Hi all; Following the Neutron (Network Option 2 setup) instructions in Liberty. I can't ping my demo router. However, I do recall there are new security constraints that might prevent this in Liberty. Do I need to somehow allow ICMP?
Here's what I did. =========================================== Create virtual networks http://docs.openstack.org/liberty/install-guide-rdo/launch-instance.html#create-virtual-networks =========================================== Create Public Provider Network http://docs.openstack.org/liberty/install-guide-rdo/launch-instance-networks-public.html [root@maersk src]# source admin-openrc.sh [root@maersk src]# neutron net-create public --shared --provider:physical_network public \ > --provider:network_type flat Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | be6e920a-51aa-4293-bb95-7ac38aab9df6 | | mtu | 0 | | name | public | | port_security_enabled | True | | provider:network_type | flat | | provider:physical_network | public | | provider:segmentation_id | | | router:external | False | | shared | True | | status | ACTIVE | | subnets | | | tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 | +---------------------------+--------------------------------------+ [root@maersk src]# --- Create a subnet on the network: Replace START_IP_ADDRESS and END_IP_ADDRESS with the first and last IP address of the range within the subnet that you want to allocate for instances. This range must not include any existing active IP addresses. Example neutron subnet-create public 203.0.113.0/24 --name public \ --allocation-pool start=203.0.113.101,end=203.0.113.200 \ --dns-nameserver 8.8.4.4 --gateway 203.0.113.1 [root@maersk src]# cat /etc/resolv.conf ; generated by /usr/sbin/dhclient-script search attlocal.net nameserver 172.22.10.254 cat ifcfg-enp3s0 GATEWAY=172.22.10.254 DNS1=172.22.10.254 neutron subnet-create public 172.22.10.0/24 --name public \ --allocation-pool start=172.22.10.10,end=172.22.10.90 \ --dns-nameserver 172.22.10.254 --gateway 172.22.10.254 Created a new subnet: +-------------------+--------------------------------------------------+ | Field | Value | +-------------------+--------------------------------------------------+ | allocation_pools | {"start": "172.22.10.10", "end": "172.22.10.90"} | | cidr | 172.22.10.0/24 | | dns_nameservers | 172.22.10.254 | | enable_dhcp | True | | gateway_ip | 172.22.10.254 | | host_routes | | | id | f227734a-eca3-4472-81f6-620e1bf1fac9 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | public | | network_id | be6e920a-51aa-4293-bb95-7ac38aab9df6 | | subnetpool_id | | | tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 | +-------------------+--------------------------------------------------+ =========================================== Create the private project network http://docs.openstack.org/liberty/install-guide-rdo/launch-instance-networks-private.html source demo-openrc.sh neutron net-create private Created a new network: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | id | 28ca326a-8443-4c1c-b288-48920a1eefbe | | mtu | 0 | | name | private | | port_security_enabled | True | | router:external | False | | shared | False | | status | ACTIVE | | subnets | | | tenant_id | 7813be77b1de4196b1c6b77006afa21c | +-----------------------+--------------------------------------+ [root@maersk src]# neutron subnet-create private 192.168.10.0/24 \ > --name private --dns-nameserver 172.22.10.254 --gateway 192.168.10.1 Created a new subnet: +-------------------+----------------------------------------------------+ | Field | Value | +-------------------+----------------------------------------------------+ | allocation_pools | {"start": "192.168.10.2", "end": "192.168.10.254"} | | cidr | 192.168.10.0/24 | | dns_nameservers | 172.22.10.254 | | enable_dhcp | True | | gateway_ip | 192.168.10.1 | | host_routes | | | id | eb5550e2-4de5-4ca5-9d7e-9d6ffe86ce92 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | private | | network_id | 28ca326a-8443-4c1c-b288-48920a1eefbe | | subnetpool_id | | | tenant_id | 7813be77b1de4196b1c6b77006afa21c | +-------------------+----------------------------------------------------+ ==== Create a router ==== Private project networks connect to public provider networks using a virtual router. Each router contains an interface to at least one private project network and a gateway on a public provider network. source admin [root@maersk src]# source admin-openrc.sh [root@maersk src]# neutron net-update public --router:external Updated network: public [root@maersk src]# source demo-openrc.sh [root@maersk src]# neutron router-create router Created a new router: +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | admin_state_up | True | | external_gateway_info | | | id | 52ca91cb-df23-4593-bb95-ea9f1fc33e99 | | name | router | | routes | | | status | ACTIVE | | tenant_id | 7813be77b1de4196b1c6b77006afa21c | +-----------------------+--------------------------------------+ [root@maersk src]# neutron router-interface-add router private Added interface 5b25c4df-0c83-4ef2-bed6-6e854cf66af6 to router router. [root@maersk src]# neutron router-gateway-set router public Set gateway for router router [root@maersk src]# source admin-openrc.sh [root@maersk src]# ip netns qrouter-52ca91cb-df23-4593-bb95-ea9f1fc33e99 (id: 2) qdhcp-28ca326a-8443-4c1c-b288-48920a1eefbe (id: 1) qdhcp-be6e920a-51aa-4293-bb95-7ac38aab9df6 (id: 0) [root@maersk src]# neutron router-port-list router +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+ | id | name | mac_address | fixed_ips | +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+ | 5b25c4df-0c83-4ef2-bed6-6e854cf66af6 | | fa:16:3e:d5:62:14 | {"subnet_id": "eb5550e2-4de5-4ca5-9d7e-9d6ffe86ce92", "ip_address": "192.168.10.1"} | | d1dfcc09-9da6-4366-8080-c73d48286036 | | fa:16:3e:b7:d2:22 | {"subnet_id": "f227734a-eca3-4472-81f6-620e1bf1fac9", "ip_address": "172.22.10.11"} | +--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+ [root@maersk src]# ping -c 4 172.22.10.11 PING 172.22.10.11 (172.22.10.11) 56(84) bytes of data. >From 172.22.10.99 icmp_seq=1 Destination Host Unreachable >From 172.22.10.99 icmp_seq=2 Destination Host Unreachable >From 172.22.10.99 icmp_seq=3 Destination Host Unreachable >From 172.22.10.99 icmp_seq=4 Destination Host Unreachable --- 172.22.10.11 ping statistics --- 4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 2999ms pipe 4 [root@maersk src]# ===== Config info. I set LinuxBridgeAgent.ini linux_bridge physical_interface_mappings to public:enp3s0 as this is what shows up for "eth0" when I ifconfig. Is this correct? [root@maersk src]# ./pluto.py show -p /etc ml2_conf.ini l3_agent.ini plugin.ini linuxbridge_agent.ini +-------------------+----------------------+--------------------------+ | ml2_conf: Section | Key | Value | +-------------------+----------------------+--------------------------+ | ml2 | extension_drivers | port_security | | ml2 | mechanism_drivers | linuxbridge,l2population | | ml2 | tenant_network_types | vxlan | | ml2 | type_drivers | flat,vlan,vxlan | | ml2_type_flat | flat_networks | public | | ml2_type_vxlan | vni_ranges | 1:1000 | | securitygroup | enable_ipset | True | +-------------------+----------------------+--------------------------+ +-------------------+--------------------------+-----------------------------------------------------+ | l3_agent: Section | Key | Value | +-------------------+--------------------------+-----------------------------------------------------+ | DEFAULT | external_network_bridge | | | DEFAULT | verbose | True | | DEFAULT | interface_driver | neutron.agent.linux.interface.BridgeInterfaceDriver | +-------------------+--------------------------+-----------------------------------------------------+ +-----------------+----------------------+--------------------------+ | plugin: Section | Key | Value | +-----------------+----------------------+--------------------------+ | ml2 | extension_drivers | port_security | | ml2 | mechanism_drivers | linuxbridge,l2population | | ml2 | tenant_network_types | vxlan | | ml2 | type_drivers | flat,vlan,vxlan | | ml2_type_flat | flat_networks | public | | ml2_type_vxlan | vni_ranges | 1:1000 | | securitygroup | enable_ipset | True | +-----------------+----------------------+--------------------------+ +----------------------------+-----------------------------+--------------------------------------------------------------+ | linuxbridge_agent: Section | Key | Value | +----------------------------+-----------------------------+--------------------------------------------------------------+ | linux_bridge | physical_interface_mappings | public:enp3s0 | | vxlan | l2_population | True | | vxlan | local_ip | 172.22.10.99 | | vxlan | enable_vxlan | True | | agent | prevent_arp_spoofing | True | | securitygroup | firewall_driver | neutron.agent.linux.iptables_firewall.IptablesFirewallDriver | | securitygroup | enable_security_group | True | +----------------------------+-----------------------------+--------------------------------------------------------------+ - Christopher T. Hull 333 Orchard Ave, Sunnyvale CA. 94085 (415) 385 4865 [email protected] http://chrishull.com
_______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
