0

I am having serious issues in the deployment of the Openstack scenario related to the Linux Bridge. This is the scenario:

Controller machine:

  • Management Interface enp2s0: 138.100.10.25.

Compute machine:

  • Management Interface enp2s0: 138.100.10.26.
  • Provider Interface enp0s20f0u4: 138.100.10.27.

Openstack Train scenario has been successfully deployed in Centos 8, choosing networking option 2 (self-service network).

To verify the functionality, an image has been uploaded, created an Openstack flavor and security group, and launched a couple of cirrOS instances for connection testing. We have created a provider network following this tutorial and a selfservice network following this one.

The network scenario is the next one:

Network Topology

As can be seen in the network topology, an external network 138.100.10.0/21 (provider) and an internal network 192.168.1.1 (selfservice) have been created, connected through a router by the interfaces 138.100.10.198 and 192.168.1.1, both active.

Our problem is that our Linux bridge is not working as expected: the Openstack cirrOS instances has no internet access.

This is the controller ip a and brctl show command output:

Modena_ip_a

This is the compute ip a and brctl show command output:

Testarossa_ip_a Testarossa_brctl

(The output of ovs-vsctl show command is empty in both machines).

Are the Linux Bridges correctly created?

These are the Linux bridge configuration files:

  • Controller /etc/neutron/plugins/ml2/linuxbridge_agent.ini:
[linux_bridge]
physical_interface_mappings = provider:enp2s0   # enp2s0 is the interface associated to 138.100.10.25

[vxlan]
enable_vxlan = true
local_ip = 138.100.10.25    # controller has only 1 IP
l2_population = true
  • Compute /etc/neutron/plugins/ml2/linuxbridge_agent.ini:
[linux_bridge]
physical_interface_mappings = provider:enp0s20f0u4      # interface associated to 138.100.10.26

[vxlan]

enable_vxlan = true
local_ip = 138.100.10.27
l2_population = true

An observation to keep in mind is that compute management interface (138.100.10.26) is inaccessible from anywhere, which I think is not correct since this prevents us, for example, from accessing the instance console through the URL.

I have made some conection tests and these are the results:

  • Cirros_a ip a command output:

Cirros_a_ip_a

  • Cirros_b ip a command output:

Cirros_b_ip_a

  • There is connection between Cirros A and Cirros B (in both directions).
  • There is connection between Cirros A/B and self-service gateway (192.168.1.1) (in both directions).
  • There is connection between Cirros A/B and provider gateway (138.100.10.198) (in both directions).
  • There is connection between Cirros A/B and controller management interface (138.100.10.25) (in both directions).
  • There is no connection between Cirros A/B and compute management interface (138.100.10.26). This interface is not accessible.
  • There is connection between Cirros A/B and compute provider interface (138.100.10.27) (in both directions).

I do not know if there is a problem on linux bridge configuration files, or maybe I need another network interface on controller machine.

Jaime Saez
  • 1
  • 1
  • One observation: You use the Newton tutorial, although Newton is not supported anymore. Train may require different settings. If I were you, I would restart from scratch and follow the Train instructions. – berndbausch Feb 11 '21 at 13:21
  • Now, your instances are able to access the compute node's provider interface and the controller. This means they have access to the network outside of the cloud. How did you test internet access? Can the controller and the compute node access the internet? – berndbausch Feb 11 '21 at 13:24
  • Another oddity, although I don't think it has anything to do with your problem: Why do the instances have two interfaces, one being connected to the provider network? What is the purpose of this configuration? – berndbausch Feb 11 '21 at 13:26
  • @berndbausch What do you mean with I use the Newton tutorial? I use the last Train tutorial from Openstack page: https://docs.openstack.org/install-guide/openstack-services.html#minimal-deployment-for-train. – Jaime Saez Feb 11 '21 at 15:43
  • @berndbausch Yes, they can access the computer's provider interface and the controller's management interface. I test internet access inside the machine (I can ssh the instance from controller or compute instance). Yes, both computer and controller has access to Internet. – Jaime Saez Feb 11 '21 at 15:44
  • @berndbausch The instances have two interfaces just for testing purposes. In a first approach I launched them with only one interface, and I wanted to discover which was the difference. – Jaime Saez Feb 11 '21 at 15:45

0 Answers0