yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #56507
[Bug 1623460] [NEW] can not ping neutron network from external network
Public bug reported:
After deploy openstack using kolla on three compute, I create neutron
network successfully, but I can not ping the network from external
network.
because I have only one NIC, so I create a VLAN: eth0.20,
neutron_external_interface: "eth0.20".
if I assign a floating ip to an instance, It's error:
External network ce554e2f-bc0d-47bc-95f4-6b9f9d2202ef is not reachable from subnet 9fe487c3-46b3-486e-ac14-60d03590792d. Therefore, cannot associate Port e23daebe-16d1-4189-a194-242fcd73e5ab with a Floating IP. Neutron server returns request_ids: ['req-184ca305-8af6-4671-aaea-494232c87abd']
for more information, I upload two images on github, please open:
https://raw.githubusercontent.com/greatbsky/openstack/master/1.png
https://raw.githubusercontent.com/greatbsky/openstack/master/2.png
[root@oscontroller ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:82ff:fe43:b91f prefixlen 64 scopeid 0x20<link>
ether 02:42:82:43:b9:1f txqueuelen 0 (Ethernet)
RX packets 8 bytes 536 (536.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9 bytes 690 (690.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.61 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link>
ether 00:e0:66:85:6b:24 txqueuelen 1000 (Ethernet)
RX packets 374 bytes 32803 (32.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 212 bytes 22583 (22.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.61 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link>
ether 00:e0:66:85:6b:24 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 858 (858.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0.20: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.61 netmask 255.255.255.0 broadcast 192.168.20.255
inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link>
ether 00:e0:66:85:6b:24 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 732 (732.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 14 bytes 1210 (1.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 1210 (1.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth4575b33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a415:6eff:fefd:7d1b prefixlen 64 scopeid 0x20<link>
ether a6:15:6e:fd:7d:1b txqueuelen 0 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 17 bytes 1338 (1.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@oscontroller ~]# ovs-vsctl show
037a5215-0ba6-42db-96dc-865448a2ca07
Bridge br-tun
fail_mode: secure
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port br-tun
Interface br-tun
type: internal
Port "vxlan-c0a8015c"
Interface "vxlan-c0a8015c"
type: vxlan
options: {df_default="true", in_key=flow, local_ip="192.168.1.61", out_key=flow, remote_ip="192.168.1.92"}
Bridge br-ex
Port br-ex
Interface br-ex
type: internal
Port "eth0.20"
Interface "eth0.20"
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Bridge br-int
fail_mode: secure
Port "qg-4e2a1631-ff"
tag: 6
Interface "qg-4e2a1631-ff"
type: internal
Port "tap629b3552-d2"
tag: 6
Interface "tap629b3552-d2"
type: internal
Port "qg-ba3451ef-a2"
tag: 2
Interface "qg-ba3451ef-a2"
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Port "tap21939cfb-56"
tag: 1
Interface "tap21939cfb-56"
type: internal
Port br-int
Interface br-int
type: internal
Port "qr-5b332ba0-1f"
tag: 1
Interface "qr-5b332ba0-1f"
type: internal
[root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-2d2fa214-e7 ! -o qg-2d2fa214-e7 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -o qg-2d2fa214-e7 -j SNAT --to-source 192.168.1.201
-A neutron-l3-agent-snat -m mark ! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source 192.168.1.201
-A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat
-----------------------------------------
Qst 1:
I ping gateway qg-2d2fa214-e7 ip 192.168.1.201, tcpdump -i eth0.20 got nothing, bug if execute
[root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd ping 192.168.1.88
got result:
[root@oscontroller ~]# tcpdump -i eth0.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.20, link-type EN10MB (Ethernet), capture size 65535 bytes
06:00:37.865883 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28
06:00:38.868298 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28
06:00:39.870297 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28
06:00:41.866485 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28
Qst 2:
This result look like miss qr-xxxxxxxx ? is it correct?
[root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
17: qg-2d2fa214-e7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:3a:df:92 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.201/24 brd 192.168.1.255 scope global qg-2d2fa214-e7
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe3a:df92/64 scope link
valid_lft forever preferred_lft forever
help me please, I have try to resolve this for two weeks...
** Affects: neutron
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1623460
Title:
can not ping neutron network from external network
Status in neutron:
New
Bug description:
After deploy openstack using kolla on three compute, I create neutron
network successfully, but I can not ping the network from external
network.
because I have only one NIC, so I create a VLAN: eth0.20,
neutron_external_interface: "eth0.20".
if I assign a floating ip to an instance, It's error:
External network ce554e2f-bc0d-47bc-95f4-6b9f9d2202ef is not reachable from subnet 9fe487c3-46b3-486e-ac14-60d03590792d. Therefore, cannot associate Port e23daebe-16d1-4189-a194-242fcd73e5ab with a Floating IP. Neutron server returns request_ids: ['req-184ca305-8af6-4671-aaea-494232c87abd']
for more information, I upload two images on github, please open:
https://raw.githubusercontent.com/greatbsky/openstack/master/1.png
https://raw.githubusercontent.com/greatbsky/openstack/master/2.png
[root@oscontroller ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::42:82ff:fe43:b91f prefixlen 64 scopeid 0x20<link>
ether 02:42:82:43:b9:1f txqueuelen 0 (Ethernet)
RX packets 8 bytes 536 (536.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9 bytes 690 (690.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.61 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link>
ether 00:e0:66:85:6b:24 txqueuelen 1000 (Ethernet)
RX packets 374 bytes 32803 (32.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 212 bytes 22583 (22.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.61 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link>
ether 00:e0:66:85:6b:24 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 858 (858.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0.20: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.20.61 netmask 255.255.255.0 broadcast 192.168.20.255
inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link>
ether 00:e0:66:85:6b:24 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 10 bytes 732 (732.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 14 bytes 1210 (1.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 1210 (1.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth4575b33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a415:6eff:fefd:7d1b prefixlen 64 scopeid 0x20<link>
ether a6:15:6e:fd:7d:1b txqueuelen 0 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 17 bytes 1338 (1.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@oscontroller ~]# ovs-vsctl show
037a5215-0ba6-42db-96dc-865448a2ca07
Bridge br-tun
fail_mode: secure
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port br-tun
Interface br-tun
type: internal
Port "vxlan-c0a8015c"
Interface "vxlan-c0a8015c"
type: vxlan
options: {df_default="true", in_key=flow, local_ip="192.168.1.61", out_key=flow, remote_ip="192.168.1.92"}
Bridge br-ex
Port br-ex
Interface br-ex
type: internal
Port "eth0.20"
Interface "eth0.20"
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Bridge br-int
fail_mode: secure
Port "qg-4e2a1631-ff"
tag: 6
Interface "qg-4e2a1631-ff"
type: internal
Port "tap629b3552-d2"
tag: 6
Interface "tap629b3552-d2"
type: internal
Port "qg-ba3451ef-a2"
tag: 2
Interface "qg-ba3451ef-a2"
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Port "tap21939cfb-56"
tag: 1
Interface "tap21939cfb-56"
type: internal
Port br-int
Interface br-int
type: internal
Port "qr-5b332ba0-1f"
tag: 1
Interface "qr-5b332ba0-1f"
type: internal
[root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-2d2fa214-e7 ! -o qg-2d2fa214-e7 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -o qg-2d2fa214-e7 -j SNAT --to-source 192.168.1.201
-A neutron-l3-agent-snat -m mark ! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source 192.168.1.201
-A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat
-----------------------------------------
Qst 1:
I ping gateway qg-2d2fa214-e7 ip 192.168.1.201, tcpdump -i eth0.20 got nothing, bug if execute
[root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd ping 192.168.1.88
got result:
[root@oscontroller ~]# tcpdump -i eth0.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.20, link-type EN10MB (Ethernet), capture size 65535 bytes
06:00:37.865883 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28
06:00:38.868298 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28
06:00:39.870297 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28
06:00:41.866485 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28
Qst 2:
This result look like miss qr-xxxxxxxx ? is it correct?
[root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
17: qg-2d2fa214-e7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:3a:df:92 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.201/24 brd 192.168.1.255 scope global qg-2d2fa214-e7
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe3a:df92/64 scope link
valid_lft forever preferred_lft forever
help me please, I have try to resolve this for two weeks...
To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1623460/+subscriptions
Follow ups