2016-06-16 18:56:51 |
Hao Chen |
description |
I have a mitaka openstack deployment with neutron DVR enabled. When I try to test the snat HA failover I found that even though the snat namespace was created on the other backup node, it doesn't has any nat rule in snat namespace iptable. And run "ip a" in the sant namespace you will find the sg port is missing.
Here is what I found on the second neutron network node
sandy-pistachio:/opt/openstack # ip netns
qrouter-e25b81f9-8810-4654-9be0-ebac09c700fb
qdhcp-abe36e89-f7a5-4cbd-a7e4-852d80ed92d6
snat-e25b81f9-8810-4654-9be0-ebac09c700fb
sandy-pistachio:/opt/openstack # ip netns exec snat-e25b81f9-8810-4654-9be0-ebac09c700fb ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
70: qg-cc3b2f8c-b7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
link/ether fa:16:3e:cb:27:cd brd ff:ff:ff:ff:ff:ff
inet 10.240.117.98/28 brd 10.240.117.111 scope global qg-cc3b2f8c-b7
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fecb:27cd/64 scope link
valid_lft forever preferred_lft forever
sandy-pistachio:/opt/openstack # ip netns exec snat-e25b81f9-8810-4654-9be0-ebac09c700fb iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
sandy-pistachio:/opt/openstack # |
I have a mitaka openstack deployment with neutron DVR enabled. When I try to test the snat HA failover I found that even though the snat namespace was created on the other backup node, it doesn't has any nat rule in snat namespace iptable. And run "ip a" in the sant namespace you will find the sg port is missing.
Here is what I found on the second neutron network node
sandy-pistachio:/opt/openstack # ip netns
qrouter-e25b81f9-8810-4654-9be0-ebac09c700fb
qdhcp-abe36e89-f7a5-4cbd-a7e4-852d80ed92d6
snat-e25b81f9-8810-4654-9be0-ebac09c700fb
sandy-pistachio:/opt/openstack # ip netns exec snat-e25b81f9-8810-4654-9be0-ebac09c700fb ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
70: qg-cc3b2f8c-b7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
link/ether fa:16:3e:cb:27:cd brd ff:ff:ff:ff:ff:ff
inet 10.240.117.98/28 brd 10.240.117.111 scope global qg-cc3b2f8c-b7
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fecb:27cd/64 scope link
valid_lft forever preferred_lft forever
sandy-pistachio:/opt/openstack # ip netns exec snat-e25b81f9-8810-4654-9be0-ebac09c700fb iptables -L -n -v -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Here are the package information:
provo-pistachio:/opt/openstack # zypper info openstack-neutron
Loading repository data...
Reading installed packages...
Information for package openstack-neutron:
------------------------------------------
Repository: Mitaka
Name: openstack-neutron
Version: 8.1.1~a0~dev32-2.1
Arch: noarch
Vendor: obs://build.opensuse.org/Cloud:OpenStack
Installed: Yes
Status: up-to-date
Installed Size: 235.1 KiB
Summary: OpenStack Network
Description:
Neutron is a virtual network service for Openstack.
Just like OpenStack Nova provides an API to dynamically request and
configure virtual servers, Neutron provides an API to dynamically
request and configure virtual networks. These networks connect
"interfaces" from other OpenStack services (e.g., vNICs from Nova VMs).
The Neutron API supports extensions to provide advanced network
capabilities (e.g., QoS, ACLs, network monitoring, etc)
provo-pistachio:/opt/openstack # zypper info openstack-neutron-openvswitch-agent
Loading repository data...
Reading installed packages...
Information for package openstack-neutron-openvswitch-agent:
------------------------------------------------------------
Repository: Mitaka
Name: openstack-neutron-openvswitch-agent
Version: 8.1.1~a0~dev32-2.1
Arch: noarch
Vendor: obs://build.opensuse.org/Cloud:OpenStack
Installed: Yes
Status: up-to-date
Installed Size: 14.9 KiB
Summary: OpenStack Network - Open vSwitch
Description:
This package provides the OpenVSwitch Agent.
provo-pistachio:/opt/openstack # zypper info openstack-neutron-l3-agent
Loading repository data...
Reading installed packages...
Information for package openstack-neutron-l3-agent:
---------------------------------------------------
Repository: Mitaka
Name: openstack-neutron-l3-agent
Version: 8.1.1~a0~dev32-2.1
Arch: noarch
Vendor: obs://build.opensuse.org/Cloud:OpenStack
Installed: Yes
Status: up-to-date
Installed Size: 24.7 KiB
Summary: OpenStack Network Service (Neutron) - L3 Agent
Description:
This package provides the L3 Agent. |
|