[Rdo-list] [Grizzly] Network problem with Quantum + Openvswitch + Vlan
Gary Kotton
gkotton at redhat.com
Sun Apr 28 07:32:44 UTC 2013
Hi,
Can you also please check that firewall_driver =
quantum.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver is
configured in plugin.ini file.And security_group_api = quantum is set in
nova.conf
Thanks
Gary
On 04/28/2013 10:21 AM, Gary Kotton wrote:
> On 04/28/2013 10:16 AM, Zhang, Kimi (NSN - CN/Cheng Du) wrote:
>>
>> Hi, Gary
>>
>> I tried to disable iptables on both network and compute nodes, still
>> does not work out L
>>
>
> Can you please look at
> https://docs.google.com/drawings/d/1wax2Nlk-LRJeOXwF_6X9L05cAf9HKl2FI_0B51rG4XE/edit?usp=sharing
>
> When using the OVS there are a number of devices. Would it be possible
> that you try and capture on each device so that we can try and see
> where the packet is discarded.
>
> I will have a setup ready in about an hour.
>
>> From quantum openvswitch agent logs, following messages keeps coming
>> out repeatly every 2-3 seconds, not sure if they matter or not?
>>
>
> The messages below are OK - this is how the OVS agent works. It polls
> the OVS every interval to check if new ports are created.
>
>> 2013-04-28 15:15:39 DEBUG [quantum.openstack.common.rpc.amqp]
>> Making synchronous call on q-plugin ...
>>
>> 2013-04-28 15:15:39 DEBUG [quantum.openstack.common.rpc.amqp]
>> MSG_ID is 92f4e83cf92c46f1b9304c879f9b7a41
>>
>> 2013-04-28 15:15:39 DEBUG [quantum.openstack.common.rpc.amqp]
>> UNIQUE_ID is b27f9545ca9d4745961ac574abdc103b.
>>
>> 2013-04-28 15:15:40 DEBUG [quantum.agent.linux.utils] Running
>> command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'list-ports', 'br-int']
>>
>> 2013-04-28 15:15:40 DEBUG [quantum.agent.linux.utils]
>>
>> Command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'list-ports', 'br-int']
>>
>> Exit code: 0
>>
>> Stdout: 'int-br-p3p1\n'
>>
>> Stderr: ''
>>
>> 2013-04-28 15:15:40 DEBUG [quantum.agent.linux.utils] Running
>> command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'int-br-p3p1',
>> 'external_ids']
>>
>> 2013-04-28 15:15:41 DEBUG [quantum.agent.linux.utils]
>>
>> Command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'int-br-p3p1',
>> 'external_ids']
>>
>> Exit code: 0
>>
>> Stdout: '{}\n'
>>
>> Stderr: ''
>>
>> 2013-04-28 15:15:42 DEBUG [quantum.agent.linux.utils] Running
>> command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'list-ports', 'br-int']
>>
>> 2013-04-28 15:15:42 DEBUG [quantum.agent.linux.utils] Running
>> command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'list-ports', 'br-int']
>>
>> 2013-04-28 15:15:42 DEBUG [quantum.agent.linux.utils]
>>
>> Command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'list-ports', 'br-int']
>>
>> Exit code: 0
>>
>> Stdout: 'int-br-p3p1\n'
>>
>> Stderr: ''
>>
>> 2013-04-28 15:15:42 DEBUG [quantum.agent.linux.utils] Running
>> command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'int-br-p3p1',
>> 'external_ids']
>>
>> 2013-04-28 15:15:42 DEBUG [quantum.agent.linux.utils]
>>
>> Command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'list-ports', 'br-int']
>>
>> Exit code: 0
>>
>> Stdout: 'int-br-p3p1\n'
>>
>> Stderr: ''
>>
>> 2013-04-28 15:15:42 DEBUG [quantum.agent.linux.utils] Running
>> command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'int-br-p3p1',
>> 'external_ids']
>>
>> 2013-04-28 15:15:43 DEBUG [quantum.agent.linux.utils]
>>
>> Command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'int-br-p3p1',
>> 'external_ids']
>>
>> Exit code: 0
>>
>> Stdout: '{}\n'
>>
>> Stderr: ''
>>
>> 2013-04-28 15:15:43 DEBUG [quantum.agent.linux.utils]
>>
>> Command: ['sudo', 'quantum-rootwrap', '/etc/quantum/rootwrap.conf',
>> 'ovs-vsctl', '--timeout=2', 'get', 'Interface', 'int-br-p3p1',
>> 'external_ids']
>>
>> Exit code: 0
>>
>> Stdout: '{}\n'
>>
>> Stderr: ''
>>
>> Regards,
>>
>> Kimi Zhang
>>
>> MP: +86 186 0800 8182
>>
>> Call me(NCS): sip:+86018608008182
>>
>> *From:*ext Gary Kotton [mailto:gkotton at redhat.com]
>> *Sent:* Sunday, April 28, 2013 3:08 PM
>> *To:* Zhang, Kimi (NSN - CN/Cheng Du)
>> *Cc:* rdo-list at redhat.com
>> *Subject:* Re: [Rdo-list] [Grizzly] Network problem with Quantum +
>> Openvswitch + Vlan
>>
>> On 04/28/2013 10:04 AM, Zhang, Kimi (NSN - CN/Cheng Du) wrote:
>>
>> I tried that too, no lucky.
>>
>> From tcpdump ,it seems br-int does not forward any packet to
>> interfaces connect to br-p3p1, which connects to physical network...
>>
>>
>> There could be a number of issues here:
>> 1. The iptables are dropping the traffic (I am in the process of
>> getting a setup up and running)
>> 2. The network connectivity
>>
>> In order to ensure that it is not the first one can you try and see
>> which iptables rules are matched or disable the iptables?
>>
>>
>> Regards,
>>
>> Kimi Zhang
>>
>> MP: +86 186 0800 8182
>>
>> Call me(NCS): sip:+86018608008182
>>
>> *From:*ext Gary Kotton [mailto:gkotton at redhat.com]
>> *Sent:* Sunday, April 28, 2013 3:01 PM
>> *To:* Zhang, Kimi (NSN - CN/Cheng Du)
>> *Cc:* rdo-list at redhat.com <mailto:rdo-list at redhat.com>
>> *Subject:* Re: [Rdo-list] [Grizzly] Network problem with Quantum +
>> Openvswitch + Vlan
>>
>> On 04/28/2013 09:54 AM, Zhang, Kimi (NSN - CN/Cheng Du) wrote:
>>
>> Hi, Gary
>>
>> Yes, I'm aware of that packstack does not support quantum yet. The
>> whole setup was installed manually.
>>
>> I did run quantum-server-setup and quantum-host-setup, I tried
>> linuxbridge plugin too, it has no issue for VM to get IP address, but
>> openvswitch has issues on this...
>>
>>
>> ok.
>>
>> if you configure and IP address manually on the VM are you able to
>> ping the port of the DHCP agent?
>>
>> you can get the IP from quantum port-list
>>
>>
>>
>>
>> Regards,
>>
>> Kimi
>>
>> *From:*rdo-list-bounces at redhat.com
>> <mailto:rdo-list-bounces at redhat.com>
>> [mailto:rdo-list-bounces at redhat.com] *On Behalf Of *ext Gary Kotton
>> *Sent:* Sunday, April 28, 2013 2:50 PM
>> *To:* rdo-list at redhat.com <mailto:rdo-list at redhat.com>
>> *Subject:* Re: [Rdo-list] [Grizzly] Network problem with Quantum +
>> Openvswitch + Vlan
>>
>> Hi Kimi,
>> Thanks for the mail. Please see the inline comments below. Please
>> note that at the moment we do not have packstack support for Quantum
>> so there is a little manual plumbing that needs to be done (not sure
>> if you have done this already).
>> On the host where the quantum service is running you need to run
>> quantum-server-setup and on the compute nodes you need to run
>> quantum-host-setup (please note that the relevant keystone
>> credentials need to be set too).
>> Thanks
>> Gary
>>
>> On 04/28/2013 09:38 AM, Zhang, Kimi (NSN - CN/Cheng Du) wrote:
>>
>> converted from rtf
>>
>> When I start VM instance, the VM can't get IP address. Could someone
>> help me on this ?
>>
>>
>> I will try
>>
>>
>>
>> 3 nodes Setup with RHEL 6.4 OS + rdo grizzly repository.
>>
>> ·Controller node:
>>
>> Services: Keystone+Glance+Cinder+Quantum server + Nova services
>>
>> Network: bond0(10.68.125.11 for O&M)
>>
>> ·Network node:
>>
>> Services: quantum-openvswitch-agent, quantum-l3-agent,
>> quantum-dhcp-agent, quantum-metadata-agent
>>
>> Network: bond0(10.68.125.15 for O&M) , p3p1 for VM internal network,
>> p3p2 for external network
>>
>>
>> Please note that RHEL currently does not support namespaces so there
>> are a number of limitations. We are addressing this at the moment. If
>> namespaces are not used then it is suggested that one does not run
>> the DHCP agent and the L3 agent on the same host. The reason for this
>> is that there is no network isolation.
>>
>>
>>
>>
>> ·Compute node:
>>
>> Services: nove-compute and quantum-openvswitch-agent
>>
>> Network: bond0(10.68.125.16 for O&M), p3p1 for VM internal network
>>
>> ·Switch setup tagging for vlan 1000-2999 for p3p1 ports(VM network)
>> of network and compute nodes.
>>
>> 1.Quantum.conf:
>>
>> [DEFAULT]
>>
>> debug = True
>>
>> verbose = True
>>
>> lock_path = $state_path/lock
>>
>> bind_host = 0.0.0.0
>>
>> bind_port = 9696
>>
>> core_plugin =
>> quantum.plugins.openvswitch.ovs_quantum_plugin.OVSQuantumPluginV2
>>
>> api_paste_config = api-paste.ini
>>
>> rpc_backend = quantum.openstack.common.rpc.impl_kombu
>>
>>
>> Are you using rabbit or qpid?
>>
>>
>>
>>
>> control_exchange = quantum
>>
>> rabbit_host = 10.68.125.11
>>
>> notification_driver = quantum.openstack.common.notifier.rpc_notifier
>>
>> default_notification_level = INFO
>>
>> notification_topics = notifications
>>
>> [QUOTAS]
>>
>> [DEFAULT_SERVICETYPE]
>>
>> [AGENT]
>>
>> polling_interval = 2
>>
>> root_helper = sudo quantum-rootwrap /etc/quantum/rootwrap.conf
>>
>> [keystone_authtoken]
>>
>> auth_host = 10.68.125.11
>>
>> auth_port = 35357
>>
>> auth_protocol = http
>>
>> signing_dir = /var/lib/quantum/keystone-signing
>>
>> admin_tenant_name = service
>>
>> admin_user = quantum
>>
>> admin_password = password
>>
>> 2.ovs_quantum_plugin.ini
>>
>> [DATABASE]
>>
>> sql_connection =
>> mysql://quantum:quantum@10.68.125.11:3306/ovs_quantum
>> <mailto:mysql://quantum:quantum@10.68.125.11:3306/ovs_quantum>
>>
>> reconnect_interval = 2
>>
>> [OVS]
>>
>> tenant_network_type = vlan
>>
>> network_vlan_ranges = physnet1:1000:2999
>>
>> bridge_mappings = physnet1:br-p3p1
>>
>> [AGENT]
>>
>> polling_interval = 2
>>
>> [SECURITYGROUP]
>>
>> 3.nova.conf
>>
>> [DEFAULT]
>>
>> verbose=true
>>
>> logdir = /var/log/nova
>>
>> state_path = /var/lib/nova
>>
>> lock_path = /var/lib/nova/tmp
>>
>> volumes_dir = /etc/nova/volumes
>>
>> dhcpbridge = /usr/bin/nova-dhcpbridge
>>
>> dhcpbridge_flagfile = /etc/nova/nova.conf
>>
>> force_dhcp_release = True
>>
>> injected_network_template = /usr/share/nova/interfaces.template
>>
>> libvirt_nonblocking = True
>>
>> libvirt_inject_partition = -1
>>
>> network_manager = nova.network.manager.FlatDHCPManager
>>
>> iscsi_helper = tgtadm
>>
>> compute_driver = libvirt.LibvirtDriver
>>
>> libvirt_type=kvm
>>
>> libvirt_ovs_bridge=br-int
>>
>> firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
>>
>> manager=nova.conductor.manager.ConductorManager
>>
>> rpc_backend = nova.openstack.common.rpc.impl_kombu
>>
>> rabbit_host = 10.68.125.11
>>
>> rootwrap_config = /etc/nova/rootwrap.conf
>>
>> use_deprecated_auth=false
>>
>> auth_strategy=keystone
>>
>> glance_api_servers=10.68.125.11:9292
>>
>> image_service=nova.image.glance.GlanceImageService
>>
>> novnc_enabled=true
>>
>> novncproxy_base_url=http://10.68.125.11:6080/vnc_auto.html
>>
>> novncproxy_port=6080
>>
>> vncserver_proxyclient_address=10.68.125.16
>>
>> vncserver_listen=0.0.0.0
>>
>> libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
>>
>> libvirt_use_virtio_for_bridges=True
>>
>> network_api_class=nova.network.quantumv2.api.API
>>
>> quantum_url=http://10.68.125.11:9696
>>
>> quantum_auth_strategy=keystone
>>
>> quantum_admin_tenant_name=service
>>
>> quantum_admin_username=quantum
>>
>> quantum_admin_password=password
>>
>> quantum_admin_auth_url=http://10.68.125.11:35357/v2.0
>>
>> linuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriver
>>
>> libvirt_vif_type=ethernet
>>
>> service_quantum_metadata_proxy = True
>>
>> quantum_metadata_proxy_shared_secret = helloOpenStack
>>
>> metadata_host = 10.68.125.11
>>
>> metadata_listen = 0.0.0.0
>>
>> metadata_listen_port = 8775
>>
>> [keystone_authtoken]
>>
>> admin_tenant_name = service
>>
>> admin_user = nova
>>
>> admin_password = password
>>
>> auth_host = 10.68.125.11
>>
>> auth_port = 35357
>>
>> auth_protocol = http
>>
>> signing_dir = /tmp/keystone-signing-nova
>>
>> 4.ovs-vsctl show on network node:
>>
>> aeeb6cf7-271b-405a-aa17-1b95bcd9e301
>>
>> Bridge "br-p3p1"
>>
>> Port "p3p1"
>>
>> Interface "p3p1"
>>
>> Port "phy-br-p3p1"
>>
>> Interface "phy-br-p3p1"
>>
>> Port "br-p3p1"
>>
>> Interface "br-p3p1"
>>
>> type: internal
>>
>> Bridge br-ex
>>
>> Port br-ex
>>
>> Interface br-ex
>>
>> type: internal
>>
>> Port "qg-a83c0abd-f4"
>>
>> Interface "qg-a83c0abd-f4"
>>
>> type: internal
>>
>> Port "p3p2"
>>
>> Interface "p3p2"
>>
>> Bridge br-int
>>
>> Port br-int
>>
>> Interface br-int
>>
>> type: internal
>>
>> Port "int-br-p3p1"
>>
>> Interface "int-br-p3p1"
>>
>> Port "tap1f386a2a-12"
>>
>> tag: 1
>>
>> Interface "tap1f386a2a-12"
>>
>> type: internal
>>
>> ovs_version: "1.9.0"
>>
>> 5.ovs-vsctl show on compute node:
>>
>> 8d6c2637-ff69-4a2d-a7db-e4f181273bc0
>>
>> Bridge "br-p3p1"
>>
>> Port "br-p3p1"
>>
>> Interface "br-p3p1"
>>
>> type: internal
>>
>> Port "phy-br-p3p1"
>>
>> Interface "phy-br-p3p1"
>>
>> Port "p3p1"
>>
>> Interface "p3p1"
>>
>> Bridge br-int
>>
>> Port "qvo56a4572c-dc"
>>
>> tag: 2
>>
>> Interface "qvo56a4572c-dc"
>>
>> Port "int-br-p3p1"
>>
>> Interface "int-br-p3p1"
>>
>> Port br-int
>>
>> Interface br-int
>>
>> type: internal
>>
>> ovs_version: "1.9.0"
>>
>> On compute node, I can see dhcp request packet from tcpdump on
>> qvo56a4572c-dc, but it seems the packet is not forwarded out since I
>> can't see packet from int-br-p3p1 on br-int or any port from br-p3p1.
>>
>>
>> Any chance to get the DHCP and the L3 agent configuration files?
>> Please check that use_namespaces = False in both of these files.
>>
>> Are there any log errors?
>>
>>
>>
>>
>> Thank you!
>>
>> Regards,
>>
>> Kimi
>>
>>
>>
>>
>>
>>
>> _______________________________________________
>> Rdo-list mailing list
>> Rdo-list at redhat.com <mailto:Rdo-list at redhat.com>
>> https://www.redhat.com/mailman/listinfo/rdo-list
>>
>
>
>
> _______________________________________________
> Rdo-list mailing list
> Rdo-list at redhat.com
> https://www.redhat.com/mailman/listinfo/rdo-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rdoproject.org/pipermail/dev/attachments/20130428/40c19777/attachment.html>
More information about the dev
mailing list