Dear list,
i found the mistake by myself. i just had an inconsistent mapping in the section [linux_bridge] in the configuration option 'physical_interface_mappings'. changed it to the correct settings. Now everything works as expected.
Am 29.01.2016 um 15:16 schrieb Joerg Streckfuss:
Dear list, i got problems with a virtual router gateway ip. I setup a 3-node openstack-setup (one controller, two compute nodes), using liberty on centos7 carefully following the instructions under http://docs.openstack.org/liberty/install-guide-rdo/. I'm using self-service networks with one flat provider-network for external communication. I use VXLAN for overlay-networks. As mechanism drivers I use linuxbridge and l2population. I can create project-networks and initiate instances, with will get ips from the dhcp-server. So far, so good. When I try to create a virtual router to ssh to my vm, i can't ping the external gateway ip of the router on the controller node. As you can see the router has a gateway-port with an external ip (10.11.200.1). The second one is the ip from the project network: <snip> [root@controller ~]# source admin-openrc.sh [root@controller ~]# neutron router-port-list router +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+ | id | name | mac_address | fixed_ips | +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+ | 89724c5b-d8eb-45ed-a45d-051412d9cf2d | | fa:16:3e:71:d2:7c | {"subnet_id": "ec0d4301-53b2-4eab-90c9-a03e1b784717", "ip_address": "10.11.200.1"} | | b1aeaf23-1bae-4f63-899d-30a50513c3c1 | | fa:16:3e:d1:df:2e | {"subnet_id": "fc6a8af9-c510-4665-a083-b190989f75de", "ip_address": "172.16.1.1"} | +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+ <snap> This ip is not pingable neither from outside nor on the controller node. The needed netnamespaces are available: <snip> [root@controller ~]# ip netns show qrouter-7236dab3-6653-4df7-90cc-b441df2ae75d qdhcp-1ff83e09-1777-4d53-95d8-bc3251eddbb1 qdhcp-b7e5b2dd-0b8c-43ab-911a-107bf23858d6 <snap> But I can ping the ip inside the router namespace: <snip> [root@controller ~]# ip netns exec qrouter-7236dab3-6653-4df7-90cc-b441df2ae75d ping -c1 10.11.200.1 PING 10.11.200.1 (10.11.200.1) 56(84) bytes of data. 64 bytes from 10.11.200.1: icmp_seq=1 ttl=64 time=0.049 ms <snap> In /var/log/neutron/server.log I found the following interesting logs when creating the external provider network: <snip> 2016-01-29 13:35:58.842 8337 ERROR neutron.plugins.ml2.managers [req-6502530b-eb91-4c1d-85db-5555c9820e62 - - - - -] Failed to bind port 041d3057-44a1-4aa5-ba00-aa97a28b3d64 on host controller.openstack.dfn-cert.de 2016-01-29 13:35:58.842 8337 ERROR neutron.plugins.ml2.managers [req-6502530b-eb91-4c1d-85db-5555c9820e62 - - - - -] Failed to bind port 041d3057-44a1-4aa5-ba00-aa97a28b3d64 on host controller.openstack.dfn-cert.de 2016-01-29 13:35:58.864 8337 INFO neutron.plugins.ml2.plugin [req-6502530b-eb91-4c1d-85db-5555c9820e62 - - - - -] Attempt 2 to bind port 041d3057-44a1-4aa5-ba00-aa97a28b3d64 2016-01-29 13:36:00.230 8337 WARNING neutron.plugins.ml2.rpc [req-de947767-5bba-43f9-9313-26941c0a24d9 - - - - -] Device tap041d3057-44 requested by agent lb00221954bc3f on network 1ff83e09-1777-4d53-95d8-bc3251eddbb1 not bound, vif_type: binding_failed <snap> Here are the relevant configs: <snip> # cat /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = testnet [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = True <snap> <snip> # cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = testnet:eth0 [vxlan] enable_vxlan = True local_ip = 192.168.0.1 l2_population = True [agent] prevent_arp_spoofing = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver <snap> I guess there is somthing broken with a missing bridge. Perhaps a bridge which connects to the external, physical interface eth0. When list the bridges on the controller I got this: <snip> [root@controller ~]# brctl show bridge name bridge id STP enabled interfaces brqb7e5b2dd-0b 8000.0285d4793974 no tap1f5c2967-bd tapb1aeaf23-1b vxlan-55 <snap> As I mentioned I'm missing the external device eth0, which points to the external net. somebody has an idea about this? Many thanks in advance! _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack