When you are using ML2 with OVS driver and (in-tree) L3 router plugin, and if br-ex is used to connect to the external network, the gateway port of the router can be DOWN even if it does work.
It seems you pinged from the root netns on your network node. In a normal setup with ML2 OVS driver and the in-tree L3 router plugin, we cannot reach an inside of a neutron network from the root namespace (i.e., host namespace) of the network node. You need to check network reachability from the inside of the neutron network (for example, from a VM connected to the network or from the inside of a network namespace). 2016-03-15 16:36 GMT+09:00 Salvatore Orlando <[email protected]>: > They might be not perfect but from my little experience they are able to > forward traffic and do SNAT/DNAT without too many issues. > > If your deployment is failing to properly configure routing, you should be > getting errors in the l3 agent logs - sharing them might help. > Trying to ping the internal interface (192.168.123.1) from the network > namespace (it should be qdhcp-bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d might > also provide useful debug informations). > > I am assuming you are running Neutron in its default configuration (ie:ML2 > with OVS driver and the 'standard' l3 plugin) > Rossella from the Neutron core team gave a presentation at the latest > OpenStack summit on how to debug Neutron [1]. Hopefully you might find this > resource useful. > > Salvatore > > [1] > https://www.openstack.org/summit/tokyo-2015/videos/presentation/i-cant-ping-my-vm-learn-how-to-debug-neutron-and-solve-common-problems > > > On 15 March 2016 at 04:55, Christopher Hull <[email protected]> wrote: >> >> Attempt number 5 to set this up. I suppose seeing as instances work on >> all nets I'll just have to config my own Linux based router. >> >> Has ANYONE managed to get this to work? >> >> >> >> >> ------------------------------------------------------------------------------------------------------------------------ >> Server Net >> Doing the same thing with all ADMIN, result same. PORT is DOWN!!! >> >> >> >> >> >> >> [sleestack@maersk src]$ neutron net-create server-net --shared >> Created a new network: >> +---------------------------+--------------------------------------+ >> | Field | Value | >> +---------------------------+--------------------------------------+ >> | admin_state_up | True | >> | id | bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d | >> | mtu | 0 | >> | name | server-net | >> | port_security_enabled | True | >> | provider:network_type | vxlan | >> | provider:physical_network | | >> | provider:segmentation_id | 82 | >> | router:external | False | >> | shared | True | >> | status | ACTIVE | >> | subnets | | >> | tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 | >> +---------------------------+--------------------------------------+ >> [sleestack@maersk src]$ neutron subnet-create server-net 192.168.123.0/24 >> \ >> > --name server-net --dns-nameserver 172.22.10.254 --gateway >> > 192.168.123.1 >> Created a new subnet: >> >> +-------------------+------------------------------------------------------+ >> | Field | Value >> | >> >> +-------------------+------------------------------------------------------+ >> | allocation_pools | {"start": "192.168.123.2", "end": "192.168.123.254"} >> | >> | cidr | 192.168.123.0/24 >> | >> | dns_nameservers | 172.22.10.254 >> | >> | enable_dhcp | True >> | >> | gateway_ip | 192.168.123.1 >> | >> | host_routes | >> | >> | id | 29e93c6a-8ff1-439a-8e84-66a2bb8e6298 >> | >> | ip_version | 4 >> | >> | ipv6_address_mode | >> | >> | ipv6_ra_mode | >> | >> | name | server-net >> | >> | network_id | bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d >> | >> | subnetpool_id | >> | >> | tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 >> | >> >> +-------------------+------------------------------------------------------+ >> [sleestack@maersk src]$ source admin-openrc.sh >> [sleestack@maersk src]$ neutron net-update public --router:external >> Updated network: public >> [sleestack@maersk src]$ neutron router-create server-router >> Created a new router: >> +-----------------------+--------------------------------------+ >> | Field | Value | >> +-----------------------+--------------------------------------+ >> | admin_state_up | True | >> | distributed | False | >> | external_gateway_info | | >> | ha | False | >> | id | 00590829-e34a-4773-b3f1-0636bc3ff482 | >> | name | server-router | >> | routes | | >> | status | ACTIVE | >> | tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 | >> +-----------------------+--------------------------------------+ >> [sleestack@maersk src]$ neutron router-interface-add server-router >> server-net >> Added interface 1b0d3bb6-a455-4165-8e81-af5f45a1e1c1 to router >> server-router. >> [sleestack@maersk src]$ neutron router-gateway-set server-router public >> Set gateway for router server-router >> [sleestack@maersk src]$ p netns >> bash: p: command not found... >> [sleestack@maersk src]$ ip netns >> qrouter-00590829-e34a-4773-b3f1-0636bc3ff482 (id: 3) >> qdhcp-bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d (id: 1) >> qdhcp-43f09f04-c7ca-4df9-bc74-516dd134313f (id: 2) >> qdhcp-f1309195-e346-4748-b223-d2875204cab8 (id: 0) >> [sleestack@maersk src]$ neutron router-port-list server-router >> >> +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+ >> | id | name | mac_address | >> fixed_ips >> | >> >> +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+ >> | 11f56b25-1389-40a4-8d72-05b1d9d3ed66 | | fa:16:3e:5a:6c:1e | >> {"subnet_id": "fdf2bf4b-e0ef-4843-85a2-e88f9aa674b5", "ip_address": >> "172.22.10.16"} | >> | 1b0d3bb6-a455-4165-8e81-af5f45a1e1c1 | | fa:16:3e:e7:f6:53 | >> {"subnet_id": "29e93c6a-8ff1-439a-8e84-66a2bb8e6298", "ip_address": >> "192.168.123.1"} | >> >> +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+ >> [sleestack@maersk src]$ neutron port-show >> 11f56b25-1389-40a4-8d72-05b1d9d3ed66 >> >> +-----------------------+--------------------------------------------------------------------------------------------------------------+ >> | Field | Value >> | >> >> +-----------------------+--------------------------------------------------------------------------------------------------------------+ >> | admin_state_up | True >> | >> | allowed_address_pairs | >> | >> | binding:host_id | maersk >> | >> | binding:profile | {} >> | >> | binding:vif_details | {"port_filter": true} >> | >> | binding:vif_type | bridge >> | >> | binding:vnic_type | normal >> | >> | device_id | 00590829-e34a-4773-b3f1-0636bc3ff482 >> | >> | device_owner | network:router_gateway >> | >> | dns_assignment | {"hostname": "host-172-22-10-16", "ip_address": >> "172.22.10.16", "fqdn": "host-172-22-10-16.openstacklocal."} | >> | dns_name | >> | >> | extra_dhcp_opts | >> | >> | fixed_ips | {"subnet_id": >> "fdf2bf4b-e0ef-4843-85a2-e88f9aa674b5", "ip_address": "172.22.10.16"} >> | >> | id | 11f56b25-1389-40a4-8d72-05b1d9d3ed66 >> | >> | mac_address | fa:16:3e:5a:6c:1e >> | >> | name | >> | >> | network_id | 43f09f04-c7ca-4df9-bc74-516dd134313f >> | >> | port_security_enabled | False >> | >> | security_groups | >> | >> | status | DOWN !!!!!!!! WHY??????????? >> | >> | tenant_id | >> | >> >> +-----------------------+--------------------------------------------------------------------------------------------------------------+ >> [sleestack@maersk src]$ neutron port-show >> 1b0d3bb6-a455-4165-8e81-af5f45a1e1c1 >> >> +-----------------------+-----------------------------------------------------------------------------------------------------------------+ >> | Field | Value >> | >> >> +-----------------------+-----------------------------------------------------------------------------------------------------------------+ >> | admin_state_up | True >> | >> | allowed_address_pairs | >> | >> | binding:host_id | maersk >> | >> | binding:profile | {} >> | >> | binding:vif_details | {"port_filter": true} >> | >> | binding:vif_type | bridge >> | >> | binding:vnic_type | normal >> | >> | device_id | 00590829-e34a-4773-b3f1-0636bc3ff482 >> | >> | device_owner | network:router_interface >> | >> | dns_assignment | {"hostname": "host-192-168-123-1", "ip_address": >> "192.168.123.1", "fqdn": "host-192-168-123-1.openstacklocal."} | >> | dns_name | >> | >> | extra_dhcp_opts | >> | >> | fixed_ips | {"subnet_id": >> "29e93c6a-8ff1-439a-8e84-66a2bb8e6298", "ip_address": "192.168.123.1"} >> | >> | id | 1b0d3bb6-a455-4165-8e81-af5f45a1e1c1 >> | >> | mac_address | fa:16:3e:e7:f6:53 >> | >> | name | >> | >> | network_id | bb1d0d7a-a9d7-4f7a-9939-e6d0d876ad6d >> | >> | port_security_enabled | False >> | >> | security_groups | >> | >> | status | ACTIVE >> | >> | tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 >> | >> >> +-----------------------+-----------------------------------------------------------------------------------------------------------------+ >> >> >> [sleestack@maersk src]$ >> [sleestack@maersk src]$ ping 172.22.10.16 >> PING 172.22.10.16 (172.22.10.16) 56(84) bytes of data. >> From 172.22.10.99 icmp_seq=1 Destination Host Unreachable >> From 172.22.10.99 icmp_seq=2 Destination Host Unreachable >> From 172.22.10.99 icmp_seq=3 Destination Host Unreachable >> From 172.22.10.99 icmp_seq=4 Destination Host Unreachable >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> - Christopher T. Hull >> I am presently seeking a new career opportunity Please see career page >> http://chrishull.com/career >> 333 Orchard Ave, Sunnyvale CA. 94085 >> (415) 385 4865 >> [email protected] >> http://chrishull.com >> >> >> >> _______________________________________________ >> OpenStack-operators mailing list >> [email protected] >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > > > _______________________________________________ > OpenStack-operators mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > _______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
