openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #21339
Re: [essex vlan]cannot ping vm on other compute node
Try these commands:
Conf term
Vlan 105
State active
George
-----Original Message-----
From: openstack-bounces+george.mihaiescu=q9.com@xxxxxxxxxxxxxxxxxxx [mailto:openstack-bounces+george.mihaiescu=q9.com@xxxxxxxxxxxxxxxxxxx] On Behalf Of Ajiva Fan
Sent: Wednesday, February 27, 2013 5:23 AM
To: Salvatore Orlando
Cc: openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] [essex vlan]cannot ping vm on other compute node
thanks you for reply
special thanks to Aaron Rosen
the situation is that:
1) openstack is in vlan mode
2) switcher is in trunk mode, all vlan id is allowed
3) vlan in switcher's allowed list, active list and (not pruned) list
can communicate with each other. vlan only in allowed list but not in
the other two list is isolated
4) i tried the way which is from official site guide to set pruned
list but it does not work, the switcher just ignore the prune command
and hold the original config ( i will ask our network administrator
and find more help from cisco site )
now i think openstack is running fine ( at least from my point of view)
and i think swither trunk port is running basically correct
here is my env:
switcher port {22,23}
sw-31#show interfaces fastEthernet 0/22 trunk
Port Mode Encapsulation Status Native vlan
Fa0/22 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/22 1-4094
Port Vlans allowed and active in management domain
Fa0/22 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001
Port Vlans in spanning tree forwarding state and not pruned
Fa0/22 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001
from openstack control node terminal:
# nova-manage network create --label admin-network-01
--fixed_range_v4=10.0.12.0/24 --vlan=105 --project_id=<admin_id>
# nova-manage network create --label admin-network-02
--fixed_range_v4=10.0.13.0/24 --vlan=101 --project_id=<admin_id>
# nova boot --image cirros --flavor 1 --availability_zone nova:control test01
# nova boot --image cirros --flavor 1 --availability_zone nova:compute test02
now test01 and test02 get two vlan ip addr, and control node and
compute node get two bridge
NOTE: *** vlan101 *** is in switcher's active list and "spanning tree
forwarding state and not pruned" list, but vlan105 is not, vlan105
just in allowed list
control node:
br105 10.0.12.6
br101 10.0.13.6
compute node
br105 10.0.12.4
br101 10.0.13.4
from control node i can ping 10.0.13.4 but cannot ping 10.0.12.4
so the root cause may be the active list and the pruned list of switcher
is there any one meet such problem?
maybe i'm fool or i'm just fooled by some odd issue
please help me
On 2/27/13, Salvatore Orlando <sorlando@xxxxxxxxxx> wrote:
> I'm not sure I followed the thread correctly from the beginning, but I
> read that you have configured you NIC for private VM networking, in
> VLAN mode, on VLAN 105.
> Is that correct?
>
> In general trunking all your switch ports used for VM networking will
> save you the hassle of adding the VLANs you are using in your setup
> one by one.
> Also, there's quite a difference between VLAN access mode and trunk
> mode. I rarely use Cisco switches, but when I do I always put them in
> trunk mode explicitly.
> The list of allowed vlan is a sort of filter that you apply on a trunk
> port. So perhaps you might want to put all your ports in trunk mode
> and use the vlan range defined in nova.conf as allowed vlan list.
>
> Salvatore
>
> On 27 February 2013 10:18, Ajiva Fan <aji.zqfan@xxxxxxxxx> wrote:
>> thank you very much.
>>
>> actullaly, i have already try these command yesterday, it does not work.
>>
>> currently, i find that vlan id in active list and not pruned list can
>> be passed by switcher, vlan id not in the two list cannot will be
>> droped even they are in allowed list.....
>> but the network administrator (and the internet pages) tells me that
>> if vlan is in allowed list, it can go through trunk mode port.....
>>
>>
>>
>>
>> there is some hardware info may not be useful, but i list it here,
>> hope it will help someone else.
>> cisco catalyst 2950 switcher only hava
>> """sw-31(config)#interface gigabitEthernet 0/2?
>> . : <0-2> """
>> so i just operate on fastEthernet 0/22
>> """sw-31(config)#interface fastEthernet 0/22?
>> . : <0-24> """
>> and 2950 defaultly
>> 1)allowed all vlan id on trunk mode
>> 2)only support 802.1q on trunk mode
>> so the following commands:
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan 1-4094
>> will not work.
>>
>>
>> On 2/27/13, Aaron Rosen <arosen@xxxxxxxxxx> wrote:
>>> Perhaps:
>>>
>>> interface gigbbit 0/22
>>> switchport mode trunk
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan 1-4094
>>> interface gigbbit 0/23
>>> switchport mode trunk
>>> switchport trunk encapsulation dot1q
>>> switchport trunk allowed vlan 1-4094
>>>
>>>
>>>
>>> On Wed, Feb 27, 2013 at 12:02 AM, Ajiva Fan <aji.zqfan@xxxxxxxxx> wrote:
>>>>
>>>> since i notice that in switcher:
>>>> sw-31>show interface fastEthernet 0/22 trunk
>>>>
>>>> Port Mode Encapsulation Status Native vlan
>>>> Fa0/22 on 802.1q trunking 1
>>>>
>>>> Port Vlans allowed on trunk
>>>> Fa0/22 1-4094
>>>>
>>>> Port Vlans allowed and active in management domain
>>>> Fa0/22
>>>> 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001
>>>>
>>>> Port Vlans in spanning tree forwarding state and not pruned
>>>> Fa0/22
>>>> 1,5,7,10-12,16,18-21,27,30,40,50,60,80,88,96,100-101,123,160,192,302-303,600,602,700,800,1000-1001
>>>>
>>>> the vlan 5 is active in management domain but 105 is not, so i try the
>>>> same workflow as before but change vlan id 5 to 110, ping gets no
>>>> reply as vlan105
>>>>
>>>> so may be i should add vlan105 to active list ? sorry i'm a green hand
>>>> to switcher and got confused.
>>>> 1) what the different between the allowd list and active list
>>>> 2) if i should add active list manually, so does the cloud admin, if
>>>> he create a vlan for a tenant, he should add to switcher active list
>>>> too? is there any way automatically recoginize the vlan tag and allow
>>>> it pass?
>>>> maybe add a range to active list, for example, 100-4000? it's
>>>> ugly......
>>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : openstack@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
Follow ups
References