The
correct name of this post is supposed to be
"Nova and Neutron workflow && CLI for HAProxy/Keepalived 3 Node
Controller RDO Liberty in an appropriate amount of detail". It follows
up http://lxer.com/module/newswire/view/222164/index.html . All environment has been built via Nova and Neutron CLI ( no Horizon involvement ).
Neutron work-flow on Controller is described including OVS flow rules on external bridge created by flat external network provider , eth0 external interface as VLAN OVS port of bridge br-eth0 and br-int
First create keystonerc_admin to provide admin ability manage via CLI
[root@hacontroller1 ~(keystone_admin)]# cat keystonerc_admin
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PROJECT_NAME=admin
export OS_REGION_NAME=regionOne
export OS_PASSWORD=keystonetest
export OS_AUTH_URL=http://controller-vip.example.com:35357/v2.0/
export OS_SERVICE_ENDPOINT=http://controller-vip.example.com:35357/v2.0 export OS_SERVICE_TOKEN=$(cat /root/keystone_service_token)
export PS1='[\u@\h \W(keystone_admin)]\$ '
Neutron work-flow on Controller is described including OVS flow rules on external bridge created by flat external network provider , eth0 external interface as VLAN OVS port of bridge br-eth0 and br-int
First create keystonerc_admin to provide admin ability manage via CLI
[root@hacontroller1 ~(keystone_admin)]# cat keystonerc_admin
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PROJECT_NAME=admin
export OS_REGION_NAME=regionOne
export OS_PASSWORD=keystonetest
export OS_AUTH_URL=http://controller-vip.example.com:35357/v2.0/
export OS_SERVICE_ENDPOINT=http://controller-vip.example.com:35357/v2.0 export OS_SERVICE_TOKEN=$(cat /root/keystone_service_token)
export PS1='[\u@\h \W(keystone_admin)]\$ '
[root@hacontroller1 ~(keystone_admin)]# cat keystonerc_demo export OS_USERNAME=demo export OS_TENANT_NAME=demo export OS_PROJECT_NAME=demo export OS_REGION_NAME=regionOne export OS_PASSWORD=redhat export OS_AUTH_URL=http://controller-vip.example.com:5000/v2.0/ export PS1='[\u@\h \W(keystone_demo)]\$ '
[root@hacontroller1 ~(keystone_admin)]# keystone tenant-list +----------------------------------+----------+---------+ | id | name | enabled | +----------------------------------+----------+---------+ | b2be742697534c3188bdc5ec56038853 | admin | True | | efe017b919c1487bab8c58281fcaceeb | demo | True | | 4cd322b30ca947eeb86c0a883e549a27 | services | True | +----------------------------------+----------+---------+ **************************************************** Creating HA Neutron router belongs tenant demo **************************************************** [root@hacontroller1 ~(keystone_admin)]# neutron router-create --ha True \ --tenant-id efe017b919c1487bab8c58281fcaceeb RouterDMS [root@hacontroller1 ~(keystone_admin)]# neutron l3-agent-list-hosting-router RouterDMS +--------------------------------------+---------------------------+----------------+-------+----------+ | id | host | admin_state_up | alive | ha_state | +--------------------------------------+---------------------------+----------------+-------+----------+ | 9c83e688-e7b4-4101-97df-844510d0ee52 | hacontroller1.example.com | True | :-) | active | | a7bdf03e-4550-4f1b-ae6f-25744894086d | hacontroller2.example.com | True | :-) | standby | +--------------------------------------+---------------------------+----------------+-------+-------
[root@hacontroller1 ~(keystone_admin)]# neutron router-port-list RouterDMS +--------------------------------------+-------------------------------------------------+-------------------+--------------------------------------------------------------------------------------+ | id | name | mac_address | fixed_ips | +--------------------------------------+-------------------------------------------------+-------------------+--------------------------------------------------------------------------------------+ | 013404f6-0bb8-4885-ab64-19e3970d7046 | HA port tenant efe017b919c1487bab8c58281fcaceeb | fa:16:3e:d5:7e:6f | {"subnet_id": "6886d46c-4947-455d-8656-ff0f2a649632", "ip_address": "169.254.192.2"} | | 4a6bcdf6-7895-45b7-b32b-c63d6e1c6bc5 | HA port tenant efe017b919c1487bab8c58281fcaceeb | fa:16:3e:35:f7:73 | {"subnet_id": "6886d46c-4947-455d-8656-ff0f2a649632", "ip_address": "169.254.192.1"} | | a37e106e-70a1-47bc-b8de-1153c8cacd2a | | fa:16:3e:0e:4b:eb | {"subnet_id": "a2c617b1-17cc-4768-b213-9f0795d07b40", "ip_address": "10.10.10.100"} | | dd6507fd-73e3-45f6-a935-8bbf29dacbb9 | | fa:16:3e:26:55:06 | {"subnet_id": "1c47d964-d7ec-4a72-a5a7-bc390c96359d", "ip_address": "30.0.0.1"} | +--------------------------------------+-------------------------------------------------+-------------------+------------------------------------------------------------------------------------
************************************** Creating private network as demo ************************************** [root@hacontroller2 ~(keystone_demo)]# neutron net-create private [root@hacontroller2 ~(keystone_demo)]# neutron subnet-create private \ 30.0.0.0/24 --dns_nameservers list=true 83.221.202.254 ************************************** Creating public network as admin ************************************** [root@hacontroller1 ~(keystone_admin)]# neutron net-create public --shared \ --provider:network_type flat --provider:physical_network physnet1 --router:external [root@hacontroller1 ~(keystone_admin)]# neutron subnet-create --gateway 10.10.10.1 \ --allocation-pool start=10.10.10.100,end=10.10.10.150 --disable-dhcp \ --name public_subnet public 10.10.10.0/24
[root@hacontroller1 neutron(keystone_demo)]# cat l3_agent.ini | grep -v ^# | grep -v ^$
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
handle_internal_only_routers = True
send_arp_for_ha = 3
metadata_ip = controller-vip.example.com
external_network_bridge =
[AGENT]
[root@hacontroller1 ml2(keystone_admin)]# cat ml2_conf.ini|grep -v ^#|grep -v ^$ [ml2] type_drivers = local,gre,flat,vxlan,vlan tenant_network_types = vxlan mechanism_drivers = openvswitch [ml2_type_flat] flat_networks = * [ml2_type_vlan] [ml2_type_gre] tunnel_id_ranges = 10:10000 [ml2_type_vxlan] vni_ranges = 10:10000 vxlan_group = 224.0.0.1 [ml2_type_geneve] [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[root@hacontroller1 ml2(keystone_admin)]# cat openvswitch_agent.ini | grep -v ^#|grep -v ^$ [ovs] local_ip = 192.169.142.221 enable_tunneling = True integration_bridge = br-int tunnel_bridge = br-tun bridge_mappings = physnet1:br-eth0 network_vlan_ranges = physnet1 [agent] tunnel_types = vxlan vxlan_udp_port = 4789 l2_population = False [securitygroup] firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver When "external_network_bridge = " , Neutron places the external interface of the router into the OVS bridge specified by the "provider_network" provider attribute in the Neutron network. Traffic is processed by Open vSwitch flow rules. In this configuration it is possible to utilize flat and VLAN provider networks.
[root@hacontroller1 ~(keystone_admin)]# ovs-ofctl show br-eth0
OFPT_FEATURES_REPLY (xid=0x2): dpid:00003e31a75b624a
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
1(eth0): addr:52:54:00:41:74:39
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
2(phy-br-eth0): addr:de:0e:37:e4:28:49
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
LOCAL(br-eth0): addr:3e:31:a7:5b:62:4a
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
[root@hacontroller1 ~(keystone_admin)]# ovs-ofctl dump-flows br-eth0
NXST_FLOW reply (xid=0x4):
cookie=0x0, duration=6785.707s, table=0, n_packets=18476, n_bytes=1202867, idle_age=3, priority=4,
in_port=2,dl_vlan=3 actions=strip_vlan,NORMAL <==== VLAN tag is striped
cookie=0x0, duration=6977.001s, table=0, n_packets=13639, n_bytes=766402, idle_age=1, priority=2,in_port=2 actions=drop
cookie=0x0, duration=6977.041s, table=0, n_packets=11557, n_bytes=10607506, idle_age=1, priority=0 actions=NORMAL
[root@hacontroller1 ~(keystone_admin)]# ovs-vsctl show eae701a9-447e-4b75-98b5-4f7ce026ddbb Bridge br-tun fail_mode: secure Port "vxlan-c0a98ee0" Interface "vxlan-c0a98ee0" type: vxlan options: {df_default="true", in_key=flow, local_ip="192.169.142.221", out_key=flow, remote_ip="192.169.142.224"} Port br-tun Interface br-tun type: internal Port "vxlan-c0a98ede" Interface "vxlan-c0a98ede" type: vxlan options: {df_default="true", in_key=flow, local_ip="192.169.142.221", out_key=flow, remote_ip="192.169.142.222"} Port "vxlan-c0a98edf" Interface "vxlan-c0a98edf" type: vxlan options: {df_default="true", in_key=flow, local_ip="192.169.142.221", out_key=flow, remote_ip="192.169.142.223"} Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Bridge "br-eth0" Port "br-eth0" Interface "br-eth0" type: internal Port "eth0" Interface "eth0" <============= Port "phy-br-eth0" Interface "phy-br-eth0" type: patch options: {peer="int-br-eth0"} Bridge br-int fail_mode: secure Port br-int Interface br-int type: internal Port "ha-013404f6-0b" tag: 2 Interface "ha-013404f6-0b" type: internal Port "int-br-eth0" Interface "int-br-eth0" type: patch options: {peer="phy-br-eth0"} Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port "qr-dd6507fd-73" tag: 1 Interface "qr-dd6507fd-73" type: internal Port "qg-a37e106e-70" ===============> tag: 3 Interface "qg-a37e106e-70" type: internal Port "tap7e8e240c-aa" tag: 1 Interface "tap7e8e240c-aa" type: internal ovs_version: "2.4.0" The packet exits the qg-a37e106e-70 (which is outgoing interface of corresponding qrouter-namespace attached to br-int due to external network provider involvment) interface, where it is assigned the VLAN tag associated with the external network 3. The packet is delivered to the external bridge, where a flow rule strip the VLAN tag 3. The packet is sent out the physical interface associated with the bridge.
**************************************
Now check OVS flow at br-int
**************************************
[root@hacontroller1 ~(keystone_admin)]# ovs-ofctl show br-int
OFPT_FEATURES_REPLY (xid=0x2): dpid:0000e6b4e9fe1044
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
1(int-br-eth0): addr:d2:35:eb:fc:ba:27
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
2(patch-tun): addr:1e:95:23:46:9e:a4
config: 0
state: 0
speed: 0 Mbps now, 0 Mbps max
4(tap73cbf393-29): addr:00:00:00:00:00:00
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
5(ha-013404f6-0b): addr:00:00:00:00:00:00
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
6(qr-dd6507fd-73): addr:00:00:00:00:00:00
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
7(qg-a37e106e-70): addr:00:00:00:00:00:00
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
LOCAL(br-int): addr:e6:b4:e9:fe:10:44
config: PORT_DOWN
state: LINK_DOWN
speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0
[root@hacontroller1 ~(keystone_admin)]# ovs-ofctl dump-flows br-int
NXST_FLOW reply (xid=0x4):
cookie=0x87b766cda5a1f568, duration=5899.822s, table=0, n_packets=14899, n_bytes=18740788, idle_age=1334, priority=3,in_port=1,vlan_tci=0x0000 actions=mod_vlan_vid:3,NORMAL
cookie=0x87b766cda5a1f568, duration=6141.616s, table=0, n_packets=0, n_bytes=0, idle_age=6141, priority=2,in_port=1 actions=drop
cookie=0x87b766cda5a1f568, duration=5900.707s, table=0, n_packets=5, n_bytes=390, idle_age=5892, priority=2,in_port=4 actions=drop
cookie=0x87b766cda5a1f568, duration=6141.675s, table=0, n_packets=59875, n_bytes=21916362, idle_age=0, priority=0 actions=NORMAL
cookie=0x87b766cda5a1f568, duration=6141.671s, table=23, n_packets=0, n_bytes=0, idle_age=6141, priority=0 actions=drop
cookie=0x87b766cda5a1f568, duration=6141.667s, table=24, n_packets=0, n_bytes=0, idle_age=6141, priority=0 actions=drop
************************************************************************
Notice that int-br-eth0 and phy-br-eth0 is a veth pair connecting
br-int and br-eth0
************************************************************************
[root@hacontroller1 ~(keystone_admin)]# ip netns
qrouter-afe13460-e106-4a0a-abf5-a618f97de6b9
qdhcp-847e5c9c-ce9f-4b2c-86fb-d7597017e8e3
[root@hacontroller1 ~(keystone_admin)]# ip netns exec qrouter-afe13460-e106-4a0a-abf5-a618f97de6b9 ip route
default via 10.10.10.1 dev qg-a37e106e-70
10.10.10.0/24 qg-a37e106e-70 proto kernel scope link src 10.10.10.100
30.0.0.0/24 qr-dd6507fd-73 proto kernel scope link src 30.0.0.1
169.254.0.0/24 ha-013404f6-0b proto kernel scope link src 169.254.0.1
169.254.192.0/18 dev ha-013404f6-0b proto kernel scope link src 169.254.192.2
Per https://github.com/beekhof/osp-ha-deploy/commit/b2e01e86ca93cfad9ad01d533b386b4c9607c60d#diff-ee239d1187adb09f970dc4ddcf0df1c2
Assuming eth0 is your interface attached to the external network, create two files in /etc/sysconfig/network-scripts/ as follows (change MTU if you need):
cat < /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
DEVICETYPE=ovs
TYPE=OVSPort
OVS_BRIDGE=br-eth0
ONBOOT=yes
BOOTPROTO=none
VLAN=yes
MTU="9000"
NM_CONTROLLED=no
EOF
cat < /etc/sysconfig/network-scripts/ifcfg-br-eth0
DEVICE=br-eth0
DEVICETYPE=ovs
OVSBOOTPROTO=none
TYPE=OVSBridge
ONBOOT=yes
BOOTPROTO=static
MTU="9000"
NM_CONTROLLED=no
EOF
Restart the network for the changes to take effect
[root@hacontroller1 ~(keystone_admin)]# neutron net-list
+--------------------------------------+----------------------------------------------------+-------------------------------------------------------+
| id | name | subnets |
+--------------------------------------+----------------------------------------------------+-------------------------------------------------------+
| b4580386-bc02-4aa7-8792-ea4c40c41573 | public | a2c617b1-17cc-4768-b213-9f0795d07b40 10.10.10.0/24 |
| ab421dc7-27fa-4984-ae21-ba9518887293 | HA network tenant efe017b919c1487bab8c58281fcaceeb | 6886d46c-4947-455d-8656-ff0f2a649632 169.254.192.0/18 |
| 847e5c9c-ce9f-4b2c-86fb-d7597017e8e3 | private | 1c47d964-d7ec-4a72-a5a7-bc390c96359d 30.0.0.0/24 |
+--------------------------------------+----------------------------------------------------+-------------------------------------------------------+
[root@hacontroller1 ~(keystone_admin)]# neutron subnet-list
+--------------------------------------+---------------------------------------------------+------------------+------------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+---------------------------------------------------+------------------+------------------------------------------------------+
| a2c617b1-17cc-4768-b213-9f0795d07b40 | public_subnet | 10.10.10.0/24 | {"start": "10.10.10.100", "end": "10.10.10.150"} |
| 6886d46c-4947-455d-8656-ff0f2a649632 | HA subnet tenant efe017b919c1487bab8c58281fcaceeb | 169.254.192.0/18 | {"start": "169.254.192.1", "end": "169.254.255.254"} |
| 1c47d964-d7ec-4a72-a5a7-bc390c96359d | | 30.0.0.0/24 | {"start": "30.0.0.2", "end": "30.0.0.254"} |
+--------------------------------------+---------------------------------------------------+------------------+------------------------------------------------------+
[root@hacontroller2 ~(keystone_demo)]# neutron router-gateway-set RouterDMS public
[root@hacontroller2 ~(keystone_demo)]# neutron router-interface-add RouterDMS \
1c47d964-d7ec-4a72-a5a7-bc390c96359d
[root@hacontroller2 ~(keystone_demo)]# neutron router-port-list RouterDMS
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
| dd6507fd-73e3-45f6-a935-8bbf29dacbb9 | | fa:16:3e:26:55:06 | {"subnet_id": "1c47d964-d7ec-4a72-a5a7-bc390c96359d", "ip_address": "30.0.0.1"} |
+--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+
[root@hacontroller2 ~(keystone_demo)]# neutron port-show dd6507fd-73e3-45f6-a935-8bbf29dacbb9
+-----------------------+--------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------------------------------------------------------------------+
| admin_state_up | True |
| allowed_address_pairs | |
| binding:vnic_type | normal |
| device_id | afe13460-e106-4a0a-abf5-a618f97de6b9 |
| device_owner | network:router_interface |
| dns_assignment | {"hostname": "host-30-0-0-1", "ip_address": "30.0.0.1", "fqdn": "host-30-0-0-1.openstacklocal."} |
| dns_name | |
| extra_dhcp_opts | |
| fixed_ips | {"subnet_id": "1c47d964-d7ec-4a72-a5a7-bc390c96359d", "ip_address": "30.0.0.1"} |
| id | dd6507fd-73e3-45f6-a935-8bbf29dacbb9 |
| mac_address | fa:16:3e:26:55:06 |
| name | |
| network_id | 847e5c9c-ce9f-4b2c-86fb-d7597017e8e3 |
| security_groups | |
| status | ACTIVE |
| tenant_id | efe017b919c1487bab8c58281fcaceeb |
+-----------------------+--------------------------------------------------------------------------------------------------+
********************************************
Creating security rules for tenant demo
********************************************
[root@hacontroller2 ~(keystone_demo)]# neutron security-group-rule-create --protocol icmp \
--direction ingress --remote-ip-prefix 0.0.0.0/0 default
[root@hacontroller2 ~(keystone_demo)]# neutron security-group-rule-create --protocol tcp \
--port-range-min 22 --port-range-max 22 --direction ingress --remote-ip-prefix 0.0.0.0/0 default
******************************************** Creating ssh keypair for tenant demo ********************************************
[root@hacontroller2 ~(keystone_demo)]# nova keypair-add oskey1 > oskey1.priv [root@hacontroller2 ~(keystone_demo)]# chmod 600 oskey1.priv [root@hacontroller2 ~(keystone_demo)]# neutron net-list +--------------------------------------+---------+----------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------+----------------------------------------------------+ | b4580386-bc02-4aa7-8792-ea4c40c41573 | public | a2c617b1-17cc-4768-b213-9f0795d07b40 10.10.10.0/24 | | 847e5c9c-ce9f-4b2c-86fb-d7597017e8e3 | private | 1c47d964-d7ec-4a72-a5a7-bc390c96359d 30.0.0.0/24 | +--------------------------------------+---------+-------------------------------------------------- [root@hacontroller2 ~(keystone_demo)]# glance image-list +--------------------------------------+-----------+ | ID | Name | +--------------------------------------+-----------+ | 6b4ee270-41ca-4a14-b584-d21f6ff5d6be | cirros | | e6945bf1-0a0d-4e99-a1fc-64ca45479095 | VF23Cloud | +--------------------------------------+-----------+ [root@hacontroller2 ~(keystone_demo)]# nova boot --flavor 2 --key_name oskey1 --image \ e6945bf1-0a0d-4e99-a1fc-64ca45479095 --nic net-id=847e5c9c-ce9f-4b2c-86fb-d7597017e8e3 VF23Devs05
+--------------------------------------+--------------------------------------------------+ | Property | Value | +--------------------------------------+--------------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | - | | OS-SRV-USG:terminated_at | - | | accessIPv4 | | | accessIPv6 | | | adminPass | 8c3HZUTS3jZ3 | | config_drive | | | created | 2015-11-28T17:44:02Z | | flavor | m1.small (2) | | hostId | | | id | 68db2410-5d7d-42ca-82ab-6000123ab8d2 | | image | VF23Cloud (e6945bf1-0a0d-4e99-a1fc-64ca45479095) | | key_name | oskey1 | | metadata | {} | | name | VF23Devs05 | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | security_groups | default | | status | BUILD | | tenant_id | efe017b919c1487bab8c58281fcaceeb | | updated | 2015-11-28T17:44:03Z | | user_id | 426a9a98019f4055a2edb3d145355646 | +--------------------------------------+--------------------------------------------------+ [root@hacontroller2 ~(keystone_demo)]# nova list +--------------------------------------+------------+---------+------------+-------------+--------------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------------+---------+------------+-------------+--------------------------------+ | 2b0f822f-be17-43c1-b127-f626d5a62823 | CirrOSDevs | SHUTOFF | - | Shutdown | private=30.0.0.4, 10.10.10.101 | | 68db2410-5d7d-42ca-82ab-6000123ab8d2 | VF23Devs05 | BUILD | spawning | NOSTATE | | +--------------------------------------+------------+---------+------------+-------------+--------------------------------+ [root@hacontroller2 ~(keystone_demo)]# nova list +--------------------------------------+------------+---------+------------+-------------+--------------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------------+---------+------------+-------------+--------------------------------+ | 2b0f822f-be17-43c1-b127-f626d5a62823 | CirrOSDevs | SHUTOFF | - | Shutdown | private=30.0.0.4, 10.10.10.101 | | 68db2410-5d7d-42ca-82ab-6000123ab8d2 | VF23Devs05 | ACTIVE | - | Running | private=30.0.0.10 | +--------------------------------------+------------+---------+------------+-------------+--------------------------------+ [root@hacontroller2 ~(keystone_demo)]# neutron port-list --device-id \ 68db2410-5d7d-42ca-82ab-6000123ab8d2 +--------------------------------------+------+-------------------+----------------------------------------------------------------------------------+ | id | name | mac_address | fixed_ips | +--------------------------------------+------+-------------------+----------------------------------------------------------------------------------+ | 879c8ca8-fe8e-42d7-8b6b-34be981d03d0 | | fa:16:3e:32:47:49 | {"subnet_id": "1c47d964-d7ec-4a72-a5a7-bc390c96359d", "ip_address": "30.0.0.10"} | +--------------------------------------+------+-------------------+----------------------------------------------------------------------------------+ [root@hacontroller2 ~(keystone_demo)]# neutron floatingip-create public Created a new floatingip: +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | fixed_ip_address | | | floating_ip_address | 10.10.10.102 | | floating_network_id | b4580386-bc02-4aa7-8792-ea4c40c41573 | | id | aa48fd10-bb25-46ae-8f76-eb90e343b3f1 | | port_id | | | router_id | | | status | DOWN | | tenant_id | efe017b919c1487bab8c58281fcaceeb | +---------------------+--------------------------------------+ [root@hacontroller2 ~(keystone_demo)]# neutron floatingip-associate \ aa48fd10-bb25-46ae-8f76-eb90e343b3f1 879c8ca8-fe8e-42d7-8b6b-34be981d03d0 Associated floating IP aa48fd10-bb25-46ae-8f76-eb90e343b3f1 [root@hacontroller2 ~(keystone_demo)]# nova list +--------------------------------------+------------+---------+------------+-------------+---------------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------------+---------+------------+-------------+---------------------------------+ | 2b0f822f-be17-43c1-b127-f626d5a62823 | CirrOSDevs | SHUTOFF | - | Shutdown | private=30.0.0.4, 10.10.10.101 | | 68db2410-5d7d-42ca-82ab-6000123ab8d2 | VF23Devs05 | ACTIVE | - | Running | private=30.0.0.10, 10.10.10.102 | +--------------------------------------+------------+---------+------------+-------------+---------------------------------+
[root@hacontroller1 ~(keystone_admin)]# ip netns exec qrouter-afe13460-e106-4a0a-abf5-a618f97de6b9 ip a 1: lo:mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 8: ha-013404f6-0b: mtu 1500 qdisc noqueue state UNKNOWN link/ether fa:16:3e:d5:7e:6f brd ff:ff:ff:ff:ff:ff inet 169.254.192.2/18 brd 169.254.255.255 scope global ha-013404f6-0b valid_lft forever preferred_lft forever inet 169.254.0.1/24 scope global ha-013404f6-0b valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fed5:7e6f/64 scope link valid_lft forever preferred_lft forever 9: qr-dd6507fd-73: mtu 1500 qdisc noqueue state UNKNOWN link/ether fa:16:3e:26:55:06 brd ff:ff:ff:ff:ff:ff inet 30.0.0.1/24 scope global qr-dd6507fd-73 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe26:5506/64 scope link nodad valid_lft forever preferred_lft forever 10: qg-a37e106e-70: mtu 1500 qdisc noqueue state UNKNOWN link/ether fa:16:3e:0e:4b:eb brd ff:ff:ff:ff:ff:ff inet 10.10.10.100/24 scope global qg-a37e106e-70 valid_lft forever preferred_lft forever inet 10.10.10.101/32 scope global qg-a37e106e-70 valid_lft forever preferred_lft forever inet 10.10.10.102/32 scope global qg-a37e106e-70 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe0e:4beb/64 scope link nodad valid_lft forever preferred_lft forever
References1.http://blog.oddbit.com/2015/08/13/provider-external-networks-details/
2.https://github.com/beekhof/osp-ha-deploy/blob/master/keepalived/neutron-config.md