That doesn't sound right. The instance didn't receive an address from
the DHCP server, this might be caused connectivity issue between the
network and compute node on the tenant network that you created.
Regarding the public side of the router you could check what ip
addresses are set in the namespace by ip a and eventually running
tcpdump from inside the namespace to see what traffic is reaching the
public facing interface. The connection refused message means that the
ip address is set on an interface on the network but it's not binding
on the ports you're trying to reach. My guess is that it's either set
on the on the public interface in the router namespace or it's
configured on some other host in the network.
On Wed, Feb 17, 2016 at 9:14 AM, Ashraf Hassan <asma2103(a)yahoo.com> wrote:
I have changed bridge_mappings to :
bridge_mappings = physnet1:br-eno33559296, external:br-ex
I added type flat in ml2_conf.ini:
type_drivers = vlan,flat
Restarted neutron:
#openstack-service restart neutron
I deleted the old network, and created one as follow:
(keystone_admin)]# neutron net-create public --router:external True
--provider:physical_network external --provider:network_type flat
I created a subnet in this network.
I enabled promiscuous mode on Vmware vswitches
I enabled ALL vlans on the internal interfaces eno33559296
And from the tenant:
I recreated the router and instance.
Now I am pinging the router port, and the DHCP port, and the instance port even when the
instance is down, but when I try to make ssh or http it says connection refused :-(
Here is the nova log for the new instance:
http://pastebin.com/QYM9W3cH
-----Original Message-----
From: Marius Cornea [mailto:marius@remote-lab.net]
Sent: Tuesday, 16 February 2016 11:24 PM
To: Ashraf Hassan <asma2103(a)yahoo.com>
Cc: rdo-list <rdo-list(a)redhat.com>
Subject: Re: [Rdo-list] My router GWY is down and can not allocate floating IP
On Tue, Feb 16, 2016 at 10:19 PM, Ashraf Hassan <asma2103(a)yahoo.com> wrote:
>
> Can you run those commands on the network node itself, not from the namespace?
> Sorry for that here are they:
http://pastebin.com/BwdcFRY0 And here
> they from the other node:
http://pastebin.com/gk836Rxc
So if I understand it right you can reach the router via br-ex interface as it's got
the 10.254.102.124/24 address, it's in the same subnet. Now this is untagged traffic
so it's not working as expected since you created the public network as a vlan network
with vlan id 10.
This actually leads me to believe that you might better create a flat network that uses
br-ex for the public network. In order to do this you can set bridge_mappings
=physnet1:br-eno33559296, external:br-ex in ovs_neutron_plugin.ini and then recreate the
public network with flat provider:network_type and external provider:physical_network
> So physnet1 is mapped to br-eno33559296. Is the switch port where
> eno33559296 is connected configured properly? It should be set up as trunk, the vlans
that you wish to use should be defined and allowed on that port.
> It is virtual vmware switch where I assigned a single vlan, so I doubt it is a trunk,
but I can change it to vlan id 4095 (any vlan) would that help?
Probably yes. The vmware switch also has some security features that block traffic which
is not originated from the VM itself. Make sure you accept promiscous mode, mac address
changes and forged retransmits. Please see
https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere....
>
> As Dan mentioned before, try recreating the networks as well.
> Do you mean recreating the public network in neutron? I did that
> before a couple of times
Yes, it's needed due to the external_network_bridge change.
> -----Original Message-----
> From: Marius Cornea [mailto:marius@remote-lab.net]
> Sent: Tuesday, 16 February 2016 10:09 PM
> To: Ashraf Hassan <asma2103(a)yahoo.com>
> Cc: rdo-list <rdo-list(a)redhat.com>
> Subject: Re: [Rdo-list] My router GWY is down and can not allocate
> floating IP
>
> On Tue, Feb 16, 2016 at 9:54 PM, Ashraf Hassan <asma2103(a)yahoo.com> wrote:
>> OK, can you please paste the output of 'ip a', 'ip r' and
'ovs-vsctl show' on the network node? Just to make sure I get it right - you are
able to ping 10.254.102.130 from the network node?
>> Ip a:
http://pastebin.com/vR50YCUL
>> Ip r:
http://pastebin.com/4FRv7hsD
>
> Can you run those commands on the network node itself, not from the namespace?
>
>> Ovs-vsctl:
http://pastebin.com/yHUrvhzp Yes I can ping 10.254.102.130
>> from network node.
>>
>> Check the nova console-log $instance_name cli command or the Log tab
>> in Horizon Here is nova console log:
http://pastebin.com/pF3fxxaE
>
> It looks like the instance didn't get an ip address via dhcp which could indicate
a connectivity issue between the compute node and the network node on vlan 15.
>
>> Check then /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
>> Here is it:
http://pastebin.com/Wnyu2ixA
>
> So physnet1 is mapped to br-eno33559296. Is the switch port where
> eno33559296 is connected configured properly? It should be set up as trunk, the vlans
that you wish to use should be defined and allowed on that port.
>
>> Try setting external_network_bridge = I have change "
>> external_network_bridge = br-ex" to " external_network_bridge = "
and restarted neutron "openstack-service restart neutron" but still the problem
there, shall I resturn it back?
>>
>
> As Dan mentioned before, try recreating the networks as well.
>
>>
>> -----Original Message-----
>> From: Marius Cornea [mailto:marius@remote-lab.net]
>> Sent: Tuesday, 16 February 2016 9:34 PM
>> To: Ashraf Hassan <asma2103(a)yahoo.com>
>> Cc: rdo-list <rdo-list(a)redhat.com>
>> Subject: Re: [Rdo-list] My router GWY is down and can not allocate
>> floating IP
>>
>> On Tue, Feb 16, 2016 at 9:22 PM, Ashraf Hassan <asma2103(a)yahoo.com> wrote:
>>> Hi Marius,
>>> Thank you for your help, but I believe now I have seriously wrong stuff
but I am still not able to figure it out :-(
>>> 1. Check if you can reach the router's public IP
>>>
>>> --> I can reach the router public IP only from the network node, but not
from any other node even in the same public subnet.
>>
>> OK, can you please paste the output of 'ip a', 'ip r' and
'ovs-vsctl show' on the network node? Just to make sure I get it right - you are
able to ping 10.254.102.130 from the network node?
>>
>>> 2. Check if you can reach the the default gateway from the router
namespace:
>>> ip netns exec qrouter-2d9b71f1-6e54-4a05-a0fb-0680233d6dea ip a ip
>>> netns exec qrouter-2d9b71f1-6e54-4a05-a0fb-0680233d6dea ip r ip
>>> netns exec qrouter-2d9b71f1-6e54-4a05-a0fb-0680233d6dea ping 10.254.102.1
>>> --> Here is the output of the commands:
http://pastebin.com/SAPpUXUV
>>>
>>> 3. Do you want to enable dhcp on the public subnet?
>>> --> Yes I want so.
>>>
>>> Second, check the instance log if it received an IP address via dhcp and it
was able to reach the metadata server. You should be able to see this via nova console-log
or in Horizon.
>>> --> I do not have console.log, I have only these files:
>>> nova-api.log nova-cert.log nova-compute.log nova-conductor.log
>>> nova-consoleauth.log nova-manage.log nova-novncproxy.log
>>> nova-scheduler.log
>>
>> Check the nova console-log $instance_name cli command or the Log tab
>> in Horizon
>>
>>> But I attach you a photo from the Horizon
>>>
>>> Since you are using vlan networks you should check that the
/etc/neutron/plugins/ml2/openvswitch_agent.ini contains the correct bridge_mappings -
physnet1 is mapped to the bridge that contains the physical nic where vlans 10,15 are
passed through.
>>> --> I do not have this file, here the list of files in the plugins
>>> --> directory:
http://pastebin.com/EMTzehnh
>>
>> Check then /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini
>>
>>> Also check that external_network_bridge is set to an empty value
>>> in /etc/neutron/l3_agent.ini
>>> --> Here is the content of the file, I do not anything wrong:
>>> -->
http://pastebin.com/nAiEnaTs
>>
>> Try setting external_network_bridge =
>>
>>> Here is a guide on how to deploy Neutron with an existing external network,
hope it helps:
>>>
https://www.rdoproject.org/networking/neutron-with-existing-external
>>> -
>>> n
>>> etwork/
>>> --> I believe there is something wrong in the installation, but I can not
figure out what I did wrong that I am missing the file
/etc/neutron/plugins/ml2/openvswitch_agent.ini!!!
>>>
>>> -----Original Message-----
>>> From: Marius Cornea [mailto:marius@remote-lab.net]
>>> Sent: Tuesday, 16 February 2016 8:18 PM
>>> To: Ashraf Hassan <asma2103(a)yahoo.com>
>>> Cc: rdo-list <rdo-list(a)redhat.com>
>>> Subject: Re: [Rdo-list] My router GWY is down and can not allocate
>>> floating IP
>>>
>>> Hi,
>>>
>>> There are a couple of things that you can check:
>>>
>>> First, let's see if the public facing connectivity to the router is
working properly:
>>>
>>> 1. Check if you can reach the router's public IP 2. Check if you can
reach the the default gateway from the router namespace:
>>> ip netns exec qrouter-2d9b71f1-6e54-4a05-a0fb-0680233d6dea ip a ip netns exec
qrouter-2d9b71f1-6e54-4a05-a0fb-0680233d6dea ip r ip netns exec
qrouter-2d9b71f1-6e54-4a05-a0fb-0680233d6dea ping 10.254.102.1 3. Do you want to enable
dhcp on the public subnet?
>>>
>>> Second, check the instance log if it received an IP address via dhcp and it
was able to reach the metadata server. You should be able to see this via nova console-log
or in Horizon.
>>>
>>> Since you are using vlan networks you should check that the
>>> /etc/neutron/plugins/ml2/openvswitch_agent.ini contains the correct
>>> bridge_mappings - physnet1 is mapped to the bridge that contains the
>>> physical nic where vlans 10,15 are passed through. Also check that
>>> external_network_bridge is set to an empty value in
>>> /etc/neutron/l3_agent.ini
>>>
>>> Here is a guide on how to deploy Neutron with an existing external network,
hope it helps:
>>>
https://www.rdoproject.org/networking/neutron-with-existing-external
>>> -
>>> n
>>> etwork/
>>>
>>> Thanks,
>>> Marius
>>>
>>> On Tue, Feb 16, 2016 at 4:38 PM, Ashraf Hassan <asma2103(a)yahoo.com>
wrote:
>>>> Hi All,
>>>>
>>>> I found the problem, it was mistake, I forgot totally the
>>>> DHCP agent requires an IP, now I am using a bigger pool, I can
>>>> assign a floating IP, the router public interface is up.
>>>>
>>>> Unfortunately I cannot reach the instance, and of course I
>>>> cannot login from the console to see what is in the instance
>>>> because I do not have the default cloud-user password.
>>>>
>>>> Can someone guide me how to solve it?
>>>>
>>>> For neutron and nova checks:
http://pastebin.com/sxndErDC
>>>>
>>>> For troubleshooting to reach the instance:
>>>>
http://pastebin.com/KTtQ2DFw
>>>>
>>>> IFCFG for external interface on Controller (network node):
>>>>
http://pastebin.com/10MRZiM9
>>>>
>>>> IFCFG for external bridge on Controller (network node):
>>>>
http://pastebin.com/RsXb7wXH
>>>>
>>>> IFCFG for internal interface on Controller (network node):
>>>>
http://pastebin.com/jRKRSnc7
>>>>
>>>> IFCFG for internal bridge on Controller (network node):
>>>>
http://pastebin.com/sdNnsi85
>>>>
>>>> Output of ovs-vsctl show:
http://pastebin.com/agy1FxDx
>>>>
>>>>
>>>>
>>>> Can someone guide me how to solve the problem?
>>>>
>>>>
>>>> _______________________________________________
>>>> Rdo-list mailing list
>>>> Rdo-list(a)redhat.com
>>>>
https://www.redhat.com/mailman/listinfo/rdo-list
>>>>
>>>> To unsubscribe: rdo-list-unsubscribe(a)redhat.com
>>
>