Re: [Openstack] router cannot communicate with external

[ZHOU TAO A]

Hi, Robert

Now I understands why it cannot ping external gateway.
l3-agent failed to set vlan tag on gateway ports on br-ex.
Now I can ping the ext gateway after running the command below.
ovs-vsctl set port qg-256b404e-50 tag=73

Thanks
Tao
On 07/25/2014 09:39 AM, ZHOU TAO A wrote:

Hi, Robert

I should have more introduction of my configuration.

I have two physical switches.

All eth0s connected to the first switch, all eth1s connected to the second switch.

eth0 can connect to the external gateway through vlan 73, eth1 can connect to external gateway through vlan 74

[root@ih-controller nova]# cat /proc/net/vlan/
config   eth1.74
[root@ih-controller nova]# cat /proc/net/vlan/*
VLAN Dev name    | VLAN ID
Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD
eth1.74        | 74  | eth1
eth1.74  VID: 74         REORDER_HDR: 1  dev->priv_flags: 1
         total frames received     28985786
          total bytes received  26536401548
      Broadcast/Multicast Rcvd     14856460

      total frames transmitted      7855954
       total bytes transmitted    852065213
            total headroom inc            0
           total encap on xmit            0
Device: eth1
INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0
 EGRESS priority mappings:

[root@ih-controller nova]# ip netns exec qrouter-e3119ff4-2fac-4226-9e63-009cfce8ac4c tcpdump -enlpi qg-256b404e-50 arptcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on usbmon1, link-type USB_LINUX_MMAPPED (USB with padded Linux header), capture size 65535 bytes

09:29:25.822677 CONTROL SUBMIT to 1:2:0
09:29:25.822838 CONTROL COMPLETE from 1:2:0
09:29:25.822869 CONTROL SUBMIT to 1:1:0
09:29:25.822869 CONTROL COMPLETE from 1:1:0
09:29:27.980731 INTERRUPT COMPLETE to 1:2:1
09:29:27.980735 CONTROL SUBMIT to 1:2:0
09:29:27.980908 CONTROL COMPLETE from 1:2:0
09:29:27.980964 CONTROL SUBMIT to 1:1:0
09:29:27.980969 CONTROL COMPLETE from 1:1:0
09:29:30.980679 INTERRUPT COMPLETE to 1:1:1

Below is my /etc/neutron/plugin.ini

[ml2]
type_drivers = vlan
tenant_network_types = vlan
mechanism_drivers = openvswitch
[ml2_type_flat]
[ml2_type_vlan]
network_vlan_ranges = physnet2:1:4000,physnet1
[ml2_type_gre]
[ml2_type_vxlan]
[securitygroup]

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

enable_security_group = True
[ovs]
integration_bridge = br-int
bridge_mappings = physnet2:br-eth1,physnet1:br-ex

Thanks
Tao


-------- Original Message --------
Subject:        Re: [Openstack] router cannot communicate with external
Date:   Thu, 24 Jul 2014 23:22:43 +1200
From:   Robert Collins <robe...@robertcollins.net>
To:     ZHOU TAO A <tao.a.z...@alcatel-lucent.com>



On 24 July 2014 14:56, ZHOU TAO A<tao.a.z...@alcatel-lucent.com>  wrote:
> Hi,
>
> I have installed icehouse with ovs vlan configuration.

We need to check your exterior bridge configuration. In icehouse when
using vlans the exterior bridge has to be layered on top of a tagging
device (e.g. a vconfig vlanXXXX device) - or you need to apply my
patchhttps://review.openstack.org/#/c/108494/  which teaches the l3
agent to setup an access port rather than an untagged port.

On the network node, please run
ip address
ovs-vsctl show
cat /proc/net/vlan/*

which should let us tell.

And/or we can also check by tcpdump:
ip netns exec qrouter-e3119ff4-2fac-4226-9e63-009cfce8ac4c tcpdump
-enlpi qg-256b404e-50 arp
and look at the frame types - you'll see .q tagged frames.

If you have a trunk port, you can use ovs-vsctl to do a quick manual fix:
ovs-vsctl set port qg-256b404e-50 tag=XX where XX is your vlan id, but
this will be lost if you fail the router over or the port is recreated
for any reason.

Alternatively you can remove whichever ethN device br-ex is on and add
a vconfig vlan port instead, or apply my patch above.

-Rob

> Network node and controller node coexists.
>
> The problem is I can ping the public IP address of my router but cannot ping
> external gateway from my instance.
>
> My instance has internal IP 192.48.1.51 and a floating IP 135.252.167.187.
> My router has subnet 192.48.1.0/24 and gateway 135.252.167.186
>
> [root@ih-controller neutron]# ip netns exec
> qrouter-e3119ff4-2fac-4226-9e63-009cfce8ac4c ping 135.252.167.1
> PING 135.252.167.1 (135.252.167.1) 56(84) bytes of data.
> From 135.252.167.186 icmp_seq=2 Destination Host Unreachable
> From 135.252.167.186 icmp_seq=3 Destination Host Unreachable
> From 135.252.167.186 icmp_seq=4 Destination Host Unreachable
>
>
> [root@ih-controller neutron]# neutron router-list
> 
+--------------------------------------+------------+-----------------------------------------------------------------------------+
> | id                                   | name       | external_gateway_info
> |
> 
+--------------------------------------+------------+-----------------------------------------------------------------------------+
> | e3119ff4-2fac-4226-9e63-009cfce8ac4c | router_ext | {"network_id":
> "0b78bc26-0374-47ed-8f0b-66d18e3bd86b", "enable_snat": true} |
> 
+--------------------------------------+------------+-----------------------------------------------------------------------------+
>
> ip netns exec qrouter-e3119ff4-2fac-4226-9e63-009cfce8ac4c ifconfig
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:4 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:448 (448.0 b)  TX bytes:448 (448.0 b)
>
> qg-256b404e-50 Link encap:Ethernet  HWaddr FA:16:3E:2A:D3:D0
>           inet addr:135.252.167.186  Bcast:135.252.167.255
> Mask:255.255.255.0
>           inet6 addr: fe80::f816:3eff:fe2a:d3d0/64 Scope:Link
>           UP BROADCAST RUNNING  MTU:1500  Metric:1
>           RX packets:191469 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1293 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:16274751 (15.5 MiB)  TX bytes:123922 (121.0 KiB)
>
> qr-c87773a3-79 Link encap:Ethernet  HWaddr FA:16:3E:03:42:C3
>           inet addr:192.48.1.254  Bcast:192.48.1.255  Mask:255.255.255.0
>           inet6 addr: fe80::f816:3eff:fe03:42c3/64 Scope:Link
>           UP BROADCAST RUNNING  MTU:1500  Metric:1
>           RX packets:1286 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:124478 (121.5 KiB)  TX bytes:1986 (1.9 KiB)
>
>
>
>
> _______________________________________________
> Mailing list:http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     :openstack@lists.openstack.org
> Unsubscribe :http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>



--
Robert Collins<rbtcoll...@hp.com>
Distinguished Technologist
HP Converged Cloud

_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack