Identifying the L3 agent and namespace

Once the gateway interface has been added, the router will be scheduled to an eligible L3 agent. Using the openstack network agent list command, you can determine which L3 agent the router was scheduled to:

In this example, the router was scheduled to the controller01 node. In an environment running multiple L3 agents, a standalone router can be scheduled to any one of the agents, but will not be scheduled to more than one at any given time.

The L3 agent is responsible for creating a network namespace that acts as the virtual router. For easy identification, the name of the namespace incorporates the router's ID. The ip netns list command can be used to list all network namespaces on a node:

Inside the respective qrouter namespace, you will find an interface with a prefix of qg. The qg interface is the gateway, or external, interface of the router. Neutron automatically provisions an IP address to the qg interface from the allocation pool of the external network's subnet:

In the preceding screenshot, the IP address 10.30.0.106 was automatically configured on the external interface inside the namespace.

When using the Open vSwitch interface driver, the qg interface is connected directly to the integration bridge. When using the Linux bridge interface driver, as in this example, the qg interface is one end of a veth pair whose other end is connected to a Linux bridge on the host.

Using ethtool, we can determine the peer index of the corresponding interface on the host. This can be useful in troubleshooting connectivity issues in and out of network namespaces:

Using ip link show on the host, the corresponding interface (peer index 16) can be found by searching for the index on the controller:

The output conveniently reveals the corresponding network namespace using the link-netnsid identifier. In this example, the peer interface resides in the network namespace with an ID of 3, otherwise known as qrouter-9ef2eeed-4a55-4f64-b8be-4b07a43ec373.

The link-netnsid ID from ip link show should correspond to a namespace provided in the output of the ip netns list command.

When using the Linux bridge interface driver, the veth interface is connected to a bridge that corresponds to the external network shown here:

For easy identification, the bridge name includes the first ten characters of the Neutron network ID. In addition, each end of the veth pair includes the first ten characters of the port ID associated with the interface.

The namespace is able to communicate with other devices in the same subnet through the bridge. The other interface in the bridge, eth2.30, tags traffic as VLAN 30 as it exits the bridge and out physical interface eth2.

Observe the route table within the namespace. The default gateway address corresponds to the address defined in the external provider subnet's gateway_ip attribute. In this case, it's 10.30.0.1:

In this example environment, 10.30.0.1 is configured on the Cisco ASA and will serve as the next hop gateway for outbound traffic from the Neutron router.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset