Understanding OpenStack networking with Neutron and Open vSwitch

Jonathon Anderson

2014-11-05 12:40

I couldn’t figure out OpenStack’s networking system enough to get my instances’ floating IPs to work, even from the packstack --allinone host itself. I read the RDO document Networking in too much detail, but even that seemed to assume more knowledge about how things fit together than I had.

I eventually got some help from the #rdo irc channel; but I think the best documentation ended up being Visualizing OpenStack Networking Service Traffic in the Cloud from the OpenStack Operations Guide.

In the end, most of my problem was that I was trying to assign an IP address to my br-ex interface that conflicted with the the l3-agent that was already connected to the br-ex bridge. Literally any other address in the subnet that wasn’t also used by an instance gave me the behavior I was looking for: being able to ping the floating addresses from the host.

ip addr add 172.24.4.225/28 dev br-ex

Once that was done, I was able to configure NAT on the same host. This is described at the end of the “Networking in too much detail” document, and was echoed by the individual who helped me in #rdo; but I modified the POSTROUTING rule to identify the external network interface, p4p1. If the external interface is left unspecified, then even internal traffic from the host to the guests will be rewritten to the external address, which isn’t valid on the floating-IP subnet.

iptables -A FORWARD -d 172.24.4.224/28 -j ACCEPT
iptables -A FORWARD -s 172.24.4.224/28 -j ACCEPT
iptables -t nat -I POSTROUTING 1 -s 172.24.4.224/28 -o p4p1 -j MASQUERADE