You should not use dhcp on br-ex. OpenStack will setup the ip for you when you create the neutron provider network and neutron router. I am in the same campus as you and can share you how to setup the network later face to face if you want.
Following document will be helpful to understand this scenario: http://docs.openstack.org/networking-guide/scenario_provider_ovs.html Sam On Sep 18, 2015 10:27 AM, "applyhhj" <[email protected]> wrote: > Thank you for your reply. One more thing, I actually use "dhclient br-ex" > to get ip from dhcp server of our campus network. Is it ok to do so? > Because some people think I should not assign IP to the br-ex bridge. But > in this case, the whole openstack network is not able to access to the > outside internet. > > Regards > hjh > > 2015-09-18 > ------------------------------ > applyhhj > ------------------------------ > *发件人:*Erdősi Péter <[email protected]> > *发送时间:*2015-09-18 02:05 > *主题:*Re: [Openstack] Please help!!!!Openvswitch attacked by ICMP!!!!!!! > *收件人:*"applyhhj"<[email protected]>,"openstack"< > [email protected]> > *抄送:* > > 2015.09.17. 17:55 keltezéssel, applyhhj írta: > > I am using ubuntu 15.04 and I am following Guidance for ubuntu 14.04. > Configuration for eth2 is: > > # external network interface > auto eth2 > iface eth2 inet manual > up ip link set dev $IFACE up > down ip link set dev $IFACE down > By the way ther is no ip in eth2 after bridging it to br-ex. > > It's totally normal... you do not need IP to br-ex, or eth2... > Try to imagine this: > > You have a (virtual) switch, and you have ports on that... > Your goal is, give internet access to machines, which "plugged" on this > ports in the switch... > > In the real life, you have to use an "uplink" port, where packet goes, > when the other machine is not directly connected to switch... > > The eth2 - br-ex situation is all the same... You have a switch, and your > uplink connection will be the eth2 interface the port is the br-ex, and you > put it togather, which does not require any layer 3 setup, only the L2... > (port is up, and capable to forward ethernet frames) > That's why you only pull up the interface without IP address, cause nobody > never needs direct connection from eth2 to neutron host (you possibly have > management network for that) > > Overall, i think, your configuration is good with eth2 and br-ex, without > IP... > > If I were you, I start to check traffic on all interface (on network node, > and qrouters also) and figure out, how this packet came from, and what they > want to reach... (not based on IP, only follow the ICMP traffic path with > tcpdump) > > For example: > If your packets goes from/to Internet from/to any VM, you must see traffic > on eth2 and br-ex, and that traffic also can be found in one of the > qrouters, and somewhere beetween compute and neutron node (based on > isolation, what you choosen before) > > Start a few tcpdump, and track it down :) > > Regards, > Peter > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : [email protected] > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
