Problems understanding/running the flat network mode

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Problems understanding/running the flat network mode

Christian Wittwer
Hi,
I'm currently building a small proof of concept using OpenStack 2011.2
on Ubuntu 10.04.3 LTS. The setup looks like this.

os-controller
Physical server with one interface, runs nova-network and nova-scheduler.

root at os-controller:/etc/network# ifconfig
br100     Link encap:Ethernet  HWaddr 00:22:19:6d:87:3a
          inet addr:10.2.3.7  Bcast:10.2.3.255  Mask:255.255.254.0
          inet6 addr: fe80::222:19ff:fe6d:873a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:104693 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48841 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:8637793 (8.6 MB)  TX bytes:5173040 (5.1 MB)

eth0      Link encap:Ethernet  HWaddr 00:22:19:6d:87:3a
          inet6 addr: fe80::222:19ff:fe6d:873a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:513207 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1241603 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:47340200 (47.3 MB)  TX bytes:1578854262 (1.5 GB)
          Interrupt:16 Memory:f8000000-f8012800

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:902486 errors:0 dropped:0 overruns:0 frame:0
          TX packets:902486 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:76554927 (76.5 MB)  TX bytes:76554927 (76.5 MB)

virbr0    Link encap:Ethernet  HWaddr 26:29:f0:4b:12:4a
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root at os-controller:/etc/network# brctl show
bridge name     bridge id               STP enabled     interfaces
br100           8000.0022196d873a       no              eth0
virbr0          8000.000000000000       yes

os-compute1
Physical server with one interface, runs nova-compute.

root at os-compute1:/etc/nova# ifconfig
br100     Link encap:Ethernet  HWaddr 00:22:19:54:01:ef
          inet addr:10.2.3.101  Bcast:10.2.3.255  Mask:255.255.254.0
          inet6 addr: fe80::222:19ff:fe54:1ef/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1270917 errors:0 dropped:0 overruns:0 frame:0
          TX packets:494417 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1559046135 (1.5 GB)  TX bytes:44115042 (44.1 MB)

eth0      Link encap:Ethernet  HWaddr 00:22:19:54:01:ef
          inet6 addr: fe80::222:19ff:fe54:1ef/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1269412 errors:0 dropped:0 overruns:0 frame:0
          TX packets:496714 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1581861586 (1.5 GB)  TX bytes:46244418 (46.2 MB)
          Interrupt:16 Memory:da000000-da012800

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:21 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2024 (2.0 KB)  TX bytes:2024 (2.0 KB)

virbr0    Link encap:Ethernet  HWaddr b2:ea:48:a0:07:1b
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:252 (252.0 B)

vnet0     Link encap:Ethernet  HWaddr fe:16:3e:3c:ba:2a
          inet6 addr: fe80::fc16:3eff:fe3c:ba2a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:581 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3522 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:24618 (24.6 KB)  TX bytes:474829 (474.8 KB)

vnet1     Link encap:Ethernet  HWaddr fe:16:3e:06:43:11
          inet6 addr: fe80::fc16:3eff:fe06:4311/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:240 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1471 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:10296 (10.2 KB)  TX bytes:210510 (210.5 KB)

root at os-compute1:/etc/nova# brctl show
bridge name     bridge id               STP enabled     interfaces
br100           8000.0022195401ef       no              eth0
                                                        vnet0
                                                        vnet1
virbr0          8000.000000000000       yes

The nova.conf looks like this.

--dhcpbridge_flagfile=/etc/nova/nova.conf
--dhcpbridge=/usr/bin/nova-dhcpbridge
--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--verbose
--s3_host=10.2.3.7
--rabbit_host=10.2.3.7
--cc_host=10.2.3.7
--ec2_url=http://10.2.3.7:8773/services/Cloud
--fixed_range=192.168.27.0/24
--network_size=253
--FAKE_subdomain=ec2
--routing_source_ip=10.2.3.7
--verbose
--sql_connection=mysql://root:secret at 10.2.3.7/nova
--network_manager=nova.network.manager.FlatManager

The private network I've chosen is 192.168.27.0/24.

root at os-controller:/etc/network# nova-manage network list
network                 netmask         start address   DNS
192.168.27.0/29         255.255.255.248 192.168.27.2    8.8.4.4

I can startup a instance, it gets a ip from that pool, but I'm unable
to ping it.

root at os-controller:/etc/network# euca-describe-instances
RESERVATION     r-of7is1i0      BUIS    default
INSTANCE        i-0000000c      ami-20f7c97c    192.168.27.2
192.168.27.2    running None (foo, os-compute1)       0
m1.tiny 2011-08-13T09:34:59Z nova
RESERVATION     r-t9tq3f2q      BUIS    default
INSTANCE        i-0000000d      ami-20f7c97c    192.168.27.3
192.168.27.3    running None (foo, os-compute1)       0
m1.tiny 2011-08-13T09:53:29Z nova

I think there needs to be more configuration done? I had a look at the
database, the gateway for that network is 192.168.27.1.
But where do I have to configure that ip? On the os-controller? Or an
additional route, because I don't have one on both of my nodes.

root at os-compute1:/etc/nova# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
10.2.2.0        0.0.0.0         255.255.254.0   U     0      0        0 br100
0.0.0.0         10.2.2.1        0.0.0.0         UG    100    0        0 br100

Can somebody help me?

Chris

Reply | Threaded
Open this post in threaded view
|

Problems understanding/running the flat network mode

Shang Wu-2
Hi Chris,

On 11-08-13 06:16 PM, Christian Wittwer wrote:
> I can startup a instance, it gets a ip from that pool, but I'm unable
> to ping it.

The first thing that come to my mind is that you need to run the
euca-authorize command to enable the ICMP protocol. If you haven't done
it already, this might be something worth look into.

Regards,

--
Shang Wu

Reply | Threaded
Open this post in threaded view
|

Problems understanding/running the flat network mode

Christian Wittwer
Hi,
I found a solution. The problem was, that I had no ip on that host in
that subnet.
Therefore all packages to 192.168.27.0/24 were sent to my default gw,
which was wrong.
I created a "virtual" interface on the bridge, where the instances are
connected to.

br100:0   Link encap:Ethernet  HWaddr 00:22:19:6d:87:3a
          inet addr:192.168.27.100  Bcast:192.168.27.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

After that, the network is running and I'm able to ping my instances.

But now I'm looking into flat dhcp mode, because I'm going to have
windows instances, and the ip injection doesn't work with windows
afaik.

Cheers,
Chris

2011/8/15 Shang Wu <shang at ubuntu.com>:

> Hi Chris,
>
> On 11-08-13 06:16 PM, Christian Wittwer wrote:
>> I can startup a instance, it gets a ip from that pool, but I'm unable
>> to ping it.
>
> The first thing that come to my mind is that you need to run the
> euca-authorize command to enable the ICMP protocol. If you haven't done
> it already, this might be something worth look into.
>
> Regards,
>
> --
> Shang Wu
>

Reply | Threaded
Open this post in threaded view
|

Problems understanding/running the flat network mode

Arjun Datta
Hi,

I have a similar problem but my networking seems to be setup correctly.

Does one need to authorise SSH as well ? I also, cannot ping or SSH to
any running instances.


Regards,
 
Arjun Datta

-----Original Message-----
From: openstack-operators-bounces at lists.openstack.org
[mailto:openstack-operators-bounces at lists.openstack.org] On Behalf Of
Christian Wittwer
Sent: August-15-11 12:12 PM
To: openstack-operators at lists.openstack.org
Subject: Re: [Openstack-operators] Problems understanding/running the
flat network mode

Hi,
I found a solution. The problem was, that I had no ip on that host in
that subnet.
Therefore all packages to 192.168.27.0/24 were sent to my default gw,
which was wrong.
I created a "virtual" interface on the bridge, where the instances are
connected to.

br100:0   Link encap:Ethernet  HWaddr 00:22:19:6d:87:3a
          inet addr:192.168.27.100  Bcast:192.168.27.255
Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

After that, the network is running and I'm able to ping my instances.

But now I'm looking into flat dhcp mode, because I'm going to have
windows instances, and the ip injection doesn't work with windows afaik.

Cheers,
Chris

2011/8/15 Shang Wu <shang at ubuntu.com>:
> Hi Chris,
>
> On 11-08-13 06:16 PM, Christian Wittwer wrote:
>> I can startup a instance, it gets a ip from that pool, but I'm unable

>> to ping it.
>
> The first thing that come to my mind is that you need to run the
> euca-authorize command to enable the ICMP protocol. If you haven't
> done it already, this might be something worth look into.
>
> Regards,
>
> --
> Shang Wu
>
_______________________________________________
Openstack-operators mailing list
Openstack-operators at lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

--------------------------------------------------------------------------
?This electronic message contains information from Primus Telecommunications Canada Inc. ("PRIMUS") , which may be legally privileged and confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone or e-mail (to the number or address above) immediately. Any views, opinions or advice expressed in this electronic message are not necessarily the views, opinions or advice of PRIMUS. It is the responsibility of the recipient to ensure that any attachments are virus free and PRIMUS bears no responsibility for any loss or damage arising in any way from the use thereof.The term "PRIMUS" includes its affiliates.
--------------------------------------------------------------------------
?Pour la version en fran?ais de ce message, veuillez voir
http://www.primustel.ca/fr/legal/cs.htm

Reply | Threaded
Open this post in threaded view
|

Problems understanding/running the flat network mode

Shaon
i have downloaded image from
http://cloud-images.ubuntu.com/releases/11.04/release/ubuntu-11.04-server-uec-amd64.tar.gz

and also facing the same problem, cannot access or my running instances.

However, I am facing another weird problem here. I can easily launch an
instance from the dashboard, but when I try to run it from command line, I
lost my internet connection, and this happens to all of my PCs connected to
the same router. To solve this I have to restart the network of the
controller node to get connected again.

On Tue, Aug 16, 2011 at 9:34 PM, Arjun Datta <ADatta at primustel.ca> wrote:

> Hi,
>
> I have a similar problem but my networking seems to be setup correctly.
>
> Does one need to authorise SSH as well ? I also, cannot ping or SSH to
> any running instances.
>
>
> Regards,
>
> Arjun Datta
>
> -----Original Message-----
> From: openstack-operators-bounces at lists.openstack.org
> [mailto:openstack-operators-bounces at lists.openstack.org] On Behalf Of
> Christian Wittwer
> Sent: August-15-11 12:12 PM
> To: openstack-operators at lists.openstack.org
> Subject: Re: [Openstack-operators] Problems understanding/running the
> flat network mode
>
> Hi,
> I found a solution. The problem was, that I had no ip on that host in
> that subnet.
> Therefore all packages to 192.168.27.0/24 were sent to my default gw,
> which was wrong.
> I created a "virtual" interface on the bridge, where the instances are
> connected to.
>
> br100:0   Link encap:Ethernet  HWaddr 00:22:19:6d:87:3a
>          inet addr:192.168.27.100  Bcast:192.168.27.255
> Mask:255.255.255.0
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>
> After that, the network is running and I'm able to ping my instances.
>
> But now I'm looking into flat dhcp mode, because I'm going to have
> windows instances, and the ip injection doesn't work with windows afaik.
>
> Cheers,
> Chris
>
> 2011/8/15 Shang Wu <shang at ubuntu.com>:
> > Hi Chris,
> >
> > On 11-08-13 06:16 PM, Christian Wittwer wrote:
> >> I can startup a instance, it gets a ip from that pool, but I'm unable
>
> >> to ping it.
> >
> > The first thing that come to my mind is that you need to run the
> > euca-authorize command to enable the ICMP protocol. If you haven't
> > done it already, this might be something worth look into.
> >
> > Regards,
> >
> > --
> > Shang Wu
> >
> _______________________________________________
> Openstack-operators mailing list
> Openstack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
> --------------------------------------------------------------------------
>  This electronic message contains information from Primus
> Telecommunications Canada Inc. ("PRIMUS") , which may be legally privileged
> and confidential. The information is intended to be for the use of the
> individual(s) or entity named above. If you are not the intended recipient,
> be aware that any disclosure, copying, distribution or use of the contents
> of this information is prohibited. If you have received this electronic
> message in error, please notify us by telephone or e-mail (to the number or
> address above) immediately. Any views, opinions or advice expressed in this
> electronic message are not necessarily the views, opinions or advice of
> PRIMUS. It is the responsibility of the recipient to ensure that any
> attachments are virus free and PRIMUS bears no responsibility for any loss
> or damage arising in any way from the use thereof.The term "PRIMUS" includes
> its affiliates.
> --------------------------------------------------------------------------
>  Pour la version en fran?ais de ce message, veuillez voir
> http://www.primustel.ca/fr/legal/cs.htm
> _______________________________________________
> Openstack-operators mailing list
> Openstack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>



--
thanks
-shaon

http://mdshaonimran.wordpress.com
http://twitter.com/mdshaonimran
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20110816/ca5d8c42/attachment-0001.html>

Reply | Threaded
Open this post in threaded view
|

Problems understanding/running the flat network mode

Arjun Datta
That's a bit odd.
 
 
When I run euca-describe-instances I see the instance running:
 
 
~# euca-describe-instances
RESERVATION     r-8qqt14x2      novatest        default
INSTANCE        i-00000001      ami-15bd14eb    192.168.140.114 192.168.140.114 running novatest (novatest, spe-lab)    0               m1.tiny 2011-08-12T13:29:24Z   nova

 
And my groups are set up as follows:
 
 
~# euca-describe-groups
GROUP   novatest        default default
PERMISSION      novatest        default ALLOWS  icmp    -1      -1      FROM    CIDR    0.0.0.0/0
PERMISSION      novatest        default ALLOWS  icmp    22      22      FROM    CIDR    0.0.0.0/0

 
 
However when I try to query the IP of the instance, that I cannot ping or SSH, I get nothing
 
 
~# euca-describe-addresses 192.168.140.114
~#

So I'm going to check my routes, networking and try adding new rules using euca-authorize
 
 
 
Regards,
 
Arjun Datta
 


________________________________

From: Shaon [mailto:mdshaonimran at gmail.com]
Sent: August-16-11 11:53 AM
To: Arjun Datta
Cc: Christian Wittwer; openstack-operators at lists.openstack.org
Subject: Re: [Openstack-operators] Problems understanding/running the flat network mode


i have downloaded image from http://cloud-images.ubuntu.com/releases/11.04/release/ubuntu-11.04-server-uec-amd64.tar.gz

and also facing the same problem, cannot access or my running instances.

However, I am facing another weird problem here. I can easily launch an instance from the dashboard, but when I try to run it from command line, I lost my internet connection, and this happens to all of my PCs connected to the same router. To solve this I have to restart the network of the controller node to get connected again.


On Tue, Aug 16, 2011 at 9:34 PM, Arjun Datta <ADatta at primustel.ca> wrote:


        Hi,
       
        I have a similar problem but my networking seems to be setup correctly.
       
        Does one need to authorise SSH as well ? I also, cannot ping or SSH to
        any running instances.
       
       
        Regards,
       
        Arjun Datta
       
        -----Original Message-----
        From: openstack-operators-bounces at lists.openstack.org
        [mailto:openstack-operators-bounces at lists.openstack.org] On Behalf Of
        Christian Wittwer
        Sent: August-15-11 12:12 PM
        To: openstack-operators at lists.openstack.org
        Subject: Re: [Openstack-operators] Problems understanding/running the
        flat network mode
       

        Hi,
        I found a solution. The problem was, that I had no ip on that host in
        that subnet.
        Therefore all packages to 192.168.27.0/24 were sent to my default gw,
        which was wrong.
        I created a "virtual" interface on the bridge, where the instances are
        connected to.
       
        br100:0   Link encap:Ethernet  HWaddr 00:22:19:6d:87:3a
                 inet addr:192.168.27.100  Bcast:192.168.27.255
        Mask:255.255.255.0
                 UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
       
        After that, the network is running and I'm able to ping my instances.
       
        But now I'm looking into flat dhcp mode, because I'm going to have
        windows instances, and the ip injection doesn't work with windows afaik.
       
        Cheers,
        Chris
       
        2011/8/15 Shang Wu <shang at ubuntu.com>:
        > Hi Chris,
        >
        > On 11-08-13 06:16 PM, Christian Wittwer wrote:
        >> I can startup a instance, it gets a ip from that pool, but I'm unable
       
        >> to ping it.
        >
        > The first thing that come to my mind is that you need to run the
        > euca-authorize command to enable the ICMP protocol. If you haven't
        > done it already, this might be something worth look into.
        >
        > Regards,
        >
        > --
        > Shang Wu
        >
        _______________________________________________
        Openstack-operators mailing list
        Openstack-operators at lists.openstack.org
        http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
       
       
        --------------------------------------------------------------------------
         This electronic message contains information from Primus Telecommunications Canada Inc. ("PRIMUS") , which may be legally privileged and confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone or e-mail (to the number or address above) immediately. Any views, opinions or advice expressed in this electronic message are not necessarily the views, opinions or advice of PRIMUS. It is the responsibility of the recipient to ensure that any attachments are virus free and PRIMUS bears no responsibility for any loss or damage arising in any way from the use thereof.The term "PRIMUS" includes its affiliates.
        --------------------------------------------------------------------------
         Pour la version en fran?ais de ce message, veuillez voir
        http://www.primustel.ca/fr/legal/cs.htm
       
        _______________________________________________
        Openstack-operators mailing list
        Openstack-operators at lists.openstack.org
        http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
       




--
thanks
-shaon

http://mdshaonimran.wordpress.com
http://twitter.com/mdshaonimran


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20110817/df8cce9b/attachment.html>