settingsLogin | Registersettings

[Openstack-operators] Manual router setup

0 votes

Hi all;
It appears that Liberty Neutron routers do not work. The Northbound port is always Down.

What I'd like to do is dedicate an instance (CentOS) to routing between the Public net and other nets. Has anyone done this. Setting up the router is trivial. But I'm a little worried about interaction with Neutron Ports. I need to assign fixed IPs so I can route from the Internet to a server instance.

Ideas?

Thanks
- Chris.

Sent from my iPhone


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
asked Mar 23, 2016 in openstack-operators by Christopher_Hull (2,220 points)   2 5 7

16 Responses

0 votes

Do you have externalnetworkbridge set to an empty value in the l3 agent
config? If not, the l3 agent will use a legacy mode of wiring up the port
and it's status field may not be ACTIVE.

The routers are tested thousands of times in the gate every day, so they
work. It's just a matter of getting your configuration correct.

Yes, you can use a VM to route as well.
On Mar 23, 2016 7:06 AM, chrishull42@gmail.com wrote:

Hi all;
It appears that Liberty Neutron routers do not work. The Northbound port
is always Down.

What I'd like to do is dedicate an instance (CentOS) to routing between
the Public net and other nets. Has anyone done this. Setting up the
router is trivial. But I'm a little worried about interaction with Neutron
Ports. I need to assign fixed IPs so I can route from the Internet to a
server instance.

Ideas?

Thanks
- Chris.

Sent from my iPhone


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
responded Mar 23, 2016 by kevin_at_benton.pub (15,600 points)   2 3 4
0 votes

Kevin;
Thank you Very much. I'll check. I did a manual Liberty install so I may have done something wrong. I am using LinuxBridge (not OpenVSwitch) if that helps. Will post results to list soon. Would like to be able to use floating IPs, a more convenient form of ipTables basically.

Chris.

Sent from my iPhone

On Mar 23, 2016, at 7:16 AM, Kevin Benton kevin@benton.pub wrote:

Do you have externalnetworkbridge set to an empty value in the l3 agent config? If not, the l3 agent will use a legacy mode of wiring up the port and it's status field may not be ACTIVE.

The routers are tested thousands of times in the gate every day, so they work. It's just a matter of getting your configuration correct.

Yes, you can use a VM to route as well.

On Mar 23, 2016 7:06 AM, chrishull42@gmail.com wrote:
Hi all;
It appears that Liberty Neutron routers do not work. The Northbound port is always Down.

What I'd like to do is dedicate an instance (CentOS) to routing between the Public net and other nets. Has anyone done this. Setting up the router is trivial. But I'm a little worried about interaction with Neutron Ports. I need to assign fixed IPs so I can route from the Internet to a server instance.

Ideas?

Thanks
- Chris.

Sent from my iPhone


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
responded Mar 23, 2016 by Christopher_Hull (2,220 points)   2 5 7
0 votes

Ok. The same settings should apply to Linux bridge.

Make sure you have externalnetworkbridge defined in your L3 agent as an
empty value.

Then your external network should be created with the provider type of
'flat' and the physical network corresponding to the one you have defined
in your bridge mappings in the L2 agent that attaches to the bridge going
to your external physical network.
On Mar 23, 2016 7:25 AM, chrishull42@gmail.com wrote:

Kevin;
Thank you Very much. I'll check. I did a manual Liberty install so I
may have done something wrong. I am using LinuxBridge (not OpenVSwitch) if
that helps. Will post results to list soon. Would like to be able to use
floating IPs, a more convenient form of ipTables basically.

Chris.

Sent from my iPhone

On Mar 23, 2016, at 7:16 AM, Kevin Benton kevin@benton.pub wrote:

Do you have externalnetworkbridge set to an empty value in the l3 agent
config? If not, the l3 agent will use a legacy mode of wiring up the port
and it's status field may not be ACTIVE.

The routers are tested thousands of times in the gate every day, so they
work. It's just a matter of getting your configuration correct.

Yes, you can use a VM to route as well.
On Mar 23, 2016 7:06 AM, chrishull42@gmail.com wrote:

Hi all;
It appears that Liberty Neutron routers do not work. The Northbound port
is always Down.

What I'd like to do is dedicate an instance (CentOS) to routing between
the Public net and other nets. Has anyone done this. Setting up the
router is trivial. But I'm a little worried about interaction with Neutron
Ports. I need to assign fixed IPs so I can route from the Internet to a
server instance.

Ideas?

Thanks
- Chris.

Sent from my iPhone


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
responded Mar 23, 2016 by kevin_at_benton.pub (15,600 points)   2 3 4
0 votes

Thanks. Will check that.
When I create an instance in the public or private nets they ping. Why do router ports behave differently than instance ports? Only the Northbound router port is down and won't ping. Will check settings ASAP thanks

Chris.

Sent from my iPhone

On Mar 23, 2016, at 7:52 AM, Kevin Benton kevin@benton.pub wrote:

Ok. The same settings should apply to Linux bridge.

Make sure you have externalnetworkbridge defined in your L3 agent as an empty value.

Then your external network should be created with the provider type of 'flat' and the physical network corresponding to the one you have defined in your bridge mappings in the L2 agent that attaches to the bridge going to your external physical network.

On Mar 23, 2016 7:25 AM, chrishull42@gmail.com wrote:
Kevin;
Thank you Very much. I'll check. I did a manual Liberty install so I may have done something wrong. I am using LinuxBridge (not OpenVSwitch) if that helps. Will post results to list soon. Would like to be able to use floating IPs, a more convenient form of ipTables basically.

Chris.

Sent from my iPhone

On Mar 23, 2016, at 7:16 AM, Kevin Benton kevin@benton.pub wrote:

Do you have externalnetworkbridge set to an empty value in the l3 agent config? If not, the l3 agent will use a legacy mode of wiring up the port and it's status field may not be ACTIVE.

The routers are tested thousands of times in the gate every day, so they work. It's just a matter of getting your configuration correct.

Yes, you can use a VM to route as well.

On Mar 23, 2016 7:06 AM, chrishull42@gmail.com wrote:
Hi all;
It appears that Liberty Neutron routers do not work. The Northbound port is always Down.

What I'd like to do is dedicate an instance (CentOS) to routing between the Public net and other nets. Has anyone done this. Setting up the router is trivial. But I'm a little worried about interaction with Neutron Ports. I need to assign fixed IPs so I can route from the Internet to a server instance.

Ideas?

Thanks
- Chris.

Sent from my iPhone


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
responded Mar 23, 2016 by Christopher_Hull (2,220 points)   2 5 7
0 votes

Hi Keven / all;

Re: Getting a Neutron Router to work. (set externalnetworkbridge =
blank). Apologies if this got sent twice.

Nope, not quite there yet re getting the damn router to work (week 3 on
this issue).

The Liberty install instructions indeed say to set...
externalnetworkbridge =

I'm so desperate that I thought the blank space after the = might be the
issue. No. Then I noticed these instructions in l3_agent.ini itself.


When externalnetworkbridge is set, each L3 agent can be associated

with no more than one external network. This value should be set to the

UUID

of that external network. To allow L3 agent support multiple external

networks, both the externalnetworkbridge and gatewayexternalnetwork_id

must be left empty.

gatewayexternalnetwork_id =


1: Should gatewayexternalnetworkid = be unoommented?
2: Should I reupdate the database after these changes?
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf
\
--config-file /etc/neutron/plugins/ml2/ml2
conf.ini upgrade head" neutron

3: Should externalnetworkbridge in fact be set to the UUID of the public
network?

  1. All instances Ports work just fine on public and private network. WHAT
    is the difference between a Neutron router northbound port and an instance
    port on the public net.

Services restarted after config change (just removed space after = actually
just in case sloppy Python coding was involved here). In fact, I rebooted
the box just to be sure.

Making my own instance based router is looking better and better all the
time. If Neutron Routers really work, maybe UFO's exist too. :-) j/k

Seriously. Thank you for your help. Hope to help the community soon
too myself. Trying to get my Gerrit account up and running but the
OpenStack.org site won't allow me to sign the Contrib agreement with out
getting a server error.

==== Config Details ======
Issue Neutron Router Northbound Port won't Ping, is Down

[root@maersk src]# ./pluto.py show -p /etc neutron rootwrap.conf
ml2conf.ini l3agent.ini linuxbridgeagent.ini dhcpagent.ini
+-----------------------+------------------------------------+-------------------------------------------------+
| neutron: Section | Key |
Value |
+-----------------------+------------------------------------+-------------------------------------------------+
| DEFAULT | verbose |
True |
| DEFAULT | novaurl |
http://controller:8774/v2 |
| DEFAULT | notify
novaonportdatachanges |
True |
| DEFAULT | notifynovaonportstatuschanges |
True |
| DEFAULT | auth
strategy |
keystone |
| DEFAULT | rpcbackend |
rabbit |
| DEFAULT | allow
overlappingips |
True |
| DEFAULT | service
plugins |
router |
| DEFAULT | coreplugin |
ml2 |
| keystone
authtoken | password |
mk4968small23buggidntpass |
| keystoneauthtoken | username |
neutron |
| keystone
authtoken | projectname |
service |
| keystone
authtoken | userdomainid |
default |
| keystoneauthtoken | projectdomainid |
default |
| keystone
authtoken | authplugin |
password |
| keystone
authtoken | authurl |
http://controller:35357 |
| keystone
authtoken | authuri |
http://controller:5000 |
| database | connection |
mysql://neutron:sleestack191@controller/neutron |
| nova | password |
mk4968small23buggidntpass |
| nova | username |
nova |
| nova | project
name |
service |
| nova | regionname |
RegionOne |
| nova | user
domainid |
default |
| nova | project
domainid |
default |
| nova | auth
plugin |
password |
| nova | authurl |
http://controller:35357 |
| oslo
concurrency | lockpath |
/var/lib/neutron/tmp |
| oslo
messagingrabbit | rabbitpassword |
open.g00dke232 |
| oslomessagingrabbit | rabbituserid |
openstack |
| oslo
messagingrabbit | rabbithost |
controller |
+-----------------------+------------------------------------+-------------------------------------------------+
+-------------------+---------------------+--------------------------------------------------------------+
| rootwrap: Section | Key |
Value |
+-------------------+---------------------+--------------------------------------------------------------+
| DEFAULT | filterspath |
/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap |
| DEFAULT | exec
dirs |
/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin |
| DEFAULT | usesyslog |
False |
| DEFAULT | syslog
logfacility |
syslog |
| DEFAULT | syslog
loglevel |
ERROR |
+-------------------+---------------------+--------------------------------------------------------------+
+-------------------+----------------------+--------------------------+
| ml2
conf: Section | Key | Value |
+-------------------+----------------------+--------------------------+
| ml2 | extensiondrivers | portsecurity |
| ml2 | mechanismdrivers | linuxbridge,l2population |
| ml2 | tenant
networktypes | vxlan |
| ml2 | type
drivers | flat,vlan,vxlan |
| ml2typeflat | flatnetworks | public |
| ml2
typevxlan | vniranges | 1:1000 |
| securitygroup | enableipset | True |
+-------------------+----------------------+--------------------------+
+-------------------+--------------------------+-----------------------------------------------------+
| l3
agent: Section | Key |
Value |
+-------------------+--------------------------+-----------------------------------------------------+
| DEFAULT | externalnetworkbridge
| |
| DEFAULT | verbose |
True |
| DEFAULT | interfacedriver |
neutron.agent.linux.interface.BridgeInterfaceDriver |
+-------------------+--------------------------+-----------------------------------------------------+
+----------------------------+-----------------------------+--------------------------------------------------------------+
| linuxbridge
agent: Section | Key |
Value |
+----------------------------+-----------------------------+--------------------------------------------------------------+
| linuxbridge | physicalinterfacemappings |
public:enp3s0 |
| vxlan | l2
population |
True |
| vxlan | localip |
172.22.10.99 |
| vxlan | enable
vxlan |
True |
| agent | preventarpspoofing |
True |
| securitygroup | firewalldriver |
neutron.agent.linux.iptables
firewall.IptablesFirewallDriver |
| securitygroup | enablesecuritygroup |
True |
+----------------------------+-----------------------------+--------------------------------------------------------------+
+---------------------+--------------------------+-----------------------------------------------------+
| dhcpagent: Section | Key |
Value |
+---------------------+--------------------------+-----------------------------------------------------+
| DEFAULT | dnsmasq
configfile |
/etc/neutron/dnsmasq-neutron.conf |
| DEFAULT | verbose |
True |
| DEFAULT | enable
isolatedmetadata |
True |
| DEFAULT | dhcp
driver |
neutron.agent.linux.dhcp.Dnsmasq |
| DEFAULT | interface_driver |
neutron.agent.linux.interface.BridgeInterfaceDriver |
+---------------------+--------------------------+-----------------------------------------------------+

On Wed, Mar 23, 2016 at 8:50 AM, chrishull42@gmail.com wrote:

Thanks. Will check that.
When I create an instance in the public or private nets they ping. Why do
router ports behave differently than instance ports? Only the Northbound
router port is down and won't ping. Will check settings ASAP thanks

Chris.

Sent from my iPhone

On Mar 23, 2016, at 7:52 AM, Kevin Benton kevin@benton.pub wrote:

Ok. The same settings should apply to Linux bridge.

Make sure you have externalnetworkbridge defined in your L3 agent as an
empty value.

Then your external network should be created with the provider type of
'flat' and the physical network corresponding to the one you have defined
in your bridge mappings in the L2 agent that attaches to the bridge going
to your external physical network.
On Mar 23, 2016 7:25 AM, chrishull42@gmail.com wrote:

Kevin;
Thank you Very much. I'll check. I did a manual Liberty install so I
may have done something wrong. I am using LinuxBridge (not OpenVSwitch) if
that helps. Will post results to list soon. Would like to be able to use
floating IPs, a more convenient form of ipTables basically.

Chris.

Sent from my iPhone

On Mar 23, 2016, at 7:16 AM, Kevin Benton kevin@benton.pub wrote:

Do you have externalnetworkbridge set to an empty value in the l3 agent
config? If not, the l3 agent will use a legacy mode of wiring up the port
and it's status field may not be ACTIVE.

The routers are tested thousands of times in the gate every day, so they
work. It's just a matter of getting your configuration correct.

Yes, you can use a VM to route as well.
On Mar 23, 2016 7:06 AM, chrishull42@gmail.com wrote:

Hi all;
It appears that Liberty Neutron routers do not work. The Northbound
port is always Down.

What I'd like to do is dedicate an instance (CentOS) to routing between
the Public net and other nets. Has anyone done this. Setting up the
router is trivial. But I'm a little worried about interaction with Neutron
Ports. I need to assign fixed IPs so I can route from the Internet to a
server instance.

Ideas?

Thanks
- Chris.

Sent from my iPhone


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
responded Mar 23, 2016 by Christopher_Hull (2,220 points)   2 5 7
0 votes

Hmmm. Well I'm not using OpenVSwitch. Just LinuxBridge. My CentOS 7
install sees emp3s0 where eth0 would usually appear. But this may need to
be changed to br-ex? The IP address no longer apperas at enp3s0, so
perhaps that's the issue.

When I make changes, I tear down all the networks and rebuild them
according to instructions. I do this after restarting the machine. I
wonder if the database needs to be updated as well.

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf
\
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl stop neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl stop neutron-l3-agent.service
and restart.

Thanks for the help. Yes. It's a bit confusing. Why are router and
instance ports different? It is for this reason that I figured I could
just create my own instance/router. But why should I have to? Do
routers not work unless you use OpenVSwitch? The Liberty install
instructions (unlike Kilo) don't seem to require installing OpenVSwitch.

linuxbridgeagent.ini
inuxbridge | physicalinterface_mappings | public:enp3s0

Perhaps br-ex? Or whereever I see my static IP when doing an ifconfig
:-) Was enp3s0 when CentOS was first installed, but I think thats changed
somehow.

+----------------------------+-----------------------------+--------------------------------------------------------------+
| linuxbridgeagent: Section | Key |
Value |
+----------------------------+-----------------------------+--------------------------------------------------------------+
| linux
bridge | physicalinterfacemappings |
public:enp3s0 |
| vxlan | l2population |
True |
| vxlan | local
ip |
172.22.10.99 |
| vxlan | enablevxlan |
True |
| agent | prevent
arpspoofing |
True |
| securitygroup | firewall
driver |
neutron.agent.linux.iptablesfirewall.IptablesFirewallDriver |
| securitygroup | enable
security_group |
True |
+----------------------------+-----------------------------+--------------------------------------------------------------+

On Wed, Mar 23, 2016 at 3:34 PM, Dan Sneddon dsneddon@redhat.com wrote:

On 03/23/2016 03:05 PM, Christopher Hull wrote:

Hi Keven / all;

Re: Getting a Neutron Router to work. (set externalnetworkbridge =
blank). Apologies if this got sent twice.

Nope, not quite there yet re getting the damn router to work (week 3 on
this issue).

The Liberty install instructions indeed say to set...
externalnetworkbridge =

I'm so desperate that I thought the blank space after the = might be
the issue. No. Then I noticed these instructions in l3_agent.ini
itself.


When externalnetworkbridge is set, each L3 agent can be associated

with no more than one external network. This value should be set to

the UUID

of that external network. To allow L3 agent support multiple external

networks, both the externalnetworkbridge and

gatewayexternalnetwork_id

must be left empty.

gatewayexternalnetwork_id =


1: Should gatewayexternalnetworkid = be unoommented?
2: Should I reupdate the database after these changes?
su -s /bin/sh -c "neutron-db-manage --config-file
/etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2
conf.ini upgrade head"
neutron

3: Should externalnetworkbridge in fact be set to the UUID of the
public network?

  1. All instances Ports work just fine on public and private network.
    WHAT is the difference between a Neutron router northbound port and an
    instance port on the public net.

Services restarted after config change (just removed space after =
actually just in case sloppy Python coding was involved here). In
fact, I rebooted the box just to be sure.

Making my own instance based router is looking better and better all
the time. If Neutron Routers really work, maybe UFO's exist too.
:-) j/k

Seriously. Thank you for your help. Hope to help the community
soon too myself. Trying to get my Gerrit account up and running but
the OpenStack.org site won't allow me to sign the Contrib agreement
with out getting a server error.

==== Config Details ======
Issue Neutron Router Northbound Port won't Ping, is Down

[root@maersk src]# ./pluto.py show -p /etc neutron rootwrap.conf
ml2conf.ini l3agent.ini linuxbridgeagent.ini dhcpagent.ini

+-----------------------+------------------------------------+-------------------------------------------------+

| neutron: Section | Key |
Value |

+-----------------------+------------------------------------+-------------------------------------------------+

| DEFAULT | verbose |
True |
| DEFAULT | novaurl |
http://controller:8774/v2 |
| DEFAULT | notify
novaonportdatachanges |
True |
| DEFAULT | notifynovaonportstatuschanges |
True |
| DEFAULT | auth
strategy |
keystone |
| DEFAULT | rpcbackend |
rabbit |
| DEFAULT | allow
overlappingips |
True |
| DEFAULT | service
plugins |
router |
| DEFAULT | coreplugin |
ml2 |
| keystone
authtoken | password |
mk4968small23buggidntpass |
| keystoneauthtoken | username |
neutron |
| keystone
authtoken | projectname |
service |
| keystone
authtoken | userdomainid |
default |
| keystoneauthtoken | projectdomainid |
default |
| keystone
authtoken | authplugin |
password |
| keystone
authtoken | authurl |
http://controller:35357 |
| keystone
authtoken | authuri |
http://controller:5000 |
| database | connection |
mysql://neutron:sleestack191@controller/neutron |
| nova | password |
mk4968small23buggidntpass |
| nova | username |
nova |
| nova | project
name |
service |
| nova | regionname |
RegionOne |
| nova | user
domainid |
default |
| nova | project
domainid |
default |
| nova | auth
plugin |
password |
| nova | authurl |
http://controller:35357 |
| oslo
concurrency | lockpath |
/var/lib/neutron/tmp |
| oslo
messagingrabbit | rabbitpassword |
open.g00dke232 |
| oslomessagingrabbit | rabbituserid |
openstack |
| oslo
messagingrabbit | rabbithost |
controller |

+-----------------------+------------------------------------+-------------------------------------------------+
>
+-------------------+---------------------+--------------------------------------------------------------+

| rootwrap: Section | Key |
Value |

+-------------------+---------------------+--------------------------------------------------------------+

| DEFAULT | filterspath |
/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap |
| DEFAULT | exec
dirs |
/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin |
| DEFAULT | usesyslog |
False |
| DEFAULT | syslog
logfacility |
syslog |
| DEFAULT | syslog
log_level |
ERROR |

+-------------------+---------------------+--------------------------------------------------------------+

+-------------------+----------------------+--------------------------+
| ml2conf: Section | Key | Value |
+-------------------+----------------------+--------------------------+
| ml2 | extension
drivers | portsecurity |
| ml2 | mechanism
drivers | linuxbridge,l2population |
| ml2 | tenantnetworktypes | vxlan |
| ml2 | typedrivers | flat,vlan,vxlan |
| ml2
typeflat | flatnetworks | public |
| ml2typevxlan | vniranges | 1:1000 |
| securitygroup | enable
ipset | True |
+-------------------+----------------------+--------------------------+

+-------------------+--------------------------+-----------------------------------------------------+

| l3_agent: Section | Key |
Value |

+-------------------+--------------------------+-----------------------------------------------------+

| DEFAULT | externalnetworkbridge
| |
| DEFAULT | verbose |
True |
| DEFAULT | interface_driver |
neutron.agent.linux.interface.BridgeInterfaceDriver |

+-------------------+--------------------------+-----------------------------------------------------+
>
+----------------------------+-----------------------------+--------------------------------------------------------------+

| linuxbridge_agent: Section | Key |
Value |

+----------------------------+-----------------------------+--------------------------------------------------------------+

| linuxbridge | physicalinterfacemappings |
public:enp3s0 |
| vxlan | l2
population |
True |
| vxlan | localip |
172.22.10.99 |
| vxlan | enable
vxlan |
True |
| agent | preventarpspoofing |
True |
| securitygroup | firewalldriver |
neutron.agent.linux.iptables
firewall.IptablesFirewallDriver |
| securitygroup | enablesecuritygroup |
True |

+----------------------------+-----------------------------+--------------------------------------------------------------+
>
+---------------------+--------------------------+-----------------------------------------------------+

| dhcp_agent: Section | Key |
Value |

+---------------------+--------------------------+-----------------------------------------------------+

| DEFAULT | dnsmasqconfigfile |
/etc/neutron/dnsmasq-neutron.conf |
| DEFAULT | verbose |
True |
| DEFAULT | enableisolatedmetadata |
True |
| DEFAULT | dhcpdriver |
neutron.agent.linux.dhcp.Dnsmasq |
| DEFAULT | interface
driver |
neutron.agent.linux.interface.BridgeInterfaceDriver |

+---------------------+--------------------------+-----------------------------------------------------+

On Wed, Mar 23, 2016 at 8:50 AM, <chrishull42@gmail.com
chrishull42@gmail.com> wrote:

Thanks. Will check that.
When I create an instance in the public or private nets they ping.
Why do router ports behave differently than instance ports?  Only
the Northbound router port is down and won't ping.   Will check
settings ASAP thanks

Chris.

Sent from my iPhone

On Mar 23, 2016, at 7:52 AM, Kevin Benton <kevin@benton.pub
<mailto:kevin@benton.pub>> wrote:
Ok. The same settings should apply to Linux bridge.

Make sure you have external_network_bridge defined in your L3
agent as an empty value.

Then your external network should be created with the provider
type of 'flat' and the physical network corresponding to the one
you have defined in your bridge mappings in the L2 agent  that
attaches to the bridge going to your external physical network.

On Mar 23, 2016 7:25 AM, <chrishull42@gmail.com
<mailto:chrishull42@gmail.com>> wrote:

    Kevin;
    Thank you Very much.  I'll check.   I did a manual Liberty
    install so I may have done something wrong.  I am using
    LinuxBridge (not OpenVSwitch) if that helps.  Will post
    results to list soon.  Would like to be able to use floating
    IPs, a more convenient form of ipTables basically.

    Chris.

    Sent from my iPhone

    On Mar 23, 2016, at 7:16 AM, Kevin Benton <kevin@benton.pub
    <mailto:kevin@benton.pub>> wrote:
    Do you have external_network_bridge set to an empty value in
    the l3 agent config? If not, the l3 agent will use a legacy
    mode of wiring up the port and it's status field may not be
    ACTIVE.

    The routers are tested thousands of times in the gate every
    day, so they work. It's just a matter of getting your
    configuration correct.

    Yes, you can use a VM to route as well.

    On Mar 23, 2016 7:06 AM, <chrishull42@gmail.com
    <mailto:chrishull42@gmail.com>> wrote:

        Hi all;
        It appears that Liberty Neutron routers do not work.
        The Northbound port is always Down.

        What I'd like to do is dedicate an instance (CentOS) to
        routing between the Public net and other nets.  Has
        anyone done this.  Setting up the router is trivial.
        But I'm a little worried about interaction with Neutron
        Ports.  I need to assign fixed IPs so I can route from
        the Internet to a server instance.

        Ideas?

        Thanks
        - Chris.

        Sent from my iPhone
        _______________________________________________
        OpenStack-operators mailing list
        OpenStack-operators@lists.openstack.org
        <mailto:OpenStack-operators@lists.openstack.org>

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Definitely the externalnetworkbridge needs to be explicitly set to
nothing. That's not the default. I've never had to change the default
gatewayexternalnetworkid when I set externalnetwork_bridge to a
blank value.

Note that after making changes to externalnetworkbridge, I've have to
delete and recreate the router/port/network that was created before
that change.

I assume that your bridge mappings are correct in
/etc/neutron/plugins/openvswitch/ovsneutronplugin.ini:

bridge_mappings =datacentre:br-ex # or whatever you have locally

And that the physicalnetwork of the external network matches the
network name in the bridge
mappings that corresponds to the bridge
containing the physical interface? Probably your instance ports
wouldn't work if those things weren't correct, but those are also areas
where I see failures similar to this.

--
Dan Sneddon | Principal OpenStack Engineer
dsneddon@redhat.com | redhat.com/openstack
650.254.4025 | dsneddon:irc @dxs:twitter


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
responded Mar 23, 2016 by Christopher_Hull (2,220 points)   2 5 7
0 votes

neutron net-create public --shared --provider:physicalnetwork public \
--provider:network
type flat
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| adminstateup | True |
| id | be6e920a-51aa-4293-bb95-7ac38aab9df6 |
| mtu | 0 |
| name | public |
| portsecurityenabled | True |
| provider:networktype | flat |
| provider:physical
network | public |
| provider:segmentationid | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tenant
id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |
+---------------------------+--------------------------------------+

172.22.10.0/24 maps to physical net. I take a slice out that is out of the
way of my ATT Router's DHCP range. 10 to 89. Instances on this subnet
ping, run, see the internet. Only the Router port is dead (DOWN). ??

neutron subnet-create public 172.22.10.0/24 --name public \
--allocation-pool start=172.22.10.10,end=172.22.10.90 \
--dns-nameserver 172.22.10.254 --gateway 172.22.10.254 --enable_dhcp
False

Created a new subnet:
+-------------------+--------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------+
| allocationpools | {"start": "172.22.10.10", "end": "172.22.10.90"} |
| cidr | 172.22.10.0/24 |
| dns
nameservers | 172.22.10.254 |
| enabledhcp | True |
| gateway
ip | 172.22.10.254 |
| hostroutes | |
| id | f227734a-eca3-4472-81f6-620e1bf1fac9 |
| ip
version | 4 |
| ipv6addressmode | |
| ipv6ramode | |
| name | public |
| networkid | be6e920a-51aa-4293-bb95-7ac38aab9df6 |
| subnetpool
id | |
| tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |
+-------------------+--------------------------------------------------+

On Wed, Mar 23, 2016 at 4:06 PM, Christopher Hull chrishull42@gmail.com
wrote:

Hmmm. Well I'm not using OpenVSwitch. Just LinuxBridge. My CentOS 7
install sees emp3s0 where eth0 would usually appear. But this may need to
be changed to br-ex? The IP address no longer apperas at enp3s0, so
perhaps that's the issue.

When I make changes, I tear down all the networks and rebuild them
according to instructions. I do this after restarting the machine. I
wonder if the database needs to be updated as well.

su -s /bin/sh -c "neutron-db-manage --config-file
/etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl stop neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl stop neutron-l3-agent.service
and restart.

Thanks for the help. Yes. It's a bit confusing. Why are router and
instance ports different? It is for this reason that I figured I could
just create my own instance/router. But why should I have to? Do
routers not work unless you use OpenVSwitch? The Liberty install
instructions (unlike Kilo) don't seem to require installing OpenVSwitch.

linuxbridgeagent.ini
inuxbridge | physicalinterface_mappings | public:enp3s0

Perhaps br-ex? Or whereever I see my static IP when doing an ifconfig
:-) Was enp3s0 when CentOS was first installed, but I think thats changed
somehow.

+----------------------------+-----------------------------+--------------------------------------------------------------+
| linuxbridge_agent: Section | Key |
Value |

+----------------------------+-----------------------------+--------------------------------------------------------------+
| linuxbridge | physicalinterfacemappings |
public:enp3s0 |
| vxlan | l2
population |
True |
| vxlan | localip |
172.22.10.99 |
| vxlan | enable
vxlan |
True |
| agent | preventarpspoofing |
True |
| securitygroup | firewalldriver |
neutron.agent.linux.iptables
firewall.IptablesFirewallDriver |
| securitygroup | enablesecuritygroup |
True |

+----------------------------+-----------------------------+--------------------------------------------------------------+

On Wed, Mar 23, 2016 at 3:34 PM, Dan Sneddon dsneddon@redhat.com wrote:

On 03/23/2016 03:05 PM, Christopher Hull wrote:

Hi Keven / all;

Re: Getting a Neutron Router to work. (set externalnetworkbridge =
blank). Apologies if this got sent twice.

Nope, not quite there yet re getting the damn router to work (week 3 on
this issue).

The Liberty install instructions indeed say to set...
externalnetworkbridge =

I'm so desperate that I thought the blank space after the = might be
the issue. No. Then I noticed these instructions in l3_agent.ini
itself.


When externalnetworkbridge is set, each L3 agent can be associated

with no more than one external network. This value should be set to

the UUID

of that external network. To allow L3 agent support multiple external

networks, both the externalnetworkbridge and

gatewayexternalnetwork_id

must be left empty.

gatewayexternalnetwork_id =


1: Should gatewayexternalnetworkid = be unoommented?
2: Should I reupdate the database after these changes?
su -s /bin/sh -c "neutron-db-manage --config-file
/etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2
conf.ini upgrade head"
neutron

3: Should externalnetworkbridge in fact be set to the UUID of the
public network?

  1. All instances Ports work just fine on public and private network.
    WHAT is the difference between a Neutron router northbound port and an
    instance port on the public net.

Services restarted after config change (just removed space after =
actually just in case sloppy Python coding was involved here). In
fact, I rebooted the box just to be sure.

Making my own instance based router is looking better and better all
the time. If Neutron Routers really work, maybe UFO's exist too.
:-) j/k

Seriously. Thank you for your help. Hope to help the community
soon too myself. Trying to get my Gerrit account up and running but
the OpenStack.org site won't allow me to sign the Contrib agreement
with out getting a server error.

==== Config Details ======
Issue Neutron Router Northbound Port won't Ping, is Down

[root@maersk src]# ./pluto.py show -p /etc neutron rootwrap.conf
ml2conf.ini l3agent.ini linuxbridgeagent.ini dhcpagent.ini
+-----------------------+-----------------------------------
-+-------------------------------------------------+
| neutron: Section | Key |
Value |
+-----------------------+-----------------------------------
-+-------------------------------------------------+
| DEFAULT | verbose |
True |
| DEFAULT | novaurl |
http://controller:8774/v2 |
| DEFAULT | notify
novaonportdatachanges |
True |
| DEFAULT | notifynovaonportstatuschanges |
True |
| DEFAULT | auth
strategy |
keystone |
| DEFAULT | rpcbackend |
rabbit |
| DEFAULT | allow
overlappingips |
True |
| DEFAULT | service
plugins |
router |
| DEFAULT | coreplugin |
ml2 |
| keystone
authtoken | password |
mk4968small23buggidntpass |
| keystoneauthtoken | username |
neutron |
| keystone
authtoken | projectname |
service |
| keystone
authtoken | userdomainid |
default |
| keystoneauthtoken | projectdomainid |
default |
| keystone
authtoken | authplugin |
password |
| keystone
authtoken | authurl |
http://controller:35357 |
| keystone
authtoken | authuri |
http://controller:5000 |
| database | connection |
mysql://neutron:sleestack191@controller/neutron |
| nova | password |
mk4968small23buggidntpass |
| nova | username |
nova |
| nova | project
name |
service |
| nova | regionname |
RegionOne |
| nova | user
domainid |
default |
| nova | project
domainid |
default |
| nova | auth
plugin |
password |
| nova | authurl |
http://controller:35357 |
| oslo
concurrency | lockpath |
/var/lib/neutron/tmp |
| oslo
messagingrabbit | rabbitpassword |
open.g00dke232 |
| oslomessagingrabbit | rabbituserid |
openstack |
| oslo
messagingrabbit | rabbithost |
controller |
+-----------------------+-----------------------------------
-+-------------------------------------------------+
+-------------------+---------------------+-----------------
---------------------------------------------+
| rootwrap: Section | Key |
Value |
+-------------------+---------------------+-----------------
---------------------------------------------+
| DEFAULT | filterspath |
/etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap |
| DEFAULT | exec
dirs |
/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin |
| DEFAULT | usesyslog |
False |
| DEFAULT | syslog
logfacility |
syslog |
| DEFAULT | syslog
loglevel |
ERROR |
+-------------------+---------------------+-----------------
---------------------------------------------+
+-------------------+----------------------+--------------------------+
| ml2
conf: Section | Key | Value |
+-------------------+----------------------+--------------------------+
| ml2 | extensiondrivers | portsecurity |
| ml2 | mechanismdrivers | linuxbridge,l2population |
| ml2 | tenant
networktypes | vxlan |
| ml2 | type
drivers | flat,vlan,vxlan |
| ml2typeflat | flatnetworks | public |
| ml2
typevxlan | vniranges | 1:1000 |
| securitygroup | enableipset | True |
+-------------------+----------------------+--------------------------+
+-------------------+--------------------------+------------
-----------------------------------------+
| l3
agent: Section | Key |
Value |
+-------------------+--------------------------+------------
-----------------------------------------+
| DEFAULT | externalnetworkbridge
| |
| DEFAULT | verbose |
True |
| DEFAULT | interfacedriver |
neutron.agent.linux.interface.BridgeInterfaceDriver |
+-------------------+--------------------------+------------
-----------------------------------------+
+----------------------------+-----------------------------+
--------------------------------------------------------------+
| linuxbridge
agent: Section | Key |
Value |
+----------------------------+-----------------------------+
--------------------------------------------------------------+
| linuxbridge | physicalinterfacemappings |
public:enp3s0 |
| vxlan | l2
population |
True |
| vxlan | localip |
172.22.10.99 |
| vxlan | enable
vxlan |
True |
| agent | preventarpspoofing |
True |
| securitygroup | firewalldriver |
neutron.agent.linux.iptables
firewall.IptablesFirewallDriver |
| securitygroup | enablesecuritygroup |
True |
+----------------------------+-----------------------------+
--------------------------------------------------------------+
+---------------------+--------------------------+----------
-------------------------------------------+
| dhcpagent: Section | Key |
Value |
+---------------------+--------------------------+----------
-------------------------------------------+
| DEFAULT | dnsmasq
configfile |
/etc/neutron/dnsmasq-neutron.conf |
| DEFAULT | verbose |
True |
| DEFAULT | enable
isolatedmetadata |
True |
| DEFAULT | dhcp
driver |
neutron.agent.linux.dhcp.Dnsmasq |
| DEFAULT | interface_driver |
neutron.agent.linux.interface.BridgeInterfaceDriver |
+---------------------+--------------------------+----------
-------------------------------------------+

On Wed, Mar 23, 2016 at 8:50 AM, <chrishull42@gmail.com
chrishull42@gmail.com> wrote:

Thanks. Will check that.
When I create an instance in the public or private nets they ping.
Why do router ports behave differently than instance ports?  Only
the Northbound router port is down and won't ping.   Will check
settings ASAP thanks

Chris.

Sent from my iPhone

On Mar 23, 2016, at 7:52 AM, Kevin Benton <kevin@benton.pub
<mailto:kevin@benton.pub>> wrote:
Ok. The same settings should apply to Linux bridge.

Make sure you have external_network_bridge defined in your L3
agent as an empty value.

Then your external network should be created with the provider
type of 'flat' and the physical network corresponding to the one
you have defined in your bridge mappings in the L2 agent  that
attaches to the bridge going to your external physical network.

On Mar 23, 2016 7:25 AM, <chrishull42@gmail.com
<mailto:chrishull42@gmail.com>> wrote:

    Kevin;
    Thank you Very much.  I'll check.   I did a manual Liberty
    install so I may have done something wrong.  I am using
    LinuxBridge (not OpenVSwitch) if that helps.  Will post
    results to list soon.  Would like to be able to use floating
    IPs, a more convenient form of ipTables basically.

    Chris.

    Sent from my iPhone

    On Mar 23, 2016, at 7:16 AM, Kevin Benton <kevin@benton.pub
    <mailto:kevin@benton.pub>> wrote:
    Do you have external_network_bridge set to an empty value in
    the l3 agent config? If not, the l3 agent will use a legacy
    mode of wiring up the port and it's status field may not be
    ACTIVE.

    The routers are tested thousands of times in the gate every
    day, so they work. It's just a matter of getting your
    configuration correct.

    Yes, you can use a VM to route as well.

    On Mar 23, 2016 7:06 AM, <chrishull42@gmail.com
    <mailto:chrishull42@gmail.com>> wrote:

        Hi all;
        It appears that Liberty Neutron routers do not work.
        The Northbound port is always Down.

        What I'd like to do is dedicate an instance (CentOS) to
        routing between the Public net and other nets.  Has
        anyone done this.  Setting up the router is trivial.
        But I'm a little worried about interaction with Neutron
        Ports.  I need to assign fixed IPs so I can route from
        the Internet to a server instance.

        Ideas?

        Thanks
        - Chris.

        Sent from my iPhone
        _______________________________________________
        OpenStack-operators mailing list
        OpenStack-operators@lists.openstack.org
        <mailto:OpenStack-operators@lists.openstack.org>

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

Definitely the externalnetworkbridge needs to be explicitly set to
nothing. That's not the default. I've never had to change the default
gatewayexternalnetworkid when I set externalnetwork_bridge to a
blank value.

Note that after making changes to externalnetworkbridge, I've have to
delete and recreate the router/port/network that was created before
that change.

I assume that your bridge mappings are correct in
/etc/neutron/plugins/openvswitch/ovsneutronplugin.ini:

bridge_mappings =datacentre:br-ex # or whatever you have locally

And that the physicalnetwork of the external network matches the
network name in the bridge
mappings that corresponds to the bridge
containing the physical interface? Probably your instance ports
wouldn't work if those things weren't correct, but those are also areas
where I see failures similar to this.

--
Dan Sneddon | Principal OpenStack Engineer
dsneddon@redhat.com | redhat.com/openstack
650.254.4025 | dsneddon:irc @dxs:twitter


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
responded Mar 23, 2016 by Christopher_Hull (2,220 points)   2 5 7
0 votes

On 03/23/2016 04:06 PM, Christopher Hull wrote:
Hmmm. Well I'm not using OpenVSwitch. Just LinuxBridge. My CentOS
7 install sees emp3s0 where eth0 would usually appear. But this may
need to be changed to br-ex? The IP address no longer apperas at
enp3s0, so perhaps that's the issue.

When I make changes, I tear down all the networks and rebuild them
according to instructions. I do this after restarting the machine. I
wonder if the database needs to be updated as well.

su -s /bin/sh -c "neutron-db-manage --config-file
/etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl stop neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl stop neutron-l3-agent.service
and restart.

Thanks for the help. Yes. It's a bit confusing. Why are router and
instance ports different? It is for this reason that I figured I could
just create my own instance/router. But why should I have to? Do
routers not work unless you use OpenVSwitch? The Liberty install
instructions (unlike Kilo) don't seem to require installing OpenVSwitch.

linuxbridgeagent.ini
inuxbridge | physicalinterface_mappings | public:enp3s0

Perhaps br-ex? Or whereever I see my static IP when doing an
ifconfig :-) Was enp3s0 when CentOS was first installed, but I think
thats changed somehow.

+----------------------------+-----------------------------+--------------------------------------------------------------+
| linuxbridgeagent: Section | Key |
Value |
+----------------------------+-----------------------------+--------------------------------------------------------------+
| linux
bridge | physicalinterfacemappings |
public:enp3s0 |
| vxlan | l2population |
True |
| vxlan | local
ip |
172.22.10.99 |
| vxlan | enablevxlan |
True |
| agent | prevent
arpspoofing |
True |
| securitygroup | firewall
driver |
neutron.agent.linux.iptablesfirewall.IptablesFirewallDriver |
| securitygroup | enable
security_group |
True |
+----------------------------+-----------------------------+--------------------------------------------------------------+

On Wed, Mar 23, 2016 at 3:34 PM, Dan Sneddon <dsneddon@redhat.com
dsneddon@redhat.com> wrote:

On 03/23/2016 03:05 PM, Christopher Hull wrote:
> Hi Keven / all;
>
> Re: Getting a Neutron Router to work.  (set external_network_bridge =
> blank).  Apologies if this got sent twice.
>
> Nope, not quite there yet re getting the damn router to work
(week 3 on
> this issue).
>
> The Liberty install instructions indeed say to set...
> external_network_bridge =
>
> I'm so desperate that I thought the blank space after the = might be
> the issue.  No.   Then I noticed these instructions in
l3_agent.ini itself.
> -----
> # When external_network_bridge is set, each L3 agent can be
associated
> # with no more than one external network. This value should be set to
> the UUID
> # of that external network. To allow L3 agent support multiple
external
> # networks, both the external_network_bridge and
> gateway_external_network_id
> # must be left empty.
> # gateway_external_network_id =
> ----
>
> 1: Should gateway_external_network_id = be unoommented?
> 2: Should I reupdate the database after these changes?
> su -s /bin/sh -c "neutron-db-manage --config-file
> /etc/neutron/neutron.conf \
>   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade
head" neutron
>
> 3: Should external_network_bridge in fact be set to the UUID of the
> public network?
>
> 4. All instances Ports work just fine on public and private network.
> WHAT is the difference between a Neutron router northbound port
and an
> instance port on the public net.
>
> Services restarted after config change (just removed space after =
> actually just in case sloppy Python coding was involved here).  In
> fact, I rebooted the box just to be sure.
>
> Making my own instance based router is looking better and better all
> the time.   If Neutron Routers really work, maybe UFO's exist too.
> :-)   j/k
>
>
> Seriously.  Thank you for your help.     Hope to help the community
> soon too myself.  Trying to get my Gerrit account up and running but
> the OpenStack.org site won't allow me to sign the Contrib agreement
> with out getting a server error.
>
>
> ====  Config Details ======
> Issue   Neutron Router Northbound Port won't Ping, is Down
>
> [root@maersk src]# ./pluto.py show  -p /etc neutron  rootwrap.conf
> ml2_conf.ini l3_agent.ini linuxbridge_agent.ini dhcp_agent.ini
>
+-----------------------+------------------------------------+-------------------------------------------------+
> | neutron: Section      | Key                                |
> Value                                           |
>
+-----------------------+------------------------------------+-------------------------------------------------+
> | DEFAULT               | verbose                            |
> True                                            |
> | DEFAULT               | nova_url                           |
> http://controller:8774/v2                       |
> | DEFAULT               | notify_nova_on_port_data_changes   |
> True                                            |
> | DEFAULT               | notify_nova_on_port_status_changes |
> True                                            |
> | DEFAULT               | auth_strategy                      |
> keystone                                        |
> | DEFAULT               | rpc_backend                        |
> rabbit                                          |
> | DEFAULT               | allow_overlapping_ips              |
> True                                            |
> | DEFAULT               | service_plugins                    |
> router                                          |
> | DEFAULT               | core_plugin                        |
> ml2                                             |
> | keystone_authtoken    | password                           |
> mk4968small23buggidntpass                       |
> | keystone_authtoken    | username                           |
> neutron                                         |
> | keystone_authtoken    | project_name                       |
> service                                         |
> | keystone_authtoken    | user_domain_id                     |
> default                                         |
> | keystone_authtoken    | project_domain_id                  |
> default                                         |
> | keystone_authtoken    | auth_plugin                        |
> password                                        |
> | keystone_authtoken    | auth_url                           |
> http://controller:35357                         |
> | keystone_authtoken    | auth_uri                           |
> http://controller:5000                          |
> | database              | connection                         |
> mysql://neutron:sleestack191@controller/neutron |
> | nova                  | password                           |
> mk4968small23buggidntpass                       |
> | nova                  | username                           |
> nova                                            |
> | nova                  | project_name                       |
> service                                         |
> | nova                  | region_name                        |
> RegionOne                                       |
> | nova                  | user_domain_id                     |
> default                                         |
> | nova                  | project_domain_id                  |
> default                                         |
> | nova                  | auth_plugin                        |
> password                                        |
> | nova                  | auth_url                           |
> http://controller:35357                         |
> | oslo_concurrency      | lock_path                          |
> /var/lib/neutron/tmp                            |
> | oslo_messaging_rabbit | rabbit_password                    |
> open.g00dke232                                  |
> | oslo_messaging_rabbit | rabbit_userid                      |
> openstack                                       |
> | oslo_messaging_rabbit | rabbit_host                        |
> controller                                      |
>
+-----------------------+------------------------------------+-------------------------------------------------+
>
+-------------------+---------------------+--------------------------------------------------------------+
> | rootwrap: Section | Key                 |
> Value                                                        |
>
+-------------------+---------------------+--------------------------------------------------------------+
> | DEFAULT           | filters_path        |
> /etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap            |
> | DEFAULT           | exec_dirs           |
> /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin |
> | DEFAULT           | use_syslog          |
> False                                                        |
> | DEFAULT           | syslog_log_facility |
> syslog                                                       |
> | DEFAULT           | syslog_log_level    |
> ERROR                                                        |
>
+-------------------+---------------------+--------------------------------------------------------------+
>
+-------------------+----------------------+--------------------------+
> | ml2_conf: Section | Key                  | Value               
    |
>
+-------------------+----------------------+--------------------------+
> | ml2               | extension_drivers    | port_security       
    |
> | ml2               | mechanism_drivers    |
linuxbridge,l2population |
> | ml2               | tenant_network_types | vxlan               
    |
> | ml2               | type_drivers         | flat,vlan,vxlan     
    |
> | ml2_type_flat     | flat_networks        | public             
     |
> | ml2_type_vxlan    | vni_ranges           | 1:1000             
     |
> | securitygroup     | enable_ipset         | True               
     |
>
+-------------------+----------------------+--------------------------+
>
+-------------------+--------------------------+-----------------------------------------------------+
> | l3_agent: Section | Key                      |
> Value                                               |
>
+-------------------+--------------------------+-----------------------------------------------------+
> | DEFAULT           | external_network_bridge
> |                                                     |
> | DEFAULT           | verbose                  |
> True                                                |
> | DEFAULT           | interface_driver         |
> neutron.agent.linux.interface.BridgeInterfaceDriver |
>
+-------------------+--------------------------+-----------------------------------------------------+
>
+----------------------------+-----------------------------+--------------------------------------------------------------+
> | linuxbridge_agent: Section | Key                         |
> Value                                                        |
>
+----------------------------+-----------------------------+--------------------------------------------------------------+
> | linux_bridge               | physical_interface_mappings |
> public:enp3s0                                                |
> | vxlan                      | l2_population               |
> True                                                         |
> | vxlan                      | local_ip                    |
> 172.22.10.99                                                 |
> | vxlan                      | enable_vxlan                |
> True                                                         |
> | agent                      | prevent_arp_spoofing        |
> True                                                         |
> | securitygroup              | firewall_driver             |
> neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
> | securitygroup              | enable_security_group       |
> True                                                         |
>
+----------------------------+-----------------------------+--------------------------------------------------------------+
>
+---------------------+--------------------------+-----------------------------------------------------+
> | dhcp_agent: Section | Key                      |
> Value                                               |
>
+---------------------+--------------------------+-----------------------------------------------------+
> | DEFAULT             | dnsmasq_config_file      |
> /etc/neutron/dnsmasq-neutron.conf                   |
> | DEFAULT             | verbose                  |
> True                                                |
> | DEFAULT             | enable_isolated_metadata |
> True                                                |
> | DEFAULT             | dhcp_driver              |
> neutron.agent.linux.dhcp.Dnsmasq                    |
> | DEFAULT             | interface_driver         |
> neutron.agent.linux.interface.BridgeInterfaceDriver |
>
+---------------------+--------------------------+-----------------------------------------------------+
>
>
>
>
>
>
>
>
>
>
> - Christopher T. Hull
> I am presently seeking a new career opportunity  Please see
career page
> http://chrishull.com/career
> 333 Orchard Ave, Sunnyvale CA. 94085
> (415) 385 4865 <tel:%28415%29%20385%204865>
> chrishull42@gmail.com <mailto:chrishull42@gmail.com>
<mailto:chrishull42@gmail.com <mailto:chrishull42@gmail.com>>
> http://chrishull.com
>
>
>
> On Wed, Mar 23, 2016 at 8:50 AM, <chrishull42@gmail.com <mailto:chrishull42@gmail.com>
> <mailto:chrishull42@gmail.com <mailto:chrishull42@gmail.com>>> wrote:
>
>     Thanks. Will check that.
>     When I create an instance in the public or private nets they ping.
>     Why do router ports behave differently than instance ports?  Only
>     the Northbound router port is down and won't ping.   Will check
>     settings ASAP thanks
>
>     Chris.
>
>     Sent from my iPhone
>
>     On Mar 23, 2016, at 7:52 AM, Kevin Benton <kevin@benton.pub
>     <mailto:kevin@benton.pub <mailto:kevin@benton.pub>>> wrote:
>
>>     Ok. The same settings should apply to Linux bridge.
>>
>>     Make sure you have external_network_bridge defined in your L3
>>     agent as an empty value.
>>
>>     Then your external network should be created with the provider
>>     type of 'flat' and the physical network corresponding to the one
>>     you have defined in your bridge mappings in the L2 agent  that
>>     attaches to the bridge going to your external physical network.
>>
>>     On Mar 23, 2016 7:25 AM, <chrishull42@gmail.com <mailto:chrishull42@gmail.com>
>>     <mailto:chrishull42@gmail.com <mailto:chrishull42@gmail.com>>> wrote:
>>
>>         Kevin;
>>         Thank you Very much.  I'll check.   I did a manual Liberty
>>         install so I may have done something wrong.  I am using
>>         LinuxBridge (not OpenVSwitch) if that helps.  Will post
>>         results to list soon.  Would like to be able to use floating
>>         IPs, a more convenient form of ipTables basically.
>>
>>         Chris.
>>
>>         Sent from my iPhone
>>
>>         On Mar 23, 2016, at 7:16 AM, Kevin Benton <kevin@benton.pub
>>         <mailto:kevin@benton.pub <mailto:kevin@benton.pub>>> wrote:
>>
>>>         Do you have external_network_bridge set to an empty value in
>>>         the l3 agent config? If not, the l3 agent will use a legacy
>>>         mode of wiring up the port and it's status field may not be
>>>         ACTIVE.
>>>
>>>         The routers are tested thousands of times in the gate every
>>>         day, so they work. It's just a matter of getting your
>>>         configuration correct.
>>>
>>>         Yes, you can use a VM to route as well.
>>>
>>>         On Mar 23, 2016 7:06 AM, <chrishull42@gmail.com <mailto:chrishull42@gmail.com>
>>>         <mailto:chrishull42@gmail.com <mailto:chrishull42@gmail.com>>> wrote:
>>>
>>>             Hi all;
>>>             It appears that Liberty Neutron routers do not work.
>>>             The Northbound port is always Down.
>>>
>>>             What I'd like to do is dedicate an instance (CentOS) to
>>>             routing between the Public net and other nets.  Has
>>>             anyone done this.  Setting up the router is trivial.
>>>             But I'm a little worried about interaction with Neutron
>>>             Ports.  I need to assign fixed IPs so I can route from
>>>             the Internet to a server instance.
>>>
>>>             Ideas?
>>>
>>>             Thanks
>>>             - Chris.
>>>
>>>             Sent from my iPhone
>>>             _______________________________________________
>>>             OpenStack-operators mailing list
>>>             OpenStack-operators@lists.openstack.org
<mailto:OpenStack-operators@lists.openstack.org>
>>>             <mailto:OpenStack-operators@lists.openstack.org
<mailto:OpenStack-operators@lists.openstack.org>>
>>>           
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators@lists.openstack.org
<mailto:OpenStack-operators@lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>

Definitely the external_network_bridge needs to be explicitly set to
nothing. That's not the default. I've never had to change the default
gateway_external_network_id when I set external_network_bridge to a
blank value.

Note that after making changes to external_network_bridge, I've have to
delete and recreate the router/port/network that was created before
that change.

I assume that your bridge mappings are correct in
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:

bridge_mappings =datacentre:br-ex  # or whatever you have locally

And that the physical_network of the external network matches the
network name in the bridge_mappings that corresponds to the bridge
containing the physical interface? Probably your instance ports
wouldn't work if those things weren't correct, but those are also areas
where I see failures similar to this.

--
Dan Sneddon         |  Principal OpenStack Engineer
dsneddon@redhat.com <mailto:dsneddon@redhat.com> | 
redhat.com/openstack 
650.254.4025 <tel:650.254.4025>        |  dsneddon:irc   @dxs:twitter


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

I didn't mean to confuse you by assuming that you were running Open
vSwitch. You don't have to run Open vSwitch, and some things do work
differently when using Linux bridge.

If your IP address is no longer on enp3s0, then that might be an
indicator that you have a bridge subsuming enp3s0. In that case, I'm
pretty sure that the physicalinterfacemapping should be
public:. I spend a lot more time with OVS deployments, though.

--
Dan Sneddon | Principal OpenStack Engineer
dsneddon@redhat.com | redhat.com/openstack
650.254.4025 | dsneddon:irc @dxs:twitter


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
responded Mar 23, 2016 by Dan_Sneddon (2,000 points)   1 3
0 votes

Conclusion. Neutron routers under Liberty (Linux Bridge) don't work.
Please prove me wrong..... Moving on to manual router creation.
1: How can I assign a fixed IP to an instance?
2: If I add routes will they get used? I probably have to create a Port
for every route (as Floating IPs do ).

------ Session: Trying to create a working router for the 15th time.
:-) ----

[root@maersk src]# ifconfig
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255
inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64 scopeid
0x0
inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20
ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
RX packets 238 bytes 16020 (15.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 60 bytes 6650 (6.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 4985 bytes 1060267 (1.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4985 bytes 1060267 (1.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@maersk src]# source admin-openrc.sh
[root@maersk src]# clear

[root@maersk src]# neutron net-create public --shared
--provider:physical_network public \

--provider:networktype flat
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin
stateup | True |
| id | 9ee73442-5a86-48c0-84da-8f650937fd08 |
| mtu | 0 |
| name | public |
| port
securityenabled | True |
| provider:network
type | flat |
| provider:physicalnetwork | public |
| provider:segmentation
id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tenantid | fdf3f98a9b0c4e9e94603d8a84ea41a8 |
+---------------------------+--------------------------------------+
[root@maersk src]# neutron subnet-create public 172.22.10.0/24 --name
public \
--allocation-pool start=172.22.10.10,end=172.22.10.90 \
--dns-nameserver 172.22.10.254 --gateway 172.22.10.254 --enable
dhcp
False
Created a new subnet:
+-------------------+--------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------+
| allocationpools | {"start": "172.22.10.10", "end": "172.22.10.90"} |
| cidr | 172.22.10.0/24 |
| dns
nameservers | 172.22.10.254 |
| enabledhcp | False |
| gateway
ip | 172.22.10.254 |
| hostroutes | |
| id | 28683bfe-2410-4f9b-b805-ec3c7aee009a |
| ip
version | 4 |
| ipv6addressmode | |
| ipv6ramode | |
| name | public |
| networkid | 9ee73442-5a86-48c0-84da-8f650937fd08 |
| subnetpool
id | |
| tenant_id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |
+-------------------+--------------------------------------------------+
[root@maersk src]# ifconfig
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255
inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64 scopeid
0x0
inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20
ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
RX packets 5032 bytes 373870 (365.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2602 bytes 3154215 (3.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 46701 bytes 12008341 (11.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 46701 bytes 12008341 (11.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@maersk src]# neutron net-list
+--------------------------------------+--------+-----------------------------------------------------+
| id | name |
subnets |
+--------------------------------------+--------+-----------------------------------------------------+
| 9ee73442-5a86-48c0-84da-8f650937fd08 | public |
28683bfe-2410-4f9b-b805-ec3c7aee009a 172.22.10.0/24 |
+--------------------------------------+--------+-----------------------------------------------------+
[root@maersk src]# source demo-openrc.sh
[root@maersk src]# neutron net-create private
Created a new network:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| adminstateup | True |
| id | 573956a6-1378-4100-83c2-db5c3bf9a95c |
| mtu | 0 |
| name | private |
| portsecurityenabled | True |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | 7813be77b1de4196b1c6b77006afa21c |
+-----------------------+--------------------------------------+
[root@maersk src]# neutron subnet-create private 192.168.10.0/24 \

 --name private --dns-nameserver 172.22.10.254 --gateway 192.168.10.1

Created a new subnet:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| allocationpools | {"start": "192.168.10.2", "end": "192.168.10.254"} |
| cidr | 192.168.10.0/24 |
| dns
nameservers | 172.22.10.254 |
| enabledhcp | True |
| gateway
ip | 192.168.10.1 |
| hostroutes | |
| id | 83f4f5e5-13b6-41f2-af07-b96d86847e2b |
| ip
version | 4 |
| ipv6addressmode | |
| ipv6ramode | |
| name | private |
| networkid | 573956a6-1378-4100-83c2-db5c3bf9a95c |
| subnetpool
id | |
| tenant_id | 7813be77b1de4196b1c6b77006afa21c |
+-------------------+----------------------------------------------------+
[root@maersk src]# ifconfig
brq573956a6-13: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet6 fe80::6469:36ff:fecc:a4d8 prefixlen 64 scopeid 0x20
ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet)
RX packets 4 bytes 264 (264.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 578 (578.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255
inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64 scopeid
0x0
inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20
ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
RX packets 5310 bytes 393373 (384.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2661 bytes 3165497 (3.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 50779 bytes 13259383 (12.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 50779 bytes 13259383 (12.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tapbb0ceef0-e6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet6 fe80::e816:29ff:fec8:9925 prefixlen 64 scopeid 0x20
ether ea:16:29:c8:99:25 txqueuelen 1000 (Ethernet)
RX packets 7 bytes 578 (578.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 1066 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vxlan-92: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet6 fe80::d888:38ff:fe4a:6e1 prefixlen 64 scopeid 0x20
ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 16 overruns 0 carrier 0 collisions 0

[root@maersk src]# source admin-openrc.sh
[root@maersk src]# neutron net-update public --router:external
Updated network: public
[root@maersk src]# source demo-openrc.sh
[root@maersk src]# neutron router-create router
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| adminstateup | True |
| externalgatewayinfo | |
| id | ff6a61f5-f497-43a1-b245-64ec8e87b488 |
| name | router |
| routes | |
| status | ACTIVE |
| tenantid | 7813be77b1de4196b1c6b77006afa21c |
+-----------------------+--------------------------------------+
[root@maersk src]# neutron router-interface-add router private
Multiple router matches found for name 'router', use an ID to be more
specific.
[root@maersk src]# neutron router-list
+--------------------------------------+--------+-----------------------+
| id | name | external
gatewayinfo |
+--------------------------------------+--------+-----------------------+
| 5939b796-cae6-4d72-8d34-66e20afb95aa | router | null |
| ff6a61f5-f497-43a1-b245-64ec8e87b488 | router | null |
+--------------------------------------+--------+-----------------------+
[root@maersk src]# neutron router-delete
5939b796-cae6-4d72-8d34-66e20afb95aa
Deleted router: 5939b796-cae6-4d72-8d34-66e20afb95aa
[root@maersk src]# neutron router-delete
ff6a61f5-f497-43a1-b245-64ec8e87b488
Deleted router: ff6a61f5-f497-43a1-b245-64ec8e87b488
[root@maersk src]# neutron router-create router
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin
stateup | True |
| external
gatewayinfo | |
| id | a1be1dbd-1a94-4a8c-8093-45a7af89140c |
| name | router |
| routes | |
| status | ACTIVE |
| tenant
id | 7813be77b1de4196b1c6b77006afa21c |
+-----------------------+--------------------------------------+
[root@maersk src]# neutron router-interface-add router private
Added interface 74c0d2df-3944-43d7-8be9-2ef0d9242edc to router router.
[root@maersk src]# neutron router-gateway-set router public
Set gateway for router router
[root@maersk src]# source admin-openrc.sh
[root@maersk src]# ip netns
qrouter-a1be1dbd-1a94-4a8c-8093-45a7af89140c (id: 1)
qdhcp-573956a6-1378-4100-83c2-db5c3bf9a95c (id: 0)
[root@maersk src]# neutron router-port-list router
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
| id | name | macaddress |
fixed
ips
|
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
| 21c8decf-e4c8-4467-9266-ca5cfb9c7c20 | | fa:16:3e:d6:29:b4 |
{"subnetid": "28683bfe-2410-4f9b-b805-ec3c7aee009a", "ipaddress":
"172.22.10.10"} |
| 74c0d2df-3944-43d7-8be9-2ef0d9242edc | | fa:16:3e:7b:d6:0f |
{"subnetid": "83f4f5e5-13b6-41f2-af07-b96d86847e2b", "ipaddress":
"192.168.10.1"} |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
[root@maersk src]# ping 172.22.10.10
PING 172.22.10.10 (172.22.10.10) 56(84) bytes of data.
From 172.22.10.99 icmpseq=1 Destination Host Unreachable
From 172.22.10.99 icmp
seq=2 Destination Host Unreachable
From 172.22.10.99 icmpseq=3 Destination Host Unreachable
From 172.22.10.99 icmp
seq=4 Destination Host Unreachable
From 172.22.10.99 icmpseq=5 Destination Host Unreachable
From 172.22.10.99 icmp
seq=6 Destination Host Unreachable
From 172.22.10.99 icmpseq=7 Destination Host Unreachable
From 172.22.10.99 icmp
seq=8 Destination Host Unreachable
^C
--- 172.22.10.10 ping statistics ---
8 packets transmitted, 0 received, +8 errors, 100% packet loss, time 7000ms
pipe 4
[root@maersk src]# ifconfig
brq573956a6-13: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet6 fe80::6469:36ff:fecc:a4d8 prefixlen 64 scopeid 0x20
ether 72:65:0b:f7:66:9c txqueuelen 0 (Ethernet)
RX packets 6 bytes 348 (348.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255
inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64 scopeid
0x0
inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20
ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
RX packets 6360 bytes 464736 (453.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2867 bytes 3196849 (3.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 65582 bytes 17827940 (17.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 65582 bytes 17827940 (17.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tap74c0d2df-39: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet6 fe80::7065:bff:fef7:669c prefixlen 64 scopeid 0x20
ether 72:65:0b:f7:66:9c txqueuelen 1000 (Ethernet)
RX packets 10 bytes 864 (864.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tapbb0ceef0-e6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet6 fe80::e816:29ff:fec8:9925 prefixlen 64 scopeid 0x20
ether ea:16:29:c8:99:25 txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1248 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vxlan-92: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet6 fe80::d888:38ff:fe4a:6e1 prefixlen 64 scopeid 0x20
ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 19 overruns 0 carrier 0 collisions 0

On Wed, Mar 23, 2016 at 4:34 PM, Dan Sneddon dsneddon@redhat.com wrote:

On 03/23/2016 04:06 PM, Christopher Hull wrote:

Hmmm. Well I'm not using OpenVSwitch. Just LinuxBridge. My CentOS
7 install sees emp3s0 where eth0 would usually appear. But this may
need to be changed to br-ex? The IP address no longer apperas at
enp3s0, so perhaps that's the issue.

When I make changes, I tear down all the networks and rebuild them
according to instructions. I do this after restarting the machine. I
wonder if the database needs to be updated as well.

su -s /bin/sh -c "neutron-db-manage --config-file
/etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head"
neutron
systemctl stop neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl stop neutron-l3-agent.service
and restart.

Thanks for the help. Yes. It's a bit confusing. Why are router and
instance ports different? It is for this reason that I figured I could
just create my own instance/router. But why should I have to? Do
routers not work unless you use OpenVSwitch? The Liberty install
instructions (unlike Kilo) don't seem to require installing OpenVSwitch.

linuxbridgeagent.ini
inuxbridge | physicalinterface_mappings | public:enp3s0

Perhaps br-ex? Or whereever I see my static IP when doing an
ifconfig :-) Was enp3s0 when CentOS was first installed, but I think
thats changed somehow.

+----------------------------+-----------------------------+--------------------------------------------------------------+

| linuxbridge_agent: Section | Key |
Value |

+----------------------------+-----------------------------+--------------------------------------------------------------+

| linuxbridge | physicalinterfacemappings |
public:enp3s0 |
| vxlan | l2
population |
True |
| vxlan | localip |
172.22.10.99 |
| vxlan | enable
vxlan |
True |
| agent | preventarpspoofing |
True |
| securitygroup | firewalldriver |
neutron.agent.linux.iptables
firewall.IptablesFirewallDriver |
| securitygroup | enablesecuritygroup |
True |

+----------------------------+-----------------------------+--------------------------------------------------------------+

On Wed, Mar 23, 2016 at 3:34 PM, Dan Sneddon <dsneddon@redhat.com
dsneddon@redhat.com> wrote:

On 03/23/2016 03:05 PM, Christopher Hull wrote:
> Hi Keven / all;
>
> Re: Getting a Neutron Router to work.  (set

externalnetworkbridge =

blank). Apologies if this got sent twice.

Nope, not quite there yet re getting the damn router to work
(week 3 on
this issue).

The Liberty install instructions indeed say to set...
externalnetworkbridge =

I'm so desperate that I thought the blank space after the = might
be
the issue. No. Then I noticed these instructions in
l3_agent.ini itself.


When externalnetworkbridge is set, each L3 agent can be

associated

with no more than one external network. This value should be set

to
the UUID

of that external network. To allow L3 agent support multiple

external

networks, both the externalnetworkbridge and

gatewayexternalnetwork_id

must be left empty.

gatewayexternalnetwork_id =


1: Should gatewayexternalnetworkid = be unoommented?
2: Should I reupdate the database after these changes?
su -s /bin/sh -c "neutron-db-manage --config-file
/etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2
conf.ini upgrade
head" neutron

3: Should externalnetworkbridge in fact be set to the UUID of the
public network?

  1. All instances Ports work just fine on public and private
    network.
    WHAT is the difference between a Neutron router northbound port
    and an
    instance port on the public net.

Services restarted after config change (just removed space after =
actually just in case sloppy Python coding was involved here). In
fact, I rebooted the box just to be sure.

Making my own instance based router is looking better and better
all
the time. If Neutron Routers really work, maybe UFO's exist too.
:-) j/k

Seriously. Thank you for your help. Hope to help the community
soon too myself. Trying to get my Gerrit account up and running
but
the OpenStack.org site won't allow me to sign the Contrib agreement
with out getting a server error.

==== Config Details ======
Issue Neutron Router Northbound Port won't Ping, is Down

[root@maersk src]# ./pluto.py show -p /etc neutron rootwrap.conf
ml2conf.ini l3agent.ini linuxbridgeagent.ini dhcpagent.ini

+-----------------------+------------------------------------+-------------------------------------------------+

> | neutron: Section      | Key                                |
> Value                                           |
>

+-----------------------+------------------------------------+-------------------------------------------------+

> | DEFAULT               | verbose                            |
> True                                            |
> | DEFAULT               | nova_url                           |
> http://controller:8774/v2                       |
> | DEFAULT               | notify_nova_on_port_data_changes   |
> True                                            |
> | DEFAULT               | notify_nova_on_port_status_changes |
> True                                            |
> | DEFAULT               | auth_strategy                      |
> keystone                                        |
> | DEFAULT               | rpc_backend                        |
> rabbit                                          |
> | DEFAULT               | allow_overlapping_ips              |
> True                                            |
> | DEFAULT               | service_plugins                    |
> router                                          |
> | DEFAULT               | core_plugin                        |
> ml2                                             |
> | keystone_authtoken    | password                           |
> mk4968small23buggidntpass                       |
> | keystone_authtoken    | username                           |
> neutron                                         |
> | keystone_authtoken    | project_name                       |
> service                                         |
> | keystone_authtoken    | user_domain_id                     |
> default                                         |
> | keystone_authtoken    | project_domain_id                  |
> default                                         |
> | keystone_authtoken    | auth_plugin                        |
> password                                        |
> | keystone_authtoken    | auth_url                           |
> http://controller:35357                         |
> | keystone_authtoken    | auth_uri                           |
> http://controller:5000                          |
> | database              | connection                         |
> mysql://neutron:sleestack191@controller/neutron |
> | nova                  | password                           |
> mk4968small23buggidntpass                       |
> | nova                  | username                           |
> nova                                            |
> | nova                  | project_name                       |
> service                                         |
> | nova                  | region_name                        |
> RegionOne                                       |
> | nova                  | user_domain_id                     |
> default                                         |
> | nova                  | project_domain_id                  |
> default                                         |
> | nova                  | auth_plugin                        |
> password                                        |
> | nova                  | auth_url                           |
> http://controller:35357                         |
> | oslo_concurrency      | lock_path                          |
> /var/lib/neutron/tmp                            |
> | oslo_messaging_rabbit | rabbit_password                    |
> open.g00dke232                                  |
> | oslo_messaging_rabbit | rabbit_userid                      |
> openstack                                       |
> | oslo_messaging_rabbit | rabbit_host                        |
> controller                                      |
>

+-----------------------+------------------------------------+-------------------------------------------------+

>

+-------------------+---------------------+--------------------------------------------------------------+

> | rootwrap: Section | Key                 |
> Value                                                        |
>

+-------------------+---------------------+--------------------------------------------------------------+

> | DEFAULT           | filters_path        |
> /etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap            |
> | DEFAULT           | exec_dirs           |
> /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin |
> | DEFAULT           | use_syslog          |
> False                                                        |
> | DEFAULT           | syslog_log_facility |
> syslog                                                       |
> | DEFAULT           | syslog_log_level    |
> ERROR                                                        |
>

+-------------------+---------------------+--------------------------------------------------------------+

>

+-------------------+----------------------+--------------------------+

> | ml2_conf: Section | Key                  | Value
    |
>

+-------------------+----------------------+--------------------------+

> | ml2               | extension_drivers    | port_security
    |
> | ml2               | mechanism_drivers    |
linuxbridge,l2population |
> | ml2               | tenant_network_types | vxlan
    |
> | ml2               | type_drivers         | flat,vlan,vxlan
    |
> | ml2_type_flat     | flat_networks        | public
     |
> | ml2_type_vxlan    | vni_ranges           | 1:1000
     |
> | securitygroup     | enable_ipset         | True
     |
>

+-------------------+----------------------+--------------------------+

>

+-------------------+--------------------------+-----------------------------------------------------+

> | l3_agent: Section | Key                      |
> Value                                               |
>

+-------------------+--------------------------+-----------------------------------------------------+

> | DEFAULT           | external_network_bridge
> |                                                     |
> | DEFAULT           | verbose                  |
> True                                                |
> | DEFAULT           | interface_driver         |
> neutron.agent.linux.interface.BridgeInterfaceDriver |
>

+-------------------+--------------------------+-----------------------------------------------------+

>

+----------------------------+-----------------------------+--------------------------------------------------------------+

> | linuxbridge_agent: Section | Key                         |
> Value                                                        |
>

+----------------------------+-----------------------------+--------------------------------------------------------------+

> | linux_bridge               | physical_interface_mappings |
> public:enp3s0                                                |
> | vxlan                      | l2_population               |
> True                                                         |
> | vxlan                      | local_ip                    |
> 172.22.10.99                                                 |
> | vxlan                      | enable_vxlan                |
> True                                                         |
> | agent                      | prevent_arp_spoofing        |
> True                                                         |
> | securitygroup              | firewall_driver             |
> neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
> | securitygroup              | enable_security_group       |
> True                                                         |
>

+----------------------------+-----------------------------+--------------------------------------------------------------+

>

+---------------------+--------------------------+-----------------------------------------------------+

> | dhcp_agent: Section | Key                      |
> Value                                               |
>

+---------------------+--------------------------+-----------------------------------------------------+

> | DEFAULT             | dnsmasq_config_file      |
> /etc/neutron/dnsmasq-neutron.conf                   |
> | DEFAULT             | verbose                  |
> True                                                |
> | DEFAULT             | enable_isolated_metadata |
> True                                                |
> | DEFAULT             | dhcp_driver              |
> neutron.agent.linux.dhcp.Dnsmasq                    |
> | DEFAULT             | interface_driver         |
> neutron.agent.linux.interface.BridgeInterfaceDriver |
>

+---------------------+--------------------------+-----------------------------------------------------+

>
>
>
>
>
>
>
>
>
>
> - Christopher T. Hull
> I am presently seeking a new career opportunity  Please see
career page
> http://chrishull.com/career
> 333 Orchard Ave, Sunnyvale CA. 94085
> (415) 385 4865 <tel:%28415%29%20385%204865>
> chrishull42@gmail.com <mailto:chrishull42@gmail.com>
<mailto:chrishull42@gmail.com <mailto:chrishull42@gmail.com>>
> http://chrishull.com
>
>
>
> On Wed, Mar 23, 2016 at 8:50 AM, <chrishull42@gmail.com <mailto:

chrishull42@gmail.com>

<mailto:chrishull42@gmail.com chrishull42@gmail.com>>
wrote:

Thanks. Will check that.
When I create an instance in the public or private nets they

ping.
Why do router ports behave differently than instance ports?
Only
the Northbound router port is down and won't ping. Will check
settings ASAP thanks

Chris.

Sent from my iPhone

On Mar 23, 2016, at 7:52 AM, Kevin Benton <kevin@benton.pub
<mailto:kevin@benton.pub <mailto:kevin@benton.pub>>> wrote:
Ok. The same settings should apply to Linux bridge.

Make sure you have external_network_bridge defined in your L3
agent as an empty value.

Then your external network should be created with the provider
type of 'flat' and the physical network corresponding to the

one
you have defined in your bridge mappings in the L2 agent that
attaches to the bridge going to your external physical
network.

On Mar 23, 2016 7:25 AM, <chrishull42@gmail.com <mailto:

chrishull42@gmail.com>
<mailto:chrishull42@gmail.com chrishull42@gmail.com>>
wrote:

    Kevin;
    Thank you Very much.  I'll check.   I did a manual Liberty
    install so I may have done something wrong.  I am using
    LinuxBridge (not OpenVSwitch) if that helps.  Will post
    results to list soon.  Would like to be able to use

floating
IPs, a more convenient form of ipTables basically.

    Chris.

    Sent from my iPhone

    On Mar 23, 2016, at 7:16 AM, Kevin Benton

<kevin@benton.pub
<mailto:kevin@benton.pub kevin@benton.pub>>
wrote:

    Do you have external_network_bridge set to an empty

value in
the l3 agent config? If not, the l3 agent will use a
legacy
mode of wiring up the port and it's status field may not
be
ACTIVE.

    The routers are tested thousands of times in the gate

every
day, so they work. It's just a matter of getting your
configuration correct.

    Yes, you can use a VM to route as well.

    On Mar 23, 2016 7:06 AM, <chrishull42@gmail.com <mailto:

chrishull42@gmail.com>
<mailto:chrishull42@gmail.com >> wrote:

        Hi all;
        It appears that Liberty Neutron routers do not work.
        The Northbound port is always Down.

        What I'd like to do is dedicate an instance (CentOS)

to
routing between the Public net and other nets. Has
anyone done this. Setting up the router is trivial.
But I'm a little worried about interaction with
Neutron
Ports. I need to assign fixed IPs so I can route
from
the Internet to a server instance.

        Ideas?

        Thanks
        - Chris.

        Sent from my iPhone
        _______________________________________________
        OpenStack-operators mailing list
        OpenStack-operators@lists.openstack.org
<mailto:OpenStack-operators@lists.openstack.org>
        <mailto:OpenStack-operators@lists.openstack.org
<mailto:OpenStack-operators@lists.openstack.org>>

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

>>>
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators@lists.openstack.org
<mailto:OpenStack-operators@lists.openstack.org>
>

http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>

Definitely the external_network_bridge needs to be explicitly set to
nothing. That's not the default. I've never had to change the default
gateway_external_network_id when I set external_network_bridge to a
blank value.

Note that after making changes to external_network_bridge, I've have

to
delete and recreate the router/port/network that was created before
that change.

I assume that your bridge mappings are correct in
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:

bridge_mappings =datacentre:br-ex  # or whatever you have locally

And that the physical_network of the external network matches the
network name in the bridge_mappings that corresponds to the bridge
containing the physical interface? Probably your instance ports
wouldn't work if those things weren't correct, but those are also

areas
where I see failures similar to this.

--
Dan Sneddon         |  Principal OpenStack Engineer
dsneddon@redhat.com <mailto:dsneddon@redhat.com> |
redhat.com/openstack 
650.254.4025 <tel:650.254.4025>        |  dsneddon:irc

@dxs:twitter


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

I didn't mean to confuse you by assuming that you were running Open
vSwitch. You don't have to run Open vSwitch, and some things do work
differently when using Linux bridge.

If your IP address is no longer on enp3s0, then that might be an
indicator that you have a bridge subsuming enp3s0. In that case, I'm
pretty sure that the physicalinterfacemapping should be
public:. I spend a lot more time with OVS deployments, though.

--
Dan Sneddon | Principal OpenStack Engineer
dsneddon@redhat.com | redhat.com/openstack
650.254.4025 | dsneddon:irc @dxs:twitter


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
responded Mar 24, 2016 by Christopher_Hull (2,220 points)   2 5 7
0 votes

Hi Christopher,

Routers work under Liberty and LinuxBridge just fine, in my experience, so don’t be too quick to give up on them. I promise you’ll have a tougher go at it, at this point, using another virtual machine as a router.

Some tips:

  1. Use the ‘ip’ command rather than ‘ifconfig’. Output of ‘ip addr’ would be more helpful here.
  2. Use ‘brctl show’ to see the virtual bridges and their members. That output would be helpful here as well.

You have an IP configured on interface enp3s0, and I can’t tell what you have set as the physical interface mappings in the ML2/LinuxBridge agent config. On older email I see this:

physicalinterfacemappings | public:enp3s0

If that’s still the case, you’re going to have a hard time. The LinuxBridge agent expects to put the enp3s0 interface into the respective brq-* bridge that corresponds to the public (flat) network. Once the interface is in the bridge, you may lose connectivity to/from any address on that interface. At that point, your host will be unable to communicate with the router's gateway interface also in the bridge, and probably any external host. In this configuration, you may consider moving the IP from enp3s0 to the brq-* bridge temporarily. That should work. Give it a try and let me know.

James

From: Christopher Hull chrishull42@gmail.com
Date: Wednesday, March 23, 2016 at 7:21 PM
To: Dan Sneddon dsneddon@redhat.com
Cc: openstack-operators openstack-operators@lists.openstack.org
Subject: Re: [Openstack-operators] Manual router setup

Conclusion. Neutron routers under Liberty (Linux Bridge) don't work. Please prove me wrong..... Moving on to manual router creation.
1: How can I assign a fixed IP to an instance?
2: If I add routes will they get used? I probably have to create a Port for every route (as Floating IPs do ).

------ Session: Trying to create a working router for the 15th time. :-) ----

[root@maersk src]# ifconfig
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255
inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x0
inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20
ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
RX packets 238 bytes 16020 (15.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 60 bytes 6650 (6.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 4985 bytes 1060267 (1.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4985 bytes 1060267 (1.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@maersk src]# source admin-openrc.sh
[root@maersk src]# clear

[root@maersk src]# neutron net-create public --shared --provider:physicalnetwork public \
--provider:network
type flat
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| adminstateup | True |
| id | 9ee73442-5a86-48c0-84da-8f650937fd08 |
| mtu | 0 |
| name | public |
| portsecurityenabled | True |
| provider:networktype | flat |
| provider:physical
network | public |
| provider:segmentationid | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tenant
id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |
+---------------------------+--------------------------------------+
[root@maersk src]# neutron subnet-create public 172.22.10.0/24 --name public \
--allocation-pool start=172.22.10.10,end=172.22.10.90 \
--dns-nameserver 172.22.10.254 --gateway 172.22.10.254 --enabledhcp False
Created a new subnet:
+-------------------+--------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------+
| allocation
pools | {"start": "172.22.10.10", "end": "172.22.10.90"} |
| cidr | 172.22.10.0/24 |
| dnsnameservers | 172.22.10.254 |
| enable
dhcp | False |
| gatewayip | 172.22.10.254 |
| host
routes | |
| id | 28683bfe-2410-4f9b-b805-ec3c7aee009a |
| ipversion | 4 |
| ipv6
addressmode | |
| ipv6
ramode | |
| name | public |
| network
id | 9ee73442-5a86-48c0-84da-8f650937fd08 |
| subnetpoolid | |
| tenant
id | fdf3f98a9b0c4e9e94603d8a84ea41a8 |
+-------------------+--------------------------------------------------+
[root@maersk src]# ifconfig
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255
inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x0
inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20
ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
RX packets 5032 bytes 373870 (365.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2602 bytes 3154215 (3.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 46701 bytes 12008341 (11.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 46701 bytes 12008341 (11.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@maersk src]# neutron net-list
+--------------------------------------+--------+-----------------------------------------------------+
| id | name | subnets |
+--------------------------------------+--------+-----------------------------------------------------+
| 9ee73442-5a86-48c0-84da-8f650937fd08 | public | 28683bfe-2410-4f9b-b805-ec3c7aee009a 172.22.10.0/24 |
+--------------------------------------+--------+-----------------------------------------------------+
[root@maersk src]# source demo-openrc.sh
[root@maersk src]# neutron net-create private
Created a new network:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| adminstateup | True |
| id | 573956a6-1378-4100-83c2-db5c3bf9a95c |
| mtu | 0 |
| name | private |
| portsecurityenabled | True |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenantid | 7813be77b1de4196b1c6b77006afa21c |
+-----------------------+--------------------------------------+
[root@maersk src]# neutron subnet-create private 192.168.10.0/24 \
--name private --dns-nameserver 172.22.10.254 --gateway 192.168.10.1
Created a new subnet:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| allocation
pools | {"start": "192.168.10.2", "end": "192.168.10.254"} |
| cidr | 192.168.10.0/24 |
| dnsnameservers | 172.22.10.254 |
| enable
dhcp | True |
| gatewayip | 192.168.10.1 |
| host
routes | |
| id | 83f4f5e5-13b6-41f2-af07-b96d86847e2b |
| ipversion | 4 |
| ipv6
addressmode | |
| ipv6
ramode | |
| name | private |
| network
id | 573956a6-1378-4100-83c2-db5c3bf9a95c |
| subnetpoolid | |
| tenant
id | 7813be77b1de4196b1c6b77006afa21c |
+-------------------+----------------------------------------------------+
[root@maersk src]# ifconfig
brq573956a6-13: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet6 fe80::6469:36ff:fecc:a4d8 prefixlen 64 scopeid 0x20
ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet)
RX packets 4 bytes 264 (264.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7 bytes 578 (578.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255
inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x0
inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20
ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
RX packets 5310 bytes 393373 (384.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2661 bytes 3165497 (3.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 50779 bytes 13259383 (12.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 50779 bytes 13259383 (12.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tapbb0ceef0-e6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet6 fe80::e816:29ff:fec8:9925 prefixlen 64 scopeid 0x20
ether ea:16:29:c8:99:25 txqueuelen 1000 (Ethernet)
RX packets 7 bytes 578 (578.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 1066 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vxlan-92: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet6 fe80::d888:38ff:fe4a:6e1 prefixlen 64 scopeid 0x20
ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 16 overruns 0 carrier 0 collisions 0

[root@maersk src]# source admin-openrc.sh
[root@maersk src]# neutron net-update public --router:external
Updated network: public
[root@maersk src]# source demo-openrc.sh
[root@maersk src]# neutron router-create router
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| adminstateup | True |
| externalgatewayinfo | |
| id | ff6a61f5-f497-43a1-b245-64ec8e87b488 |
| name | router |
| routes | |
| status | ACTIVE |
| tenantid | 7813be77b1de4196b1c6b77006afa21c |
+-----------------------+--------------------------------------+
[root@maersk src]# neutron router-interface-add router private
Multiple router matches found for name 'router', use an ID to be more specific.
[root@maersk src]# neutron router-list
+--------------------------------------+--------+-----------------------+
| id | name | external
gatewayinfo |
+--------------------------------------+--------+-----------------------+
| 5939b796-cae6-4d72-8d34-66e20afb95aa | router | null |
| ff6a61f5-f497-43a1-b245-64ec8e87b488 | router | null |
+--------------------------------------+--------+-----------------------+
[root@maersk src]# neutron router-delete 5939b796-cae6-4d72-8d34-66e20afb95aa
Deleted router: 5939b796-cae6-4d72-8d34-66e20afb95aa
[root@maersk src]# neutron router-delete ff6a61f5-f497-43a1-b245-64ec8e87b488
Deleted router: ff6a61f5-f497-43a1-b245-64ec8e87b488
[root@maersk src]# neutron router-create router
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin
stateup | True |
| external
gatewayinfo | |
| id | a1be1dbd-1a94-4a8c-8093-45a7af89140c |
| name | router |
| routes | |
| status | ACTIVE |
| tenant
id | 7813be77b1de4196b1c6b77006afa21c |
+-----------------------+--------------------------------------+
[root@maersk src]# neutron router-interface-add router private
Added interface 74c0d2df-3944-43d7-8be9-2ef0d9242edc to router router.
[root@maersk src]# neutron router-gateway-set router public
Set gateway for router router
[root@maersk src]# source admin-openrc.sh
[root@maersk src]# ip netns
qrouter-a1be1dbd-1a94-4a8c-8093-45a7af89140c (id: 1)
qdhcp-573956a6-1378-4100-83c2-db5c3bf9a95c (id: 0)
[root@maersk src]# neutron router-port-list router
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
| id | name | macaddress | fixedips |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
| 21c8decf-e4c8-4467-9266-ca5cfb9c7c20 | | fa:16:3e:d6:29:b4 | {"subnetid": "28683bfe-2410-4f9b-b805-ec3c7aee009a", "ipaddress": "172.22.10.10"} |
| 74c0d2df-3944-43d7-8be9-2ef0d9242edc | | fa:16:3e:7b:d6:0f | {"subnetid": "83f4f5e5-13b6-41f2-af07-b96d86847e2b", "ipaddress": "192.168.10.1"} |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
[root@maersk src]# ping 172.22.10.10
PING 172.22.10.10 (172.22.10.10) 56(84) bytes of data.
From 172.22.10.99 icmpseq=1 Destination Host Unreachable
From 172.22.10.99 icmp
seq=2 Destination Host Unreachable
From 172.22.10.99 icmpseq=3 Destination Host Unreachable
From 172.22.10.99 icmp
seq=4 Destination Host Unreachable
From 172.22.10.99 icmpseq=5 Destination Host Unreachable
From 172.22.10.99 icmp
seq=6 Destination Host Unreachable
From 172.22.10.99 icmpseq=7 Destination Host Unreachable
From 172.22.10.99 icmp
seq=8 Destination Host Unreachable
^C
--- 172.22.10.10 ping statistics ---
8 packets transmitted, 0 received, +8 errors, 100% packet loss, time 7000ms
pipe 4
[root@maersk src]# ifconfig
brq573956a6-13: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet6 fe80::6469:36ff:fecc:a4d8 prefixlen 64 scopeid 0x20
ether 72:65:0b:f7:66:9c txqueuelen 0 (Ethernet)
RX packets 6 bytes 348 (348.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.22.10.99 netmask 255.255.255.0 broadcast 172.22.10.255
inet6 2602:306:31fd:1020:ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x0
inet6 fe80::ae9e:17ff:feec:5d95 prefixlen 64 scopeid 0x20
ether ac:9e:17:ec:5d:95 txqueuelen 1000 (Ethernet)
RX packets 6360 bytes 464736 (453.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2867 bytes 3196849 (3.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 65582 bytes 17827940 (17.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 65582 bytes 17827940 (17.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tap74c0d2df-39: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet6 fe80::7065:bff:fef7:669c prefixlen 64 scopeid 0x20
ether 72:65:0b:f7:66:9c txqueuelen 1000 (Ethernet)
RX packets 10 bytes 864 (864.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tapbb0ceef0-e6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet6 fe80::e816:29ff:fec8:9925 prefixlen 64 scopeid 0x20
ether ea:16:29:c8:99:25 txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 1248 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:33:94:b3 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vxlan-92: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet6 fe80::d888:38ff:fe4a:6e1 prefixlen 64 scopeid 0x20
ether da:88:38:4a:06:e1 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 19 overruns 0 carrier 0 collisions 0

On Wed, Mar 23, 2016 at 4:34 PM, Dan Sneddon dsneddon@redhat.com wrote:
On 03/23/2016 04:06 PM, Christopher Hull wrote:
Hmmm. Well I'm not using OpenVSwitch. Just LinuxBridge. My CentOS
7 install sees emp3s0 where eth0 would usually appear. But this may
need to be changed to br-ex? The IP address no longer apperas at
enp3s0, so perhaps that's the issue.

When I make changes, I tear down all the networks and rebuild them
according to instructions. I do this after restarting the machine. I
wonder if the database needs to be updated as well.

su -s /bin/sh -c "neutron-db-manage --config-file
/etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl stop neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl stop neutron-l3-agent.service
and restart.

Thanks for the help. Yes. It's a bit confusing. Why are router and
instance ports different? It is for this reason that I figured I could
just create my own instance/router. But why should I have to? Do
routers not work unless you use OpenVSwitch? The Liberty install
instructions (unlike Kilo) don't seem to require installing OpenVSwitch.

linuxbridgeagent.ini
inuxbridge | physicalinterface_mappings | public:enp3s0

Perhaps br-ex? Or whereever I see my static IP when doing an
ifconfig :-) Was enp3s0 when CentOS was first installed, but I think
thats changed somehow.

+----------------------------+-----------------------------+--------------------------------------------------------------+
| linuxbridgeagent: Section | Key |
Value |
+----------------------------+-----------------------------+--------------------------------------------------------------+
| linux
bridge | physicalinterfacemappings |
public:enp3s0 |
| vxlan | l2population |
True |
| vxlan | local
ip |
172.22.10.99 |
| vxlan | enablevxlan |
True |
| agent | prevent
arpspoofing |
True |
| securitygroup | firewall
driver |
neutron.agent.linux.iptablesfirewall.IptablesFirewallDriver |
| securitygroup | enable
security_group |
True |
+----------------------------+-----------------------------+--------------------------------------------------------------+

On Wed, Mar 23, 2016 at 3:34 PM, Dan Sneddon <dsneddon@redhat.com
dsneddon@redhat.com> wrote:

On 03/23/2016 03:05 PM, Christopher Hull wrote:
> Hi Keven / all;
>
> Re: Getting a Neutron Router to work.  (set external_network_bridge =
> blank).  Apologies if this got sent twice.
>
> Nope, not quite there yet re getting the damn router to work
(week 3 on
> this issue).
>
> The Liberty install instructions indeed say to set...
> external_network_bridge =
>
> I'm so desperate that I thought the blank space after the = might be
> the issue.  No.   Then I noticed these instructions in
l3_agent.ini itself.
> -----
> # When external_network_bridge is set, each L3 agent can be
associated
> # with no more than one external network. This value should be set to
> the UUID
> # of that external network. To allow L3 agent support multiple
external
> # networks, both the external_network_bridge and
> gateway_external_network_id
> # must be left empty.
> # gateway_external_network_id =
> ----
>
> 1: Should gateway_external_network_id = be unoommented?
> 2: Should I reupdate the database after these changes?
> su -s /bin/sh -c "neutron-db-manage --config-file
> /etc/neutron/neutron.conf \
>   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade
head" neutron
>
> 3: Should external_network_bridge in fact be set to the UUID of the
> public network?
>
> 4. All instances Ports work just fine on public and private network.
> WHAT is the difference between a Neutron router northbound port
and an
> instance port on the public net.
>
> Services restarted after config change (just removed space after =
> actually just in case sloppy Python coding was involved here).  In
> fact, I rebooted the box just to be sure.
>
> Making my own instance based router is looking better and better all
> the time.   If Neutron Routers really work, maybe UFO's exist too.
> :-)   j/k
>
>
> Seriously.  Thank you for your help.     Hope to help the community
> soon too myself.  Trying to get my Gerrit account up and running but
> the OpenStack.org site won't allow me to sign the Contrib agreement
> with out getting a server error.
>
>
> ====  Config Details ======
> Issue   Neutron Router Northbound Port won't Ping, is Down
>
> [root@maersk src]# ./pluto.py show  -p /etc neutron  rootwrap.conf
> ml2_conf.ini l3_agent.ini linuxbridge_agent.ini dhcp_agent.ini
>
+-----------------------+------------------------------------+-------------------------------------------------+
> | neutron: Section      | Key                                |
> Value                                           |
>
+-----------------------+------------------------------------+-------------------------------------------------+
> | DEFAULT               | verbose                            |
> True                                            |
> | DEFAULT               | nova_url                           |
> http://controller:8774/v2                       |
> | DEFAULT               | notify_nova_on_port_data_changes   |
> True                                            |
> | DEFAULT               | notify_nova_on_port_status_changes |
> True                                            |
> | DEFAULT               | auth_strategy                      |
> keystone                                        |
> | DEFAULT               | rpc_backend                        |
> rabbit                                          |
> | DEFAULT               | allow_overlapping_ips              |
> True                                            |
> | DEFAULT               | service_plugins                    |
> router                                          |
> | DEFAULT               | core_plugin                        |
> ml2                                             |
> | keystone_authtoken    | password                           |
> mk4968small23buggidntpass                       |
> | keystone_authtoken    | username                           |
> neutron                                         |
> | keystone_authtoken    | project_name                       |
> service                                         |
> | keystone_authtoken    | user_domain_id                     |
> default                                         |
> | keystone_authtoken    | project_domain_id                  |
> default                                         |
> | keystone_authtoken    | auth_plugin                        |
> password                                        |
> | keystone_authtoken    | auth_url                           |
> http://controller:35357                         |
> | keystone_authtoken    | auth_uri                           |
> http://controller:5000                          |
> | database              | connection                         |
> mysql://neutron:sleestack191@controller/neutron |
> | nova                  | password                           |
> mk4968small23buggidntpass                       |
> | nova                  | username                           |
> nova                                            |
> | nova                  | project_name                       |
> service                                         |
> | nova                  | region_name                        |
> RegionOne                                       |
> | nova                  | user_domain_id                     |
> default                                         |
> | nova                  | project_domain_id                  |
> default                                         |
> | nova                  | auth_plugin                        |
> password                                        |
> | nova                  | auth_url                           |
> http://controller:35357                         |
> | oslo_concurrency      | lock_path                          |
> /var/lib/neutron/tmp                            |
> | oslo_messaging_rabbit | rabbit_password                    |
> open.g00dke232                                  |
> | oslo_messaging_rabbit | rabbit_userid                      |
> openstack                                       |
> | oslo_messaging_rabbit | rabbit_host                        |
> controller                                      |
>
+-----------------------+------------------------------------+-------------------------------------------------+
>
+-------------------+---------------------+--------------------------------------------------------------+
> | rootwrap: Section | Key                 |
> Value                                                        |
>
+-------------------+---------------------+--------------------------------------------------------------+
> | DEFAULT           | filters_path        |
> /etc/cinder/rootwrap.d,/usr/share/cinder/rootwrap            |
> | DEFAULT           | exec_dirs           |
> /sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin |
> | DEFAULT           | use_syslog          |
> False                                                        |
> | DEFAULT           | syslog_log_facility |
> syslog                                                       |
> | DEFAULT           | syslog_log_level    |
> ERROR                                                        |
>
+-------------------+---------------------+--------------------------------------------------------------+
>
+-------------------+----------------------+--------------------------+
> | ml2_conf: Section | Key                  | Value
    |
>
+-------------------+----------------------+--------------------------+
> | ml2               | extension_drivers    | port_security
    |
> | ml2               | mechanism_drivers    |
linuxbridge,l2population |
> | ml2               | tenant_network_types | vxlan
    |
> | ml2               | type_drivers         | flat,vlan,vxlan
    |
> | ml2_type_flat     | flat_networks        | public
     |
> | ml2_type_vxlan    | vni_ranges           | 1:1000
     |
> | securitygroup     | enable_ipset         | True
     |
>
+-------------------+----------------------+--------------------------+
>
+-------------------+--------------------------+-----------------------------------------------------+
> | l3_agent: Section | Key                      |
> Value                                               |
>
+-------------------+--------------------------+-----------------------------------------------------+
> | DEFAULT           | external_network_bridge
> |                                                     |
> | DEFAULT           | verbose                  |
> True                                                |
> | DEFAULT           | interface_driver         |
> neutron.agent.linux.interface.BridgeInterfaceDriver |
>
+-------------------+--------------------------+-----------------------------------------------------+
>
+----------------------------+-----------------------------+--------------------------------------------------------------+
> | linuxbridge_agent: Section | Key                         |
> Value                                                        |
>
+----------------------------+-----------------------------+--------------------------------------------------------------+
> | linux_bridge               | physical_interface_mappings |
> public:enp3s0                                                |
> | vxlan                      | l2_population               |
> True                                                         |
> | vxlan                      | local_ip                    |
> 172.22.10.99                                                 |
> | vxlan                      | enable_vxlan                |
> True                                                         |
> | agent                      | prevent_arp_spoofing        |
> True                                                         |
> | securitygroup              | firewall_driver             |
> neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
> | securitygroup              | enable_security_group       |
> True                                                         |
>
+----------------------------+-----------------------------+--------------------------------------------------------------+
>
+---------------------+--------------------------+-----------------------------------------------------+
> | dhcp_agent: Section | Key                      |
> Value                                               |
>
+---------------------+--------------------------+-----------------------------------------------------+
> | DEFAULT             | dnsmasq_config_file      |
> /etc/neutron/dnsmasq-neutron.conf                   |
> | DEFAULT             | verbose                  |
> True                                                |
> | DEFAULT             | enable_isolated_metadata |
> True                                                |
> | DEFAULT             | dhcp_driver              |
> neutron.agent.linux.dhcp.Dnsmasq                    |
> | DEFAULT             | interface_driver         |
> neutron.agent.linux.interface.BridgeInterfaceDriver |
>
+---------------------+--------------------------+-----------------------------------------------------+
>
>
>
>
>
>
>
>
>
>
> - Christopher T. Hull
> I am presently seeking a new career opportunity  Please see
career page
> http://chrishull.com/career
> 333 Orchard Ave, Sunnyvale CA. 94085
> (415) 385 4865<tel:%28415%29%20385%204865> <tel:%28415%29%20385%204865>
> chrishull42@gmail.com <mailto:chrishull42@gmail.com>
<mailto:chrishull42@gmail.com <mailto:chrishull42@gmail.com>>
> http://chrishull.com
>
>
>
> On Wed, Mar 23, 2016 at 8:50 AM, <chrishull42@gmail.com <mailto:chrishull42@gmail.com>
> <mailto:chrishull42@gmail.com <mailto:chrishull42@gmail.com>>> wrote:
>
>     Thanks. Will check that.
>     When I create an instance in the public or private nets they ping.
>     Why do router ports behave differently than instance ports?  Only
>     the Northbound router port is down and won't ping.   Will check
>     settings ASAP thanks
>
>     Chris.
>
>     Sent from my iPhone
>
>     On Mar 23, 2016, at 7:52 AM, Kevin Benton <kevin@benton.pub
>     <mailto:kevin@benton.pub <mailto:kevin@benton.pub>>> wrote:
>
>>     Ok. The same settings should apply to Linux bridge.
>>
>>     Make sure you have external_network_bridge defined in your L3
>>     agent as an empty value.
>>
>>     Then your external network should be created with the provider
>>     type of 'flat' and the physical network corresponding to the one
>>     you have defined in your bridge mappings in the L2 agent  that
>>     attaches to the bridge going to your external physical network.
>>
>>     On Mar 23, 2016 7:25 AM, <chrishull42@gmail.com <mailto:chrishull42@gmail.com>
>>     <mailto:chrishull42@gmail.com <mailto:chrishull42@gmail.com>>> wrote:
>>
>>         Kevin;
>>         Thank you Very much.  I'll check.   I did a manual Liberty
>>         install so I may have done something wrong.  I am using
>>         LinuxBridge (not OpenVSwitch) if that helps.  Will post
>>         results to list soon.  Would like to be able to use floating
>>         IPs, a more convenient form of ipTables basically.
>>
>>         Chris.
>>
>>         Sent from my iPhone
>>
>>         On Mar 23, 2016, at 7:16 AM, Kevin Benton <kevin@benton.pub
>>         <mailto:kevin@benton.pub <mailto:kevin@benton.pub>>> wrote:
>>
>>>         Do you have external_network_bridge set to an empty value in
>>>         the l3 agent config? If not, the l3 agent will use a legacy
>>>         mode of wiring up the port and it's status field may not be
>>>         ACTIVE.
>>>
>>>         The routers are tested thousands of times in the gate every
>>>         day, so they work. It's just a matter of getting your
>>>         configuration correct.
>>>
>>>         Yes, you can use a VM to route as well.
>>>
>>>         On Mar 23, 2016 7:06 AM, <chrishull42@gmail.com <mailto:chrishull42@gmail.com>
>>>         <mailto:chrishull42@gmail.com <mailto:chrishull42@gmail.com>>> wrote:
>>>
>>>             Hi all;
>>>             It appears that Liberty Neutron routers do not work.
>>>             The Northbound port is always Down.
>>>
>>>             What I'd like to do is dedicate an instance (CentOS) to
>>>             routing between the Public net and other nets.  Has
>>>             anyone done this.  Setting up the router is trivial.
>>>             But I'm a little worried about interaction with Neutron
>>>             Ports.  I need to assign fixed IPs so I can route from
>>>             the Internet to a server instance.
>>>
>>>             Ideas?
>>>
>>>             Thanks
>>>             - Chris.
>>>
>>>             Sent from my iPhone
>>>             _______________________________________________
>>>             OpenStack-operators mailing list
>>>             OpenStack-operators@lists.openstack.org
<mailto:OpenStack-operators@lists.openstack.org>
>>>             <mailto:OpenStack-operators@lists.openstack.org
<mailto:OpenStack-operators@lists.openstack.org>>
>>>
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators@lists.openstack.org
<mailto:OpenStack-operators@lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>

Definitely the external_network_bridge needs to be explicitly set to
nothing. That's not the default. I've never had to change the default
gateway_external_network_id when I set external_network_bridge to a
blank value.

Note that after making changes to external_network_bridge, I've have to
delete and recreate the router/port/network that was created before
that change.

I assume that your bridge mappings are correct in
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini:

bridge_mappings =datacentre:br-ex  # or whatever you have locally

And that the physical_network of the external network matches the
network name in the bridge_mappings that corresponds to the bridge
containing the physical interface? Probably your instance ports
wouldn't work if those things weren't correct, but those are also areas
where I see failures similar to this.

--
Dan Sneddon         |  Principal OpenStack Engineer
dsneddon@redhat.com <mailto:dsneddon@redhat.com> |
redhat.com/openstack 
650.254.4025 <tel:650.254.4025>        |  dsneddon:irc   @dxs:twitter


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

I didn't mean to confuse you by assuming that you were running Open
vSwitch. You don't have to run Open vSwitch, and some things do work
differently when using Linux bridge.

If your IP address is no longer on enp3s0, then that might be an
indicator that you have a bridge subsuming enp3s0. In that case, I'm
pretty sure that the physicalinterfacemapping should be
public:. I spend a lot more time with OVS deployments, though.

--
Dan Sneddon | Principal OpenStack Engineer
dsneddon@redhat.com | redhat.com/openstack
650.254.4025 | dsneddon:irc @dxs:twitter


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators


OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
responded Mar 24, 2016 by James_Denton (3,860 points)   2 2
...