如何设置 VLAN 转发？

Question

Riccardo Magrini

Asked: 2019-04-06 02:04:39 +0800 CST2019-04-06 02:04:39 +0800 CST 2019-04-06 02:04:39 +0800 CST

openstack：从实例和 neutron-gateway/0 无法 ping 到 Internet - 错误“目标主机无法访问”

772

知识产权计划：

Maas: 10.20.81.1
Juju: 10.20.81.2
Openstack: 10.20.81.21-24
External Gateway: 10.20.81.254
Private Network: 10.1.0.0/24
Instance: 10.1.0.9 - 10.20.81.220 (floating IP)
Private Gateway: 10.1.0.1
Private DHCP service: 10.1.0.10

网络拓扑结构

10.20.81.0/24     
                          +-------------+
                              Firewall
                            10.20.81.254
                          +-------------+
                                 | 
+-------------------------------------------------------------+
                              Switch 
      vlan81              vlan81                  vlan81
+-------------------------------------------------------------+
        |                   |                   || | | |
+--------------+     +------------+        +------------------+
|Maas+Juju           |Juju Gui|            |Openstack
|10.20.81.1          |10.20.81.2           |10.20.81.21-24
+--------------+     +-------------+       +------------------+
                                                     |
                                +--------------------------------------------+
                                Private Subnet-1           Public Subnet-2
                                 10.1.0.0/24                10.20.81.0/24
                                 +---+----+--+              +----+------+
                                 |    |        +----+            |
                                 |    |     .1 |    |.221         |
                                 |    +--------+ VR +-------------+
                                 |             |    |
                                 +--+-+        +----+
                                 |    |
                                 |VM  |
                                 |.9  |
                                 |    |
                                 +----+

这次的问题是对 Internet 的 ping。Openstack 实例和 netron-gateway/0 无法访问外部世界。

来自中子网关/0

ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ping 10.20.81.254
PING 10.20.81.254 (10.20.81.254) 56(84) bytes of data.
From 10.20.81.221 icmp_seq=1 Destination Host Unreachable
From 10.20.81.221 icmp_seq=2 Destination Host Unreachable

ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 10.20.81.221 icmp_seq=1 Destination Host Unreachable
From 10.20.81.221 icmp_seq=2 Destination Host Unreachable

ubuntu@os-compute02:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=120 time=16.7 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=120 time=17.9 ms

ubuntu@os-compute02:~$ ping 10.20.81.254
PING 10.20.81.254 (10.20.81.254) 56(84) bytes of data.
64 bytes from 10.20.81.254: icmp_seq=1 ttl=64 time=0.637 ms
64 bytes from 10.20.81.254: icmp_seq=2 ttl=64 time=0.435 ms

ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.1.0.0        0.0.0.0         255.255.255.0   U     0      0        0 qr-44aa8011-cf
10.20.81.0      0.0.0.0         255.255.255.0   U     0      0        0 qg-f33e7db4-43

ubuntu@os-compute02:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.20.81.254    0.0.0.0         UG    0      0        0 br-eno2
10.4.251.0      0.0.0.0         255.255.255.0   U     0      0        0 lxdbr0
10.20.81.0      0.0.0.0         255.255.255.0   U     0      0        0 br-eno2

从实例

ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ssh -p 22 -i ~/.ssh/u1804Key.pem [email protected] -v
O
Welcome to Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-33-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Fri Apr  5 09:50:37 UTC 2019

  System load:  0.0               Processes:           90
  Usage of /:   1.2% of 77.36GB   Users logged in:     0
  Memory usage: 12%               IP address for ens2: 10.1.0.9
  Swap usage:   0%


  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

 * Canonical Livepatch is available for installation.
   - Reduce system reboots and improve kernel security. Activate at:
     https://ubuntu.com/livepatch

0 packages can be updated.
0 updates are security updates.

Failed to connect to https://changelogs.ubuntu.com/meta-release-lts. Check your Internet connection or proxy settings


Last login: Fri Apr  5 09:32:40 2019 from 10.20.81.221
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

ubuntu@u1804ins:~$ ping 10.1.0.1
PING 10.1.0.1 (10.1.0.1) 56(84) bytes of data.
64 bytes from 10.1.0.1: icmp_seq=1 ttl=64 time=0.333 ms
64 bytes from 10.1.0.1: icmp_seq=2 ttl=64 time=0.471 ms

ubuntu@u1804ins:~$ ping 10.1.0.10
PING 10.1.0.10 (10.1.0.10) 56(84) bytes of data.
64 bytes from 10.1.0.10: icmp_seq=1 ttl=64 time=1.46 ms
64 bytes from 10.1.0.10: icmp_seq=2 ttl=64 time=0.416 ms

ubuntu@u1804ins:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 10.20.81.220 icmp_seq=1 Destination Host Unreachable
From 10.20.81.220 icmp_seq=2 Destination Host Unreachable

ubuntu@u1804ins:~$ ping 10.20.81.220
PING 10.20.81.220 (10.20.81.220) 56(84) bytes of data.
64 bytes from 10.20.81.220: icmp_seq=1 ttl=63 time=0.871 ms
64 bytes from 10.20.81.220: icmp_seq=2 ttl=63 time=0.859 ms

它从实例的路线

ubuntu@u1804ins:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.1.0.1        0.0.0.0         UG    100    0        0 ens2
10.1.0.0        0.0.0.0         255.255.255.0   U     0      0        0 ens2
169.254.169.254 10.1.0.1        255.255.255.255 UGH   100    0        0 ens2

安全组是

任何人都可以帮我解决这个问题吗？

2019 年 8 月 4 日更新

正如 waltinator 建议我的那样，我添加了一条路线，如下所示：

ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ifconfig
 lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 6191392  bytes 645353092 (645.3 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6191392  bytes 645353092 (645.3 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qg-f33e7db4-43: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.20.81.221  netmask 255.255.255.0  broadcast 10.20.81.255
        inet6 fe80::f816:3eff:fe66:29fc  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:66:29:fc  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 653117  bytes 27431366 (27.4 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qr-44aa8011-cf: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1458
        inet 10.1.0.1  netmask 255.255.255.0  broadcast 10.1.0.255
        inet6 fe80::f816:3eff:feb3:ccab  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:b3:cc:ab  txqueuelen 1000  (Ethernet)
        RX packets 1439607  bytes 124114833 (124.1 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2439777  bytes 168001647 (168.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 route add default gw 10.1.0.1 qr-44aa8011-cf

然后

ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         10.1.0.1        0.0.0.0         UG        0 0          0 qr-44aa8011-cf
10.1.0.0        0.0.0.0         255.255.255.0   U         0 0          0 qr-44aa8011-cf
10.20.81.0      0.0.0.0         255.255.255.0   U         0 0          0 qg-f33e7db4-43

但没有

ubuntu@os-compute02:~$ sudo ip netns exec qrouter-e933429f-6816-47b3-9e50-581d78243935 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 10.1.0.1 icmp_seq=1 Destination Host Unreachable
From 10.1.0.1 icmp_seq=2 Destination Host Unreachable

1 个回答

Voted

Riccardo Magrini · Answer 1 · 2019-04-13T01:23:43+08:00

Best Answer

Riccardo Magrini

2019-04-13T01:23:43+08:002019-04-13T01:23:43+08:00

我已经解决了在通过 juju 运行 OPS 部署之前更改了数据端口的值

从：

neutron-gateway:
    bridge-mappings:         physnet1:br-ex
    data-port:               br-ex:eno2

至：

neutron-gateway:
    bridge-mappings:         physnet1:br-ex
    data-port:               br-ex:eno3

现在实例可以上网了

ubuntu@u1804svr:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=17.7 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=17.3 ms

ubuntu@u1804svr:~$ ping google.it
PING google.it (216.58.205.35) 56(84) bytes of data.
64 bytes from mil04s24-in-f35.1e100.net (216.58.205.35): icmp_seq=1 ttl=53 time=13.7 ms
64 bytes from mil04s24-in-f35.1e100.net (216.58.205.35): icmp_seq=2 ttl=53 time=13.7 ms

0

openstack：从实例和 neutron-gateway/0 无法 ping 到 Internet - 错误“目标主机无法访问”

如何运行 .sh 脚本？

如何安装 .tar.gz（或 .tar.bz2）文件？

如何列出所有已安装的软件包

无法锁定管理目录 (/var/lib/dpkg/) 是另一个进程在使用它吗？

openstack：从实例和 neutron-gateway/0 无法 ping 到 Internet - 错误“目标主机无法访问”

1 个回答

相关问题