neutron

Floating IP Configuration in Quantum + openvswitch

Asked by vivekraghuwanshi

I need some help in configuration of quantum floating ips.

I am able to ping and ssh my instances via their internal ips (172.24.1.x)

But not able to access them via floating ips .

I am using gre type network, and using all in one box, once its up i am adding some more compute node in the cluster.

find below the results.

root@us000901:~# quantum floatingip-list
+--------------------------------------+------------------+---------------------+--------------------------------------+
| id | fixed_ip_address | floating_ip_address | port_id |
+--------------------------------------+------------------+---------------------+--------------------------------------+
| 2381aa6c-2690-4a52-b558-4c553e1f1bd9 | 172.24.1.3 | 10.83.192.132 | 97697210-fd93-43a1-bdb3-d096f51c137e |
| 241482f1-41ca-49d6-8d72-ff46d6bd6ec5 | | 10.83.192.134 | |
| 6ca0e952-bf83-4602-b46a-a5e95ef64266 | | 10.83.192.135 | |
| f3f9e910-a3dd-4872-a977-8835cf0f95b3 | | 10.83.192.133 | |
+--------------------------------------+------------------+---------------------+--------------------------------------+

root@us000901:~# quantum router-list
+--------------------------------------+-----------------+--------------------------------------------------------+
| id | name | external_gateway_info |
+--------------------------------------+-----------------+--------------------------------------------------------+
| 935a00d9-1426-40d7-8304-d33d83c350dc | provider-router | {"network_id": "162030bb-ab1a-4346-87cb-b3182619d959"} |
+--------------------------------------+-----------------+--------------------------------------------------------+

root@us000901:~# quantum net-list
+--------------------------------------+-----------+--------------------------------------+
| id | name | subnets |
+--------------------------------------+-----------+--------------------------------------+
| 162030bb-ab1a-4346-87cb-b3182619d959 | ext_net | fa9dc9b5-03cd-4090-ae44-484fe968d825 |
| 35918ece-1847-4213-a283-8968136c45eb | admin-net | 9404d2c0-d495-4db2-a661-3ab93958337d |
+--------------------------------------+-----------+--------------------------------------+

root@us000901:~# quantum subnet-list
+--------------------------------------+------+------------------+----------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+------+------------------+----------------------------------------------------+
| 9404d2c0-d495-4db2-a661-3ab93958337d | | 172.24.1.0/24 | {"start": "172.24.1.2", "end": "172.24.1.254"} |
| fa9dc9b5-03cd-4090-ae44-484fe968d825 | | 10.83.192.128/25 | {"start": "10.83.192.131", "end": "10.83.192.250"} |
+--------------------------------------+------+------------------+----------------------------------------------------+

root@us000901:~# ovs-vsctl show
e2339720-8c6b-4329-8ac1-26fb93007447
    Bridge br-int
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qvo97697210-fd"
            tag: 2
            Interface "qvo97697210-fd"
        Port "tap5cb36f0c-c7"
            tag: 2
            Interface "tap5cb36f0c-c7"
                type: internal
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-ex
        Port "eth3"
            Interface "eth3"
        Port br-ex
            Interface br-ex
                type: internal
    ovs_version: "1.4.0+build0"
root@us000901:~#

root@us000901:~# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
    address 10.83.192.1
    netmask 255.255.255.0
    network 10.83.192.0
    broadcast 10.83.192.255
    gateway 10.83.192.254
    # dns-* options are implemented by the resolvconf package, if installed
    dns-nameservers 10.83.2.25
    dns-search ap.tieto.com

# VMs Networks with OVS in tunnel mode
auto eth1
iface eth1 inet static
address 172.24.0.3
netmask 255.255.0.0

# Public Bridge
auto eth3
iface eth3 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
root@us000901:~#

I am also having one question can i use floating ip are of same network where i am using my node eth0.

Question information

Language:
English Edit question
Status:
Solved
For:
neutron Edit question
Assignee:
No assignee Edit question
Solved by:
vivekraghuwanshi
Solved:
Last query:
Last reply:
Revision history for this message
vivekraghuwanshi (vivekraghuwanshi) said : 		#1

root@us000901:~# quantum port-list -- --device_id 86a3ec45-f92f-4f30-b39e-fa2c5a2ec88e
+--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
 +--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+
| 97697210-fd93-43a1-bdb3-d096f51c137e | | fa:16:3e:5d:f8:79 | {"subnet_id": "9404d2c0-d495-4db2-a661-3ab93958337d", "ip_address": "172.24.1.3"} |
 +--------------------------------------+------+-------------------+-----------------------------------------------------------------------------------+
root@us000901:~# quantum floatingip-show 2381aa6c-2690-4a52-b558-4c553e1f1bd9
+---------------------+--------------------------------------+
| Field | Value |
 +---------------------+--------------------------------------+
| fixed_ip_address | 172.24.1.3 |
| floating_ip_address | 10.83.192.132 |
| floating_network_id | 162030bb-ab1a-4346-87cb-b3182619d959 |
| id | 2381aa6c-2690-4a52-b558-4c553e1f1bd9 |
| port_id | 97697210-fd93-43a1-bdb3-d096f51c137e |
| router_id | 935a00d9-1426-40d7-8304-d33d83c350dc |
| tenant_id | 51c3b9e0f5e74e45be915497b9b9e53d |
 +---------------------+--------------------------------------+
root@us000901:~#

adding some more infotmation

Revision history for this message
Aaron Rosen (arosen) said : 		#2

You're probably getting blocked by nova security groups. If you change the following values in nova.conf it should work.

firewall_driver=nova.virt.firewall.NoopFirewallDriver
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtOpenVswitchDriver

Revision history for this message
vivekraghuwanshi (vivekraghuwanshi) said : 		#3

Thanks Aaron,

I am trying the proposed config changes and update teh thread accordingly.

Revision history for this message
vivekraghuwanshi (vivekraghuwanshi) said : 		#4

Not resolved via this

Revision history for this message
vivekraghuwanshi (vivekraghuwanshi) said : 		#5

firewall_driver=nova.virt.firewall.NoopFirewallDriver
Instanves booted without IP and in erroe state

libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtOpenVswitchDriver
Results Instances Failed to spawn

Revision history for this message
Matt Symonds (msymonds) said : 		#6

I have the same problem with floating IP's.

I am running one control node with quantum-server, L3 and openvswitch, and two compute nodes with nova-compute and openvswitch.

I am using namespaces.
I am able to ping the private IP address from the namespace, but not the floating IP.
I can see the (correctly NAT'd) traffic getting to the compute node on the bridge interface for the VM.

My default secgroup is:

[admin:admin] root@openstack-control:~# nova secgroup-list-rules default
 +-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
 +-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
 +-------------+-----------+---------+-----------+--------------+

When loading both:
firewall_driver=nova.virt.firewall.NoopFirewallDriver
libvirt_vif_driver=nova.virt.libvirt.vif.LibvirtOpenVswitchDriver

I can ping the VM on its public and floating IP.

Revision history for this message
dan wendlandt (danwent) said : 		#7

I do not think what you're trying to do will work, as the routing table on your host will likely send packets to 10.83.192.0/24 out eth0, where as you need a route that sends traffic to 10.83.192.0/24 out the br-ex interface.

Revision history for this message
Matt Symonds (msymonds) said : 		#8

I now have this working.

I had created the secgroup for the admin user but was booting machines for the demo user.

Revision history for this message
vivekraghuwanshi (vivekraghuwanshi) said : 		#9

Hi All,

The issue is now fixed by
 vi /usr/share/pyshared/quantum/agent/linux/iptables_manager.py +272

s = [('/sbin/iptables', self.ipv4)]

If I change this to:

        s = [('iptables', self.ipv4)]

and then its fixed

now i am able to ping and ssh the instances

Thankyou all

Revision history for this message
vivekraghuwanshi (vivekraghuwanshi) said : 		#10

Hi All,

The issue is now resolved

On Wed, Oct 24, 2012 at 4:41 PM, Matt
<email address hidden>wrote:

> Your question #211395 on quantum changed:
> https://answers.launchpad.net/quantum/+question/211395
>
> Matt posted a new comment:
> I now have this working.
>
> I had created the secgroup for the admin user but was booting machines
> for the demo user.
>
> --
> You received this question notification because you asked the question.
>

--
ViVek Raghuwanshi
Mobile -+91-09595950504

Skype - vivek_raghuwanshi