Re: [Openstack] nova/quantum/ovs configuration conundrum

Thu, 08 Nov 2012 22:05:46 -0800

"I followed the instructions to add a route from http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_l3_agent_metadata.html but I don't immediately see how the route add helped here - but it has raised an eyebrow."

Tell me about it!

We wanted to use Quantum mostly so we could avoid being forced to upgrade from nova-network later on. Once again the difference between trunk (dev) and stable (ops) kills new OpenStack features for early production adopters. There is no way we can offer this to our customers. Are we expected to add a new route for every subnet our customers create, across every compute node, on the fly (including esoteric quantum port-list commands)?

As for the idea of having one quantum-l3-agent that NATs traffic for many compute nodes, I wasn't aware the concept of retro chic applied to network topologies :(

I shudder to think how this would operate at scale, so it looks like we will be sticking to our nova-network VLAN configuration.


--
Sina Sadeghi
Lead Cloud Engineer

Aptira Pty Ltd
1800 APTIRA
aptira.com
Follow @aptira

On 08/11/12 22:54, Kevin Jackson wrote:
Hi Stephen,
This is what I get... (note change of namespace etc as this machine is a VM that was recreated).

root@openstack:~# ip netns list
qdhcp-3f0a3d53-f3a4-4da8-a5e0-1a97b6e51424
qrouter-f26858db-3ae8-431b-86a7-edab80834586

root@openstack:~# ip netns exec qrouter-f26858db-3ae8-431b-86a7-edab80834586 wget http://172.16.0.210:8775/
--2012-11-08 10:52:11--  http://172.16.0.210:8775/
Connecting to 172.16.0.210:8775... failed: No route to host.

root@openstack:~# ip netns exec qrouter-f26858db-3ae8-431b-86a7-edab80834586 ip r                         
default via 172.16.1.254 dev qg-c396e75e-38
10.5.5.0/24 dev qr-031aafac-19  proto kernel  scope link  src 10.5.5.1
172.16.1.0/24 dev qg-c396e75e-38  proto kernel  scope link  src 172.16.1.10

So it is a problem between my router and the physical network... That 172.16.1.0/24 is an "ext-net" network created with an external router.  When I spin my instances up I use the 10.5.5.0/24 "int-net" network.

I followed the instructions to add a route from http://docs.openstack.org/trunk/openstack-network/admin/content/adv_cfg_l3_agent_metadata.html but I don't immediately see how the route add helped here - but it has raised an eyebrow.

The output of the port-list gave me 172.16.1.10 to use as the $ROUTER_GW_IP - which is odd as that IP was set as my external floating range start IP.  Doing a traceroute to the 172.16.0.201 address from the router namespace went via 172.16.1.10... so I've some things to play with for the time being...

Thanks for your help so far.  Is the Guardian looking at OpenStack for any projects (I'm from TMG)?

Cheers,
Kev


On 8 November 2012 10:49, Stephen Gran <stephen.g...@guardian.co.uk> wrote:
Hi,


On Thu, 2012-11-08 at 10:02 +0000, Kevin Jackson wrote:
Thanks for that - the namspace thing is starting to make sense.
So I see this rule in there now:

Chain quantum-l3-agent-PREROUTING (1 references)
 pkts bytes target     prot opt in     out     source               destination        
   62  3720 DNAT       tcp  --  *      *       0.0.0.0/0            169.254.169.254      tcp dpt:80 to:172.16.0.201:8775

But I never see a connection being made when I spin up an instance.  The instance reports no route to host.

It's unclear at this point if the problem is that your instance can't reach it's gateway (the quantum router), or if the quantum router can't reach the metadata server.

try:
ip netns exec qrouter-61245d6f-1195-4ca0-ba08-f0636f7d44c6 wget http://172.16.0.201:8775/

To rule out the latter so you know where to concentrate your efforts. 

-- 
Stephen Gran
Senior Systems Integrator - guardian.co.uk

Please consider the environment before printing this email.
------------------------------------------------------------------
Visit guardian.co.uk - website of the year
 
www.guardian.co.uk    www.observer.co.uk     www.guardiannews.com 
 
On your mobile, visit m.guardian.co.uk or download the Guardian
iPhone app www.guardian.co.uk/iphone and iPad edition www.guardian.co.uk/iPad 
 
Save up to 37% by subscribing to the Guardian and Observer - choose the papers you want and get full digital access. 
Visit guardian.co.uk/subscribe
 
---------------------------------------------------------------------
This e-mail and all attachments are confidential and may also
be privileged. If you are not the named recipient, please notify
the sender and delete the e-mail and all attachments immediately.
Do not disclose the contents to another person. You may not use
the information for any purpose, or store, or copy, it in any way.
 
Guardian News & Media Limited is not liable for any computer
viruses or other material transmitted with or as part of this
e-mail. You should employ virus checking software.
 
Guardian News & Media Limited
 
A member of Guardian Media Group plc
Registered Office
PO Box 68164
Kings Place
90 York Way
London
N1P 2AP
 
Registered in England Number 908396



--
Kevin Jackson
@itarchitectkev


_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp




_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Reply via email to