kolla

can not ping neutron network from external network

Bug #1623461 reported by greatbsky on 2016-09-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	kolla	Invalid	Medium	Unassigned	kolla newton-rc2 "rc2"

Bug Description

After deploy openstack using kolla on three compute, I create neutron network successfully, but I can not ping the network from external network.

because I have only one NIC, so I create a VLAN: eth0.20, neutron_external_interface: "eth0.20".

if I assign a floating ip to an instance, It's error:
External network ce554e2f-bc0d-47bc-95f4-6b9f9d2202ef is not reachable from subnet 9fe487c3-46b3-486e-ac14-60d03590792d. Therefore, cannot associate Port e23daebe-16d1-4189-a194-242fcd73e5ab with a Floating IP. Neutron server returns request_ids: ['req-184ca305-8af6-4671-aaea-494232c87abd']

for more information, I upload two images on github, please open:
https://raw.githubusercontent.com/greatbsky/openstack/master/1.png
https://raw.githubusercontent.com/greatbsky/openstack/master/2.png

[root@oscontroller ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet 172.17.0.1 netmask 255.255.0.0 broadcast 0.0.0.0
        inet6 fe80::42:82ff:fe43:b91f prefixlen 64 scopeid 0x20<link>
        ether 02:42:82:43:b9:1f txqueuelen 0 (Ethernet)
        RX packets 8 bytes 536 (536.0 B)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 9 bytes 690 (690.0 B)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet 192.168.1.61 netmask 255.255.255.0 broadcast 192.168.1.255
        inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link>
        ether 00:e0:66:85:6b:24 txqueuelen 1000 (Ethernet)
        RX packets 374 bytes 32803 (32.0 KiB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 212 bytes 22583 (22.0 KiB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0.1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet 192.168.1.61 netmask 255.255.255.0 broadcast 192.168.1.255
        inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link>
        ether 00:e0:66:85:6b:24 txqueuelen 0 (Ethernet)
        RX packets 0 bytes 0 (0.0 B)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 13 bytes 858 (858.0 B)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

eth0.20: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet 192.168.20.61 netmask 255.255.255.0 broadcast 192.168.20.255
        inet6 fe80::2e0:66ff:fe85:6b24 prefixlen 64 scopeid 0x20<link>
        ether 00:e0:66:85:6b:24 txqueuelen 0 (Ethernet)
        RX packets 0 bytes 0 (0.0 B)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 10 bytes 732 (732.0 B)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
        inet 127.0.0.1 netmask 255.0.0.0
        inet6 ::1 prefixlen 128 scopeid 0x10<host>
        loop txqueuelen 0 (Local Loopback)
        RX packets 14 bytes 1210 (1.1 KiB)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 14 bytes 1210 (1.1 KiB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

veth4575b33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        inet6 fe80::a415:6eff:fefd:7d1b prefixlen 64 scopeid 0x20<link>
        ether a6:15:6e:fd:7d:1b txqueuelen 0 (Ethernet)
        RX packets 8 bytes 648 (648.0 B)
        RX errors 0 dropped 0 overruns 0 frame 0
        TX packets 17 bytes 1338 (1.3 KiB)
        TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@oscontroller ~]# ovs-vsctl show
037a5215-0ba6-42db-96dc-865448a2ca07
    Bridge br-tun
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-c0a8015c"
            Interface "vxlan-c0a8015c"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.168.1.61", out_key=flow, remote_ip="192.168.1.92"}
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "eth0.20"
            Interface "eth0.20"
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-int
        fail_mode: secure
        Port "qg-4e2a1631-ff"
            tag: 6
            Interface "qg-4e2a1631-ff"
                type: internal
        Port "tap629b3552-d2"
            tag: 6
            Interface "tap629b3552-d2"
                type: internal
        Port "qg-ba3451ef-a2"
            tag: 2
            Interface "qg-ba3451ef-a2"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "tap21939cfb-56"
            tag: 1
            Interface "tap21939cfb-56"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "qr-5b332ba0-1f"
            tag: 1
            Interface "qr-5b332ba0-1f"
                type: internal
[root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-2d2fa214-e7 ! -o qg-2d2fa214-e7 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -o qg-2d2fa214-e7 -j SNAT --to-source 192.168.1.201
-A neutron-l3-agent-snat -m mark ! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source 192.168.1.201
-A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat

-----------------------------------------
Qst 1:
I ping gateway qg-2d2fa214-e7 ip 192.168.1.201, tcpdump -i eth0.20 got nothing, bug if execute
[root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd ping 192.168.1.88
got result:
[root@oscontroller ~]# tcpdump -i eth0.20
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.20, link-type EN10MB (Ethernet), capture size 65535 bytes
06:00:37.865883 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28
06:00:38.868298 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28
06:00:39.870297 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28
06:00:41.866485 ARP, Request who-has 192.168.1.88 tell 192.168.1.201, length 28

Qst 2:
This result look like miss qr-xxxxxxxx ? is it correct?
[root@oscontroller ~]# ip netns exec qrouter-5adac720-913d-4176-ac6c-8d4443f689dd ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
17: qg-2d2fa214-e7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether fa:16:3e:3a:df:92 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.201/24 brd 192.168.1.255 scope global qg-2d2fa214-e7
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe3a:df92/64 scope link
       valid_lft forever preferred_lft forever

help me please, I have try to resolve this for two weeks...

See original description

greatbsky (greatbsky) on 2016-09-14

description:

updated

zhubingbing (zhubingbing) on 2016-09-18

Changed in kolla:
milestone:	none → newton-rc2
status:	New → Triaged

Revision history for this message

Steven Dake (sdake) wrote on 2016-09-18:

I don't think this is a bug, but rather user error. Please join #openstack-kolla for guidance on how to get your environment operational. That way we can have a high bandwidth conversation on the topic.

Changed in kolla:
status:	Triaged → Incomplete
importance:	Undecided → Medium

Revision history for this message

zhubingbing (zhubingbing) wrote on 2016-09-19:

i agree sdake

Revision history for this message

greatbsky (greatbsky) wrote on 2016-09-22:

sorry, I fixed this problems today. By:
vi /etc/selinux/config
SELINUX=disabled

Changed in kolla:
status:	Incomplete → Invalid

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.