Re: [Openstack] Please help!!!!Openvswitch attacked by ICMP!!!!!!!

Thu, 17 Sep 2015 19:29:00 -0700 

Thank you for your reply. One more thing, I actually use "dhclient br-ex" to 
get ip from dhcp server of our campus network. Is it ok to do so? Because some 
people think I should not assign IP to the br-ex bridge. But in this case, the 
whole openstack network is not able to access to the outside internet. 

Regards
hjh

2015-09-18



applyhhj



发件人:Erdősi Péter <[email protected]>
发送时间:2015-09-18 02:05
主题:Re: [Openstack] Please help!!!!Openvswitch attacked by ICMP!!!!!!!
收件人:"applyhhj"<[email protected]>,"openstack"<[email protected]>
抄送:

2015.09.17. 17:55 keltezéssel, applyhhj írta:

I am using ubuntu 15.04 and I am following Guidance for ubuntu 14.04. 
Configuration for eth2 is:

# external network interface
auto eth2
iface eth2 inet manual
        up ip link set dev $IFACE up
        down ip link set dev $IFACE down

By the way ther is no ip in eth2 after bridging it to br-ex.
It's totally normal... you do not need IP to br-ex, or eth2...
Try to imagine this:

You have a (virtual) switch, and you have ports on that...
Your goal is, give internet access to machines, which "plugged" on this ports 
in the switch...

In the real life, you have to use an "uplink" port, where packet goes, when the 
other machine is not directly connected to switch...

The eth2 - br-ex situation is all the same... You have a switch, and your 
uplink connection will be the eth2 interface the port is the br-ex, and you put 
it togather, which does not require any layer 3 setup, only the L2... (port is 
up, and capable to forward ethernet frames)
That's why you only pull up the interface without IP address, cause nobody 
never needs direct connection from eth2 to neutron host (you possibly have 
management network for that)

Overall, i think, your configuration is good with eth2 and br-ex, without IP...

If I were you, I start to check traffic on all interface (on network node, and 
qrouters also) and figure out, how this packet came from, and what they want to 
reach... (not based on IP, only follow the ICMP traffic path with tcpdump)

For example:
If your packets goes from/to Internet from/to any VM, you must see traffic on 
eth2 and br-ex, and that traffic also can be found in one of the qrouters, and 
somewhere beetween compute and neutron node (based on isolation, what you 
choosen before)

Start a few tcpdump, and track it down :)

Regards, 
 Peter
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : [email protected]
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Reply via email to