Instance adressed in provider network not reachable

juju
1

I am actually struggling around this issue, context below:

  • Openstack deployed with MaaS/Juju [1]
  • 1 provider (with dhcp enabled) and 1 self service network [2]
  • 1 instance A adressed in the self service network, with a flaoting IP [3]
  • 1 instance B adressed directly in the provider network

A is fully reachable, B is not (both network and metadata, IP configuration is done with config-drive method)

I have tried to ping inside namespace on the neutron-gateway:

#### qrouter-cd77fe8a-46bc-4c91-9efe-71a173a82b6c
lo               UNKNOWN        127.0.0.1/8 ::1/128
gre0@NONE        DOWN
gretap0@NONE     DOWN
erspan0@NONE     DOWN
qg-6b3c82c9-4e@if70 UP             10.142.1.197/24 10.142.1.196/32 fe80::f816:3eff:fea7:caf0/64
qr-56376ad0-de@if71 UP             192.168.199.1/24 fe80::f816:3eff:fe0c:f019/64
#### qdhcp-d6420097-fe20-43f5-b39b-0236ee364f72
lo               UNKNOWN        127.0.0.1/8 ::1/128
gre0@NONE        DOWN
gretap0@NONE     DOWN
erspan0@NONE     DOWN
tap2a99d602-87   UNKNOWN        192.168.199.100/24 fe80::f816:3eff:fe03:9409/64```

# ip netns list | awk '{print $1}' | while read ns ; do echo "#### $ns" ; ip netns exec $ns ping -c 1 10.142.1.199 ; done
#### qrouter-cd77fe8a-46bc-4c91-9efe-71a173a82b6c
PING 10.142.1.199 (10.142.1.199) 56(84) bytes of data.
From 10.142.1.197 icmp_seq=1 Destination Host Unreachable

--- 10.142.1.199 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

#### qdhcp-d6420097-fe20-43f5-b39b-0236ee364f72
PING 10.142.1.199 (10.142.1.199) 56(84) bytes of data.
From 10.142.1.197 icmp_seq=1 Destination Host Unreachable

--- 10.142.1.199 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

I also tried to disable “juju config neutron-openvswitch disable-security-groups=true”, but same issue. (in doubt, all Openstack ressources are destroy/re-create with Terraform after each modifications).

Tcpdump on nova and neutron-gateway (on any interfaces): ARP request are seen on both (ping comming from outside, via neutron-gateway, to nova), but no replies.

It seems the instance is completly isolated on the Nova host.

Any help or guidance will be appreciated.

[1] Juju bundle

variables:
  openstack-origin:    &openstack-origin     cloud:bionic-train
  data-port:           &data-port            br-data:enp3s0f1
  worker-multiplier:   &worker-multiplier    1
  bridge-mappings:     &bridge-mappings      physnet1:br-data
  # bridge-mappings:     &bridge-mappings      physnet1:br-data
  osd-devices:         &osd-devices          /dev/sdb /dev/vdb
  expected-osd-count:  &expected-osd-count   3
  expected-mon-count:  &expected-mon-count   3
  mysql-connections:   &mysql-connections    1000
machines:
  '0':
    series: bionic
    constraints: zones=default tags=test
  '1':
    series: bionic
    constraints: zones=default tags=test
  # '2':
  #   series: bionic
  #   constraints: zones=default tags=test
  # '3':
  #   series: bionic
  #   constraints: zones=default tags=test
  "4":
    series: bionic
    constraints: zones=default tags=virtual
  "5":
    series: bionic
    constraints: zones=default tags=virtual
  "6":
    series: bionic
    constraints: zones=default tags=virtual
  "7":
    series: bionic
    constraints: zones=default tags=virtual

relations:
- - nova-compute:amqp
  - rabbitmq-server:amqp
- - neutron-gateway:amqp
  - rabbitmq-server:amqp
- - keystone:shared-db
  - mysql:shared-db
- - nova-cloud-controller:identity-service
  - keystone:identity-service
- - glance:identity-service
  - keystone:identity-service
- - neutron-api:identity-service
  - keystone:identity-service
- - neutron-openvswitch:neutron-plugin-api
  - neutron-api:neutron-plugin-api
- - neutron-api:shared-db
  - mysql:shared-db
- - neutron-api:amqp
  - rabbitmq-server:amqp
- - neutron-gateway:neutron-plugin-api
  - neutron-api:neutron-plugin-api
- - glance:shared-db
  - mysql:shared-db
- - glance:amqp
  - rabbitmq-server:amqp
- - nova-cloud-controller:image-service
  - glance:image-service
- - nova-compute:image-service
  - glance:image-service
- - nova-cloud-controller:cloud-compute
  - nova-compute:cloud-compute
- - nova-cloud-controller:amqp
  - rabbitmq-server:amqp
- - nova-cloud-controller:quantum-network-service
  - neutron-gateway:quantum-network-service
- - nova-compute:neutron-plugin
  - neutron-openvswitch:neutron-plugin
- - neutron-openvswitch:amqp
  - rabbitmq-server:amqp
- - openstack-dashboard:identity-service
  - keystone:identity-service
- - openstack-dashboard:shared-db
  - mysql:shared-db
- - nova-cloud-controller:shared-db
  - mysql:shared-db
- - nova-cloud-controller:neutron-api
  - neutron-api:neutron-api
- - cinder:image-service
  - glance:image-service
- - cinder:amqp
  - rabbitmq-server:amqp
- - cinder:identity-service
  - keystone:identity-service
- - cinder:cinder-volume-service
  - nova-cloud-controller:cinder-volume-service
- - cinder-ceph:storage-backend
  - cinder:storage-backend
- - ceph-mon:client
  - nova-compute:ceph
- - nova-compute:ceph-access
  - cinder-ceph:ceph-access
- - cinder:shared-db
  - mysql:shared-db
- - ceph-mon:client
  - cinder-ceph:ceph
- - ceph-mon:client
  - glance:ceph
- - ceph-osd:mon
  - ceph-mon:osd
- - ntp:juju-info
  - nova-compute:juju-info
- - ntp:juju-info
  - neutron-gateway:juju-info
- - ceph-radosgw:mon
  - ceph-mon:radosgw
- - ceph-radosgw:identity-service
  - keystone:identity-service
- - placement
  - mysql
- - placement
  - keystone
- - placement
  - nova-cloud-controller
- - nova-cloud-controller:memcache
  - memcached:cache

series: bionic
services:

  ceph-mon:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/ceph-mon
    num_units: 3
    options:
      expected-osd-count: *expected-osd-count
      monitor-count: *expected-mon-count
      source: *openstack-origin
    to:
    - 'lxd:4'
    - 'lxd:5'
    - 'lxd:6'
    bindings:
      "" : maas-infralab

  ceph-osd:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/ceph-osd
    num_units: 3
    options:
      osd-devices: *osd-devices
      source: *openstack-origin
    to:
    - '4'
    - '5'
    - '6'
    bindings:
      "" : maas-infralab

  ceph-radosgw:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/ceph-radosgw
    num_units: 1
    options:
      source: *openstack-origin
    to:
    - 'lxd:6'
    bindings:
      "" : maas-infralab

  cinder:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/cinder
    num_units: 1
    options:
      block-device: None
      glance-api-version: 2
      worker-multiplier: *worker-multiplier
      openstack-origin: *openstack-origin
    to:
    - 'lxd:2'
    bindings:
      "" : maas-infralab

  cinder-ceph:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/cinder-ceph
    num_units: 0
  glance:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/glance
    num_units: 1
    options:
      worker-multiplier: *worker-multiplier
      openstack-origin: *openstack-origin
    to:
    - 'lxd:7'
    bindings:
      "" : maas-infralab

  keystone:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/keystone
    num_units: 1
    options:
      worker-multiplier: *worker-multiplier
      openstack-origin: *openstack-origin
      admin-password: Superpass01
    to:
    - 'lxd:7'
    bindings:
      "" : maas-infralab

  mysql:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/percona-cluster
    num_units: 1
    options:
      max-connections: *mysql-connections
      innodb-buffer-pool-size: 256M
      performance-schema: True
    to:
    - 'lxd:4'
    bindings:
      "" : maas-infralab

  neutron-api:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/neutron-api
    num_units: 1
    options:
      manage-neutron-plugin-legacy-mode: true
      neutron-security-groups: true
      flat-network-providers: physnet1
      worker-multiplier: *worker-multiplier
      openstack-origin: *openstack-origin
    to:
    - '0'
    bindings:
      "" : maas-infralab

  placement:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/placement
    num_units: 1
    options:
      worker-multiplier: *worker-multiplier
      openstack-origin: *openstack-origin
    to:
    - 'lxd:5'
    bindings:
      "" : maas-infralab

  neutron-gateway:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/neutron-gateway
    num_units: 1
    options:
      bridge-mappings: *bridge-mappings
      data-port: *data-port
      worker-multiplier: *worker-multiplier
      openstack-origin: *openstack-origin
    to:
    - '0'
    bindings:
      "" : maas-infralab

  neutron-openvswitch:
    bridge-mappings: *bridge-mappings
    data-port: *data-port
    enable-local-dhcp-and-metadata: true
    annotations:
    charm: cs:~openstack-charmers-next/bionic/neutron-openvswitch
    num_units: 0
    bindings:
      "" : maas-infralab

  nova-cloud-controller:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/nova-cloud-controller
    num_units: 1
    options:
      network-manager: Neutron
      worker-multiplier: *worker-multiplier
      openstack-origin: *openstack-origin
      console-access-protocol: vnc
    to:
    - 'lxd:7'
    bindings:
      "" : maas-infralab

  nova-compute:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/nova-compute
    num_units: 1
    options:
      config-flags: default_ephemeral_format=ext4
      enable-live-migration: true
      enable-resize: true
      migration-auth-type: ssh
      openstack-origin: *openstack-origin
      # cpu-mode: host-passthrough
    bindings:
      "" : maas-infralab

    to:
    - '1'
    # - '2'
    # - '3'

  ntp:
    annotations:
    charm: cs:ntp
    num_units: 0
  openstack-dashboard:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/openstack-dashboard
    num_units: 1
    options:
      openstack-origin: *openstack-origin
    to:
    - 'lxd:6'
    bindings:
      "" : maas-infralab

  rabbitmq-server:
    annotations:
    charm: cs:~openstack-charmers-next/bionic/rabbitmq-server
    num_units: 1
    to:
    - 'lxd:5'
    bindings:
      "" : maas-infralab

  memcached:
    charm: cs:memcached
    num_units: 1
    to:
    - lxd:7
    bindings:
      "" : maas-infralab

[2] Openstack networks and subnet

+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | UP                                   |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2020-09-23T15:09:33Z                 |
| description               |                                      |
| dns_domain                | None                                 |
| id                        | d6420097-fe20-43f5-b39b-0236ee364f72 |
| ipv4_address_scope        | None                                 |
| ipv6_address_scope        | None                                 |
| is_default                | None                                 |
| is_vlan_transparent       | None                                 |
| mtu                       | 1458                                 |
| name                      | net-42-1                             |
| port_security_enabled     | False                                |
| project_id                | 38ba8a1a65564951a01f0f0cb6d963e7     |
| provider:network_type     | gre                                  |
| provider:physical_network | None                                 |
| provider:segmentation_id  | 1                                    |
| qos_policy_id             | None                                 |
| revision_number           | 2                                    |
| router:external           | Internal                             |
| segments                  | None                                 |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   | 218ecbe5-8ea7-4965-9df2-702a8d8a0ca6 |
| tags                      |                                      |
| updated_at                | 2020-09-23T15:09:39Z                 |
+---------------------------+--------------------------------------+
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | UP                                   |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2020-09-23T15:09:33Z                 |
| description               |                                      |
| dns_domain                | None                                 |
| id                        | d87f8d99-e0e3-41b6-bad8-deec52746408 |
| ipv4_address_scope        | None                                 |
| ipv6_address_scope        | None                                 |
| is_default                | False                                |
| is_vlan_transparent       | None                                 |
| mtu                       | 1500                                 |
| name                      | net-dmz-ext                          |
| port_security_enabled     | False                                |
| project_id                | 38ba8a1a65564951a01f0f0cb6d963e7     |
| provider:network_type     | vlan                                 |
| provider:physical_network | physnet1                             |
| provider:segmentation_id  | 1606                                 |
| qos_policy_id             | None                                 |
| revision_number           | 2                                    |
| router:external           | External                             |
| segments                  | None                                 |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | 86f37edd-4a39-41cc-beb9-f3529ebf8874 |
| tags                      |                                      |
| updated_at                | 2020-09-23T15:09:39Z                 |
+---------------------------+--------------------------------------+

+----------------------+--------------------------------------+
| Field                | Value                                |
+----------------------+--------------------------------------+
| allocation_pools     | 192.168.199.100-192.168.199.199      |
| cidr                 | 192.168.199.0/24                     |
| created_at           | 2020-09-23T15:09:39Z                 |
| description          |                                      |
| dns_nameservers      | 1.1.1.1, 8.8.8.8                     |
| dns_publish_fixed_ip | None                                 |
| enable_dhcp          | True                                 |
| gateway_ip           | 192.168.199.1                        |
| host_routes          |                                      |
| id                   | 218ecbe5-8ea7-4965-9df2-702a8d8a0ca6 |
| ip_version           | 4                                    |
| ipv6_address_mode    | None                                 |
| ipv6_ra_mode         | None                                 |
| name                 | sub-42-1                             |
| network_id           | d6420097-fe20-43f5-b39b-0236ee364f72 |
| prefix_length        | None                                 |
| project_id           | 38ba8a1a65564951a01f0f0cb6d963e7     |
| revision_number      | 0                                    |
| segment_id           | None                                 |
| service_types        |                                      |
| subnetpool_id        | None                                 |
| tags                 |                                      |
| updated_at           | 2020-09-23T15:09:39Z                 |
+----------------------+--------------------------------------+
+----------------------+--------------------------------------+
| Field                | Value                                |
+----------------------+--------------------------------------+
| allocation_pools     | 10.142.1.190-10.142.1.200            |
| cidr                 | 10.142.1.0/24                        |
| created_at           | 2020-09-23T15:09:39Z                 |
| description          |                                      |
| dns_nameservers      | 8.8.4.4, 8.8.8.8                     |
| dns_publish_fixed_ip | None                                 |
| enable_dhcp          | True                                 |
| gateway_ip           | 10.142.1.1                           |
| host_routes          |                                      |
| id                   | 86f37edd-4a39-41cc-beb9-f3529ebf8874 |
| ip_version           | 4                                    |
| ipv6_address_mode    | None                                 |
| ipv6_ra_mode         | None                                 |
| name                 | sub-dmz-ext                          |
| network_id           | d87f8d99-e0e3-41b6-bad8-deec52746408 |
| prefix_length        | None                                 |
| project_id           | 38ba8a1a65564951a01f0f0cb6d963e7     |
| revision_number      | 0                                    |
| segment_id           | None                                 |
| service_types        |                                      |
| subnetpool_id        | None                                 |
| tags                 |                                      |
| updated_at           | 2020-09-23T15:09:39Z                 |
+----------------------+--------------------------------------+

+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host        | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+
| 174fce95-3fc1-4d4f-b0ee-390ecb8e932c | Open vSwitch agent | PM-865      | None              | :-)   | UP    | neutron-openvswitch-agent |
| 178ff5ff-c216-4972-b500-82fea7085ab0 | DHCP agent         | PM-866.maas | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 72b706b9-8b96-4c2b-bcfa-c9ac531fd414 | Metadata agent     | PM-866.maas | None              | :-)   | UP    | neutron-metadata-agent    |
| 75d1d34c-16e0-43fb-b2b6-5a4c3f00d3b7 | Open vSwitch agent | PM-866.maas | None              | :-)   | UP    | neutron-openvswitch-agent |
| a5aa6eb1-ae50-4181-922e-3f889cf3cd58 | Metering agent     | PM-865      | None              | :-)   | UP    | neutron-metering-agent    |
| c8586881-83e7-4d2a-89a3-d3628d8cf3bf | L3 agent           | PM-865      | nova              | :-)   | UP    | neutron-l3-agent          |
| d3faa78c-1c1a-4ae9-ad6d-a80c1ce8e485 | DHCP agent         | PM-865      | nova              | :-)   | UP    | neutron-dhcp-agent        |
| dcd81b88-bb7e-459b-934e-8160367d2b9d | Metadata agent     | PM-865      | None              | :-)   | UP    | neutron-metadata-agent    |
+--------------------------------------+--------------------+-------------+-------------------+-------+-------+---------------------------+

[3] Instances

+--------------------------------------+------------+--------+----------------------------------------+--------------+-----------+
| ID                                   | Name       | Status | Networks                               | Image        | Flavor    |
+--------------------------------------+------------+--------+----------------------------------------+--------------+-----------+
| b0cad3c3-05da-4bd2-a9f0-7f75633e1b73 | bulk-vm3-0 | ACTIVE | net-dmz-ext=10.142.1.199               | cirros-amd64 | m1.medium |
| 525dee3f-d0cc-4f32-bb83-c3f06d4b7387 | bulk-vm1-0 | ACTIVE | net-42-1=192.168.199.143, 10.142.1.196 | bionic-amd64 | m1.medium |
+--------------------------------------+------------+--------+----------------------------------------+--------------+-----------+
2

Also, the console log of the instance addressed in the provider network, which confirm the IP configuration is correct (running cirros):

if-info: lo,up,127.0.0.1,8,,
if-info: eth0,up,10.142.1.199,24,fe80::f816:3eff:fe06:8197/64,
ip-route:default via 10.142.1.1 dev eth0 
ip-route:10.142.1.0/24 dev eth0 scope link  src 10.142.1.199 
ip-route:169.254.169.254 via 10.142.1.190 dev eth0 
ip-route6:fe80::/64 dev eth0  metric 256 
ip-route6:ff00::/8 dev eth0  metric 256 
=== datasource: configdrive local ===
instance-id: b0cad3c3-05da-4bd2-a9f0-7f75633e1b73
name: bulk-vm3-0
availability-zone: nova
local-hostname: bulk-vm3-0.novalocal
launch-index: 0
=== cirros: current=0.5.1 uptime=3.95 ===
/dev/root resized successfully [took 2.57s]
=== pinging gateway failed, debugging connection ===

Thanks

3

The first thing I’d check is whether your compute node has a trunk from the switch that is servicing 802.1q VLAN tagging connected to enp3s0f1 and is the switch set to allow vlan tagging of vlan ID 1606 on that machine’s port in the switch? Also, you cannot use enp3s0f1 for anything other than the provider vlan trunk on that node. If you need to have an interface pull double-duty, you’ll need to utilize a bridge and change bridge-mappings on your neutron-openvswitch-agent charm to match that bridge.

The data flow should be VM’s tap -> br-int -> br-data -> br-ex -> enp3s0f1.

ovs-vsctl and ovs-ofctl can show you the relevant interfaces and flow tables within openvswitch.

Is the vlan 1606 working when you hit 10.142.1.196 as a floating IP for the other VM?

4

Switch config has been tripple checked, both machine are reachable on the vlan 1606 (tagged frames), everything seems fine on the under laying network, and yes enp3s0f1 is dedicated for the trunk on both node (leaved as “unconfigured” on MaaS, so basically the interfaces is UP without any IP configuration).

Regarding instances, I set “juju config neutron-openvswitch enable-local-dhcp-and-metadata=true” and I re-deploy both instances: the floating IP is still reachable, the fixed IP is only reachable in the namespace located on the nova node, but is isolated from the rest of the world (even from name space on the neutron gateway).

Here are some information:

  • brct show [1]
  • ovs-vsctl show [2]
  • ovs-ofctl show br-XXX [3]

I am not sure to fully understand how OVS works here, could elaborate on the methodology to check the whole the network path from tap iface to enp3s0f1 ?

[1]

# brctl show
bridge name	bridge id		STP enabled	interfaces
qbr90cd5bd1-87		8000.9e350506f23f	no		qvb90cd5bd1-87
							tap90cd5bd1-87
qbr99e013c2-a1		8000.76101f30af14	no		qvb99e013c2-a1
							tap99e013c2-a1

[2]

# ovs-vsctl show
b5152962-c3e1-4830-b467-241b0b278c5d
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-data
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        datapath_type: system
        Port phy-br-data
            Interface phy-br-data
                type: patch
                options: {peer=int-br-data}
        Port br-data
            Interface br-data
                type: internal
    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        datapath_type: system
        Port "tap2085cd7e-56"
            tag: 11
            Interface "tap2085cd7e-56"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qvo90cd5bd1-87"
            tag: 11
            Interface "qvo90cd5bd1-87"
        Port br-int
            Interface br-int
                type: internal
        Port int-br-data
            Interface int-br-data
                type: patch
                options: {peer=phy-br-data}
        Port "qvo99e013c2-a1"
            tag: 12
            Interface "qvo99e013c2-a1"
    Bridge br-ex
        datapath_type: system
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        datapath_type: system
        Port "gre-0a8c0a29"
            Interface "gre-0a8c0a29"
                type: gre
                options: {df_default="true", egress_pkt_mark="0", in_key=flow, local_ip="10.140.10.42", out_key=flow, remote_ip="10.140.10.41"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    ovs_version: "2.12.0"

[3]

# ovs-ofctl show br-int
OFPT_FEATURES_REPLY (xid=0x2): dpid:00002a1eca127d4a
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 1(int-br-data): addr:72:00:10:be:be:90
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 2(patch-tun): addr:8e:75:68:cb:60:7b
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 16(tap2085cd7e-56): addr:fa:16:3e:c4:44:9e
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 17(qvo99e013c2-a1): addr:22:83:19:86:53:ef
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 18(qvo90cd5bd1-87): addr:42:57:b7:a0:81:5a
     config:     0
     state:      0
     current:    10GB-FD COPPER
     speed: 10000 Mbps now, 0 Mbps max
 LOCAL(br-int): addr:2a:1e:ca:12:7d:4a
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0


# ovs-ofctl show br-data
OFPT_FEATURES_REPLY (xid=0x2): dpid:00002a53b4049043
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 1(phy-br-data): addr:aa:24:6a:76:16:a7
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(br-data): addr:2a:53:b4:04:90:43
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0


# ovs-ofctl show br-ex
OFPT_FEATURES_REPLY (xid=0x2): dpid:0000c279741de54b
n_tables:254, n_buffers:0
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 LOCAL(br-ex): addr:c2:79:74:1d:e5:4b
     config:     PORT_DOWN
     state:      LINK_DOWN
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
5

There should be an ovs-ofctl list-flows <bridge> command which will show you the list of rules each of the packets has applied as it enters each bridge and where it exits, drops, gets encapsulated/decapsulated, etc. The ports in the flow tables will relate to your ovs-ofctl show <bridge> [3] port IDs.

Though, if your plumbing is correct, typically flow issues would show up as errors in the neutron openvswitch logs in /var/log/neutron on the compute unit where your unreachable host lives.

6

Thank for the help Drew !

I did not get any errors regarding this network issue in neutron’s logs on the nova node.

Actually I dont understand why the physical nic “enp26s0f1” didn’t appear in the br-data bridge as specified in the bundle, as it should be right ?

  neutron-gateway:
    options:
      bridge-mappings: physnet1:br-data
      data-port: br-data:enp26s0f1

As you stated, there are drops in br-data:

# ovs-ofctl dump-flows br-data
 cookie=0x9323344c18500dfe, duration=25023.882s, table=0, n_packets=126, n_bytes=8772, priority=4,in_port="phy-br-data",dl_vlan=11 actions=mod_vlan_vid:1606,NORMAL
 cookie=0x9323344c18500dfe, duration=43233.599s, table=0, n_packets=1844, n_bytes=92812, priority=2,in_port="phy-br-data" actions=drop
 cookie=0x9323344c18500dfe, duration=43233.601s, table=0, n_packets=0, n_bytes=0, priority=0 actions=NORMAL
7

Ok so I just manually added enp26s0f1 nice to br-data on the nova node and it solves the issue: the instance adressed directly in the provider network become reachable.

I dont understand why the interface isn’t added to br-data automatically, is there any specific configuration in some charms I missed ?

8

For completeness, here is the full bundle export:

series: bionic
applications:
  ceph-mon:
    charm: cs:~openstack-charmers-next/ceph-mon-442
    num_units: 3
    to:
    - lxd:3
    - lxd:4
    - lxd:5
    options:
      expected-osd-count: 3
      monitor-count: 3
      source: cloud:bionic-train
    bindings:
      "": maas-infralab
      admin: maas-infralab
      bootstrap-source: maas-infralab
      client: maas-infralab
      cluster: maas-infralab
      mds: maas-infralab
      mon: maas-infralab
      nrpe-external-master: maas-infralab
      osd: maas-infralab
      prometheus: maas-infralab
      public: maas-infralab
      radosgw: maas-infralab
      rbd-mirror: maas-infralab
  ceph-osd:
    charm: cs:~openstack-charmers-next/ceph-osd-467
    num_units: 3
    to:
    - "3"
    - "4"
    - "5"
    options:
      osd-devices: /dev/sdb /dev/vdb
      source: cloud:bionic-train
    bindings:
      "": maas-infralab
      cluster: maas-infralab
      mon: maas-infralab
      nrpe-external-master: maas-infralab
      public: maas-infralab
      secrets-storage: maas-infralab
  ceph-radosgw:
    charm: cs:~openstack-charmers-next/ceph-radosgw-372
    num_units: 1
    to:
    - lxd:5
    options:
      source: cloud:bionic-train
    bindings:
      "": maas-infralab
      admin: maas-infralab
      certificates: maas-infralab
      cluster: maas-infralab
      gateway: maas-infralab
      ha: maas-infralab
      identity-service: maas-infralab
      internal: maas-infralab
      master: maas-infralab
      mon: maas-infralab
      nrpe-external-master: maas-infralab
      object-store: maas-infralab
      public: maas-infralab
      slave: maas-infralab
  cinder:
    charm: cs:~openstack-charmers-next/cinder-421
    num_units: 1
    to:
    - lxd:2
    options:
      block-device: None
      glance-api-version: 2
      openstack-origin: cloud:bionic-train
      worker-multiplier: 1
    bindings:
      "": maas-infralab
      admin: maas-infralab
      amqp: maas-infralab
      backup-backend: maas-infralab
      ceph: maas-infralab
      certificates: maas-infralab
      cinder-volume-service: maas-infralab
      cluster: maas-infralab
      ha: maas-infralab
      identity-service: maas-infralab
      image-service: maas-infralab
      internal: maas-infralab
      nrpe-external-master: maas-infralab
      public: maas-infralab
      shared-db: maas-infralab
      storage-backend: maas-infralab
  cinder-ceph:
    charm: cs:~openstack-charmers-next/cinder-ceph-331
    bindings:
      "": alpha
      ceph: alpha
      ceph-access: alpha
      juju-info: alpha
      storage-backend: alpha
  glance:
    charm: cs:~openstack-charmers-next/glance-431
    num_units: 1
    to:
    - lxd:6
    options:
      openstack-origin: cloud:bionic-train
      worker-multiplier: 1
    bindings:
      "": maas-infralab
      admin: maas-infralab
      amqp: maas-infralab
      ceph: maas-infralab
      certificates: maas-infralab
      cinder-volume-service: maas-infralab
      cluster: maas-infralab
      ha: maas-infralab
      identity-service: maas-infralab
      image-service: maas-infralab
      internal: maas-infralab
      nrpe-external-master: maas-infralab
      object-store: maas-infralab
      public: maas-infralab
      shared-db: maas-infralab
      storage-backend: maas-infralab
  keystone:
    charm: cs:~openstack-charmers-next/keystone-513
    num_units: 1
    to:
    - lxd:6
    options:
      admin-password: Superpass01
      openstack-origin: cloud:bionic-train
      worker-multiplier: 1
    bindings:
      "": maas-infralab
      admin: maas-infralab
      certificates: maas-infralab
      cluster: maas-infralab
      domain-backend: maas-infralab
      ha: maas-infralab
      identity-admin: maas-infralab
      identity-credentials: maas-infralab
      identity-notifications: maas-infralab
      identity-service: maas-infralab
      internal: maas-infralab
      keystone-fid-service-provider: maas-infralab
      keystone-middleware: maas-infralab
      nrpe-external-master: maas-infralab
      public: maas-infralab
      shared-db: maas-infralab
      websso-trusted-dashboard: maas-infralab
  memcached:
    charm: cs:memcached-30
    num_units: 1
    to:
    - lxd:6
    bindings:
      "": maas-infralab
      cache: maas-infralab
      cluster: maas-infralab
      local-monitors: maas-infralab
      monitors: maas-infralab
      munin: maas-infralab
      nrpe-external-master: maas-infralab
  mysql:
    charm: cs:~openstack-charmers-next/percona-cluster-377
    num_units: 1
    to:
    - lxd:3
    options:
      innodb-buffer-pool-size: 256M
      max-connections: 1000
      performance-schema: true
    bindings:
      "": maas-infralab
      access: maas-infralab
      cluster: maas-infralab
      db: maas-infralab
      db-admin: maas-infralab
      ha: maas-infralab
      master: maas-infralab
      nrpe-external-master: maas-infralab
      shared-db: maas-infralab
      slave: maas-infralab
  neutron-api:
    charm: cs:~openstack-charmers-next/neutron-api-455
    num_units: 1
    to:
    - "0"
    options:
      flat-network-providers: physnet1
      manage-neutron-plugin-legacy-mode: true
      neutron-security-groups: true
      openstack-origin: cloud:bionic-train
      worker-multiplier: 1
    bindings:
      "": maas-infralab
      admin: maas-infralab
      amqp: maas-infralab
      certificates: maas-infralab
      cluster: maas-infralab
      etcd-proxy: maas-infralab
      external-dns: maas-infralab
      ha: maas-infralab
      identity-service: maas-infralab
      infoblox-neutron: maas-infralab
      internal: maas-infralab
      midonet: maas-infralab
      neutron-api: maas-infralab
      neutron-load-balancer: maas-infralab
      neutron-plugin-api: maas-infralab
      neutron-plugin-api-subordinate: maas-infralab
      nrpe-external-master: maas-infralab
      public: maas-infralab
      shared-db: maas-infralab
      vsd-rest-api: maas-infralab
  neutron-gateway:
    charm: cs:~openstack-charmers-next/neutron-gateway-430
    num_units: 1
    to:
    - "0"
    options:
      bridge-mappings: physnet1:br-data
      data-port: br-data:enp26s0f1
      openstack-origin: cloud:bionic-train
      worker-multiplier: 1
    bindings:
      "": maas-infralab
      amqp: maas-infralab
      amqp-nova: maas-infralab
      cluster: maas-infralab
      data: maas-infralab
      ha: maas-infralab
      neutron-plugin-api: maas-infralab
      nrpe-external-master: maas-infralab
      quantum-network-service: maas-infralab
  neutron-openvswitch:
    charm: cs:~openstack-charmers-next/neutron-openvswitch-413
    options:
      enable-local-dhcp-and-metadata: true
    bindings:
      "": maas-infralab
      amqp: maas-infralab
      data: maas-infralab
      juju-info: maas-infralab
      neutron-control: maas-infralab
      neutron-plugin: maas-infralab
      neutron-plugin-api: maas-infralab
  nova-cloud-controller:
    charm: cs:~openstack-charmers-next/nova-cloud-controller-499
    num_units: 1
    to:
    - lxd:2
    options:
      console-access-protocol: vnc
      network-manager: Neutron
      openstack-origin: cloud:bionic-train
      worker-multiplier: 1
    bindings:
      "": maas-infralab
      admin: maas-infralab
      amqp: maas-infralab
      amqp-cell: maas-infralab
      certificates: maas-infralab
      cinder-volume-service: maas-infralab
      cloud-compute: maas-infralab
      cloud-controller: maas-infralab
      cluster: maas-infralab
      ha: maas-infralab
      identity-service: maas-infralab
      image-service: maas-infralab
      internal: maas-infralab
      memcache: maas-infralab
      neutron-api: maas-infralab
      nova-cell-api: maas-infralab
      nova-vmware: maas-infralab
      nrpe-external-master: maas-infralab
      placement: maas-infralab
      public: maas-infralab
      quantum-network-service: maas-infralab
      shared-db: maas-infralab
      shared-db-cell: maas-infralab
  nova-compute:
    charm: cs:~openstack-charmers-next/nova-compute-509
    num_units: 1
    to:
    - "1"
    options:
      config-flags: default_ephemeral_format=ext4
      enable-live-migration: true
      enable-resize: true
      migration-auth-type: ssh
      openstack-origin: cloud:bionic-train
    bindings:
      "": maas-infralab
      amqp: maas-infralab
      ceph: maas-infralab
      ceph-access: maas-infralab
      cloud-compute: maas-infralab
      cloud-credentials: maas-infralab
      compute-peer: maas-infralab
      ephemeral-backend: maas-infralab
      image-service: maas-infralab
      internal: maas-infralab
      ironic-api: maas-infralab
      lxd: maas-infralab
      migration: maas-infralab
      neutron-plugin: maas-infralab
      nova-ceilometer: maas-infralab
      nrpe-external-master: maas-infralab
      secrets-storage: maas-infralab
  ntp:
    charm: cs:ntp-41
    bindings:
      "": alpha
      juju-info: alpha
      master: alpha
      nrpe-external-master: alpha
      ntp-peers: alpha
      ntpmaster: alpha
  openstack-dashboard:
    charm: cs:~openstack-charmers-next/openstack-dashboard-487
    num_units: 1
    to:
    - lxd:5
    options:
      openstack-origin: cloud:bionic-train
    bindings:
      "": maas-infralab
      certificates: maas-infralab
      cluster: maas-infralab
      dashboard-plugin: maas-infralab
      ha: maas-infralab
      identity-service: maas-infralab
      nrpe-external-master: maas-infralab
      public: maas-infralab
      shared-db: maas-infralab
      website: maas-infralab
      websso-fid-service-provider: maas-infralab
      websso-trusted-dashboard: maas-infralab
  placement:
    charm: cs:~openstack-charmers-next/placement-28
    num_units: 1
    to:
    - lxd:4
    options:
      openstack-origin: cloud:bionic-train
      worker-multiplier: 1
    bindings:
      "": maas-infralab
      admin: maas-infralab
      amqp: maas-infralab
      certificates: maas-infralab
      cluster: maas-infralab
      ha: maas-infralab
      identity-service: maas-infralab
      internal: maas-infralab
      placement: maas-infralab
      public: maas-infralab
      shared-db: maas-infralab
  rabbitmq-server:
    charm: cs:~openstack-charmers-next/rabbitmq-server-382
    num_units: 1
    to:
    - lxd:4
    bindings:
      "": maas-infralab
      amqp: maas-infralab
      ceph: maas-infralab
      certificates: maas-infralab
      cluster: maas-infralab
      ha: maas-infralab
      nrpe-external-master: maas-infralab
machines:
  "0":
    constraints: tags=test_clemarch zones=default
  "1":
    constraints: tags=test_clemarch zones=default
  "2":
    constraints: tags=virtual zones=default
  "3":
    constraints: tags=virtual zones=default
  "4":
    constraints: tags=virtual zones=default
  "5":
    constraints: tags=virtual zones=default
  "6":
    constraints: tags=virtual zones=default
relations:
- - nova-compute:amqp
  - rabbitmq-server:amqp
- - neutron-gateway:amqp
  - rabbitmq-server:amqp
- - keystone:shared-db
  - mysql:shared-db
- - nova-cloud-controller:identity-service
  - keystone:identity-service
- - glance:identity-service
  - keystone:identity-service
- - neutron-api:identity-service
  - keystone:identity-service
- - neutron-openvswitch:neutron-plugin-api
  - neutron-api:neutron-plugin-api
- - neutron-api:shared-db
  - mysql:shared-db
- - neutron-api:amqp
  - rabbitmq-server:amqp
- - neutron-gateway:neutron-plugin-api
  - neutron-api:neutron-plugin-api
- - glance:shared-db
  - mysql:shared-db
- - glance:amqp
  - rabbitmq-server:amqp
- - nova-cloud-controller:image-service
  - glance:image-service
- - nova-compute:image-service
  - glance:image-service
- - nova-cloud-controller:cloud-compute
  - nova-compute:cloud-compute
- - nova-cloud-controller:amqp
  - rabbitmq-server:amqp
- - nova-cloud-controller:quantum-network-service
  - neutron-gateway:quantum-network-service
- - nova-compute:neutron-plugin
  - neutron-openvswitch:neutron-plugin
- - neutron-openvswitch:amqp
  - rabbitmq-server:amqp
- - openstack-dashboard:identity-service
  - keystone:identity-service
- - openstack-dashboard:shared-db
  - mysql:shared-db
- - nova-cloud-controller:shared-db
  - mysql:shared-db
- - nova-cloud-controller:neutron-api
  - neutron-api:neutron-api
- - cinder:image-service
  - glance:image-service
- - cinder:amqp
  - rabbitmq-server:amqp
- - cinder:identity-service
  - keystone:identity-service
- - cinder:cinder-volume-service
  - nova-cloud-controller:cinder-volume-service
- - cinder-ceph:storage-backend
  - cinder:storage-backend
- - ceph-mon:client
  - nova-compute:ceph
- - nova-compute:ceph-access
  - cinder-ceph:ceph-access
- - cinder:shared-db
  - mysql:shared-db
- - ceph-mon:client
  - cinder-ceph:ceph
- - ceph-mon:client
  - glance:ceph
- - ceph-osd:mon
  - ceph-mon:osd
- - ntp:juju-info
  - nova-compute:juju-info
- - ntp:juju-info
  - neutron-gateway:juju-info
- - ceph-radosgw:mon
  - ceph-mon:radosgw
- - ceph-radosgw:identity-service
  - keystone:identity-service
- - placement:shared-db
  - mysql:shared-db
- - placement:identity-service
  - keystone:identity-service
- - placement:placement
  - nova-cloud-controller:placement
- - nova-cloud-controller:memcache
  - memcached:cache
9

I think I figured out the issue: the “data-port=br-data:enp26s0f1” option were missing in the neutron-openvswitch charm.

Thanks Drew, help was very much appreciated.

Cheers

2 Likes
10

Glad you were able to work that out! In your original post, you had data-port defined under neutron-openvswitch, but it was defined with br-data:enp3s0f1, which may have caused your original issues.