect private(self service) network.
OVS bridges have 1500 MTU ( kolla configured it in this way )
I've identified that 1480 MTU for guest VM fix ssh issue in my current case, but not sure I understand why ...
20 bytes is the shortest IP header size...
So there are 2 another questions:
1. What's and why adding 20 bytes ?
2. I've not found a configuration settings in kolla-ansible which allows to configure bridges interfaces MTU - any ideas how to do that properly ?
Thanks,
Regards,
Serge.
06.04.2018, 20:57, "Brian Haley" <haleyb.dev at gmail.com>:
> On 04/06/2018 01:28 PM, s serge wrote:
>> Hello,
>>
>> I'm evaluating an installation and everything from networking side was looking good
>> until I tried to reach a VM host via private network from another VM via ssh.
>>
>> In short:
>> 1. Spawn a VM
>> 2. Associate a floating IP
>> 3. Logon to VM via ssh on public network
>> 4. Spawn another VM
>> 5. Try to reach 1st VM via ssh private network IP - FAIL.
>> 6. ICMP to 1st VM IP via private network works well.
>>
>> Looks pretty weird for me as according to logs everything looks fine,
>> both VM got assigned a private IP and fetches metadata info.
>>
>> Some notes about setup:
>> Separate interfaces for management, private(VXLAN) and external network.
>> Dozen of similar servers.
>>
>> I'll continue to debug the issue, but appreciate any relevant feedback.
>
> I would check two things:
>
> 1. Security groups are allowing port 22
> 2. MTU is set correctly, should probably be 1450 if you're using VXLAN,
> which should have been set via the DHCP reply
>
> -Brian
More information about the Openstack
mailing list