Public bug reported: After deploy openstack using kolla on three compute, I create neutron network successfully, but I can not ping the network from external network.
because I have only one NIC, so I create a VLAN: eth0.20, neutron_external_interface: "eth0.20". if I assign a floating ip to an instance, It's error: External network ce554e2f-bc0d-47bc-95f4-6b9f9d2202ef is not reachable from subnet 9fe487c3-46b3-486e-ac14-60d03590792d. Therefore, cannot associate Port e23daebe-16d1-4189-a194-242fcd73e5ab with a Floating IP. Neutron server returns request_ids: ['req-184ca305-8af6-4671-aaea-494232c87abd'] for more information, I upload two images on github, please open: https://raw.githubusercontent.com/greatbsky/openstack/master/1.png https://raw.githubusercontent.com/greatbsky/openstack/master/2.png [root@oscontroller ~]# ifconfig docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0 inet6 fe80::42:82ff:fe43:b91f prefixlen 64 scopeid 0x20<link> ether 02:42:82:43:b9:1f txqueuelen 0 (Ethernet) RX packets 8 bytes 536 (536.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 9 bytes 690 (690.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.61 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link> ether 00:e0:66:85:6b:24 txqueuelen 1000 (Ethernet) RX packets 374 bytes 32803 (32.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 212 bytes 22583 (22.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.61 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link> ether 00:e0:66:85:6b:24 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 13 bytes 858 (858.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0.20: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.20.61 netmask 255.255.255.0 broadcast 192.168.20.255 inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link> ether 00:e0:66:85:6b:24 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 10 bytes 732 (732.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 14 bytes 1210 (1.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 14 bytes 1210 (1.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 veth4575b33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::a415:6eff:fefd:7d1b prefixlen 64 scopeid 0x20<link> ether a6:15:6e:fd:7d:1b txqueuelen 0 (Ethernet) RX packets 8 bytes 648 (648.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 17 bytes 1338 (1.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@oscontroller ~]# ovs-vsctl show 037a5215-0ba6-42db-96dc-865448a2ca07 Bridge br-tun fail_mode: secure Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Port "vxlan-c0a8015c" Interface "vxlan-c0a8015c" type: vxlan options: {df_default="true", in_key=flow, local_ip="192.168.1.61", out_key=flow, remote_ip="192.168.1.92"} Bridge br-ex Port br-ex Interface br-ex type: internal Port "eth0.20" Interface "eth0.20" Port phy-br-ex Interface phy-br-ex type: patch options: {peer=int-br-ex} Bridge br-int fail_mode: secure Port "qg-4e2a1631-ff" tag: 6 Interface "qg-4e2a1631-ff" type: internal Port "tap629b3552-d2" tag: 6 Interface "tap629b3552-d2" type: internal Port "qg-ba3451ef-a2" tag: 2 Interface "qg-ba3451ef-a2" type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port int-br-ex Interface int-br-ex type: patch options: {peer=phy-br-ex} Port "tap21939cfb-56" tag: 1 Interface "tap21939cfb-56" type: internal Port br-int Interface br-int type: internal Port "qr-5b332ba0-1f" tag: 1 Interface "qr-5b332ba0-1f" type: internal [root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd iptables -t nat -S -P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -N neutron-l3-agent-OUTPUT -N neutron-l3-agent-POSTROUTING -N neutron-l3-agent-PREROUTING -N neutron-l3-agent-float-snat -N neutron-l3-agent-snat -N neutron-postrouting-bottom -A PREROUTING -j neutron-l3-agent-PREROUTING -A OUTPUT -j neutron-l3-agent-OUTPUT -A POSTROUTING -j neutron-l3-agent-POSTROUTING -A POSTROUTING -j neutron-postrouting-bottom -A neutron-l3-agent-POSTROUTING ! -i qg-2d2fa214-e7 ! -o qg-2d2fa214-e7 -m conntrack ! --ctstate DNAT -j ACCEPT -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697 -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat -A neutron-l3-agent-snat -o qg-2d2fa214-e7 -j SNAT --to-source 192.168.1.201 -A neutron-l3-agent-snat -m mark ! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source 192.168.1.201 -A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat ----------------------------------------- Qst 1: I ping gateway qg-2d2fa214-e7 ip 192.168.1.201, tcpdump -i eth0.20 got nothing, bug if execute [root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd ping 192.168.1.88 got result: [root@oscontroller ~]# tcpdump -i eth0.20 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0.20, link-type EN10MB (Ethernet), capture size 65535 bytes 06:00:37.865883 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28 06:00:38.868298 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28 06:00:39.870297 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28 06:00:41.866485 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28 Qst 2: This result look like miss qr-xxxxxxxx ? is it correct? [root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 17: qg-2d2fa214-e7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether fa:16:3e:3a:df:92 brd ff:ff:ff:ff:ff:ff inet 192.168.1.201/24 brd 192.168.1.255 scope global qg-2d2fa214-e7 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe3a:df92/64 scope link valid_lft forever preferred_lft forever help me please, I have try to resolve this for two weeks... ** Affects: neutron Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1623460 Title: can not ping neutron network from external network Status in neutron: New Bug description: After deploy openstack using kolla on three compute, I create neutron network successfully, but I can not ping the network from external network. because I have only one NIC, so I create a VLAN: eth0.20, neutron_external_interface: "eth0.20". if I assign a floating ip to an instance, It's error: External network ce554e2f-bc0d-47bc-95f4-6b9f9d2202ef is not reachable from subnet 9fe487c3-46b3-486e-ac14-60d03590792d. Therefore, cannot associate Port e23daebe-16d1-4189-a194-242fcd73e5ab with a Floating IP. Neutron server returns request_ids: ['req-184ca305-8af6-4671-aaea-494232c87abd'] for more information, I upload two images on github, please open: https://raw.githubusercontent.com/greatbsky/openstack/master/1.png https://raw.githubusercontent.com/greatbsky/openstack/master/2.png [root@oscontroller ~]# ifconfig docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0 inet6 fe80::42:82ff:fe43:b91f prefixlen 64 scopeid 0x20<link> ether 02:42:82:43:b9:1f txqueuelen 0 (Ethernet) RX packets 8 bytes 536 (536.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 9 bytes 690 (690.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.61 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link> ether 00:e0:66:85:6b:24 txqueuelen 1000 (Ethernet) RX packets 374 bytes 32803 (32.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 212 bytes 22583 (22.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.61 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link> ether 00:e0:66:85:6b:24 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 13 bytes 858 (858.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0.20: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.20.61 netmask 255.255.255.0 broadcast 192.168.20.255 inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link> ether 00:e0:66:85:6b:24 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 10 bytes 732 (732.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 14 bytes 1210 (1.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 14 bytes 1210 (1.1 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 veth4575b33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::a415:6eff:fefd:7d1b prefixlen 64 scopeid 0x20<link> ether a6:15:6e:fd:7d:1b txqueuelen 0 (Ethernet) RX packets 8 bytes 648 (648.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 17 bytes 1338 (1.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@oscontroller ~]# ovs-vsctl show 037a5215-0ba6-42db-96dc-865448a2ca07 Bridge br-tun fail_mode: secure Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Port "vxlan-c0a8015c" Interface "vxlan-c0a8015c" type: vxlan options: {df_default="true", in_key=flow, local_ip="192.168.1.61", out_key=flow, remote_ip="192.168.1.92"} Bridge br-ex Port br-ex Interface br-ex type: internal Port "eth0.20" Interface "eth0.20" Port phy-br-ex Interface phy-br-ex type: patch options: {peer=int-br-ex} Bridge br-int fail_mode: secure Port "qg-4e2a1631-ff" tag: 6 Interface "qg-4e2a1631-ff" type: internal Port "tap629b3552-d2" tag: 6 Interface "tap629b3552-d2" type: internal Port "qg-ba3451ef-a2" tag: 2 Interface "qg-ba3451ef-a2" type: internal Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port int-br-ex Interface int-br-ex type: patch options: {peer=phy-br-ex} Port "tap21939cfb-56" tag: 1 Interface "tap21939cfb-56" type: internal Port br-int Interface br-int type: internal Port "qr-5b332ba0-1f" tag: 1 Interface "qr-5b332ba0-1f" type: internal [root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd iptables -t nat -S -P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -N neutron-l3-agent-OUTPUT -N neutron-l3-agent-POSTROUTING -N neutron-l3-agent-PREROUTING -N neutron-l3-agent-float-snat -N neutron-l3-agent-snat -N neutron-postrouting-bottom -A PREROUTING -j neutron-l3-agent-PREROUTING -A OUTPUT -j neutron-l3-agent-OUTPUT -A POSTROUTING -j neutron-l3-agent-POSTROUTING -A POSTROUTING -j neutron-postrouting-bottom -A neutron-l3-agent-POSTROUTING ! -i qg-2d2fa214-e7 ! -o qg-2d2fa214-e7 -m conntrack ! --ctstate DNAT -j ACCEPT -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697 -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat -A neutron-l3-agent-snat -o qg-2d2fa214-e7 -j SNAT --to-source 192.168.1.201 -A neutron-l3-agent-snat -m mark ! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source 192.168.1.201 -A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat ----------------------------------------- Qst 1: I ping gateway qg-2d2fa214-e7 ip 192.168.1.201, tcpdump -i eth0.20 got nothing, bug if execute [root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd ping 192.168.1.88 got result: [root@oscontroller ~]# tcpdump -i eth0.20 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0.20, link-type EN10MB (Ethernet), capture size 65535 bytes 06:00:37.865883 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28 06:00:38.868298 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28 06:00:39.870297 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28 06:00:41.866485 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28 Qst 2: This result look like miss qr-xxxxxxxx ? is it correct? [root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 17: qg-2d2fa214-e7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether fa:16:3e:3a:df:92 brd ff:ff:ff:ff:ff:ff inet 192.168.1.201/24 brd 192.168.1.255 scope global qg-2d2fa214-e7 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe3a:df92/64 scope link valid_lft forever preferred_lft forever help me please, I have try to resolve this for two weeks... To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1623460/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
