My Neutron notes

[root@allinone-7 ~(keystone_admin)]# ip netns exec qdhcp-049b58b3-716f-4445-ae24-32a23f8523dd iptables -t nat -L > /tmp/qdhcp.before.txt
[root@allinone-7 ~(keystone_admin)]# ip netns exec qrouter-65ba96d9-decb-4494-badb-68e300074d73 iptables -t nat -L > /tmp/qrouter.before.txt

diff /tmp/qrouter.before.txt /tmp/qrouter.after.txt
19a20
> DNAT       all  —  anywhere             192.168.122.4        to:10.10.1.15
28a30
> DNAT       all  —  anywhere             192.168.122.4        to:10.10.1.15
32a35
> SNAT       all  —  unused               anywhere             to:192.168.122.4

Physical machine : 192.168.122.124    52:5f:04:f2:18:41
tap interface      : 10.10.1.2          fa:16:3e:0f:d8:af
qg interface       : 192.168.122.4     fa:16:3e:96:f6:13
qr interface       : 10.10.1.1        fa:16:3e:62:46:55
Instance MAC       : 10.10.1.15        fa:16:3e:df:0f:b9

Scenario 1 : Assigning floating ip to instance and pinging the instance floating ip from base machine.

Created br-int mirror traffic referring Red Hat KCS [1]

# tcpdump -s0 -i br-int-snooper0 -w /tmp/br-int.pcap  &
# ip netns exec qdhcp-049b58b3-716f-4445-ae24-32a23f8523dd tcpdump -s0 -i tap9d746101-ac -w /tmp/tap-interface.pcap &
# ip netns exec qrouter-65ba96d9-decb-4494-badb-68e300074d73 tcpdump -s0 -i qr-b2f794eb-7c -w /tmp/qr-interface.pcap &
# ip netns exec qrouter-65ba96d9-decb-4494-badb-68e300074d73 tcpdump -s0 -i qg-03f40a0b-5f -w /tmp/qg-interface.pcap &

[root@allinone-7 ~(keystone_admin)]# tshark -tad -n -r /tmp/tap-interface.pcap -Y ‘icmp’
Running as user “root” and group “root”. This could be dangerous.
41 2016-05-03 12:27:09 192.168.122.124 -> 10.10.1.15   ICMP 98 Echo (ping) request  id=0x720a, seq=1/256, ttl=63

[root@allinone-7 ~(keystone_admin)]# tshark -tad -n -r /tmp/qg-interface.pcap -Y ‘icmp’
Running as user “root” and group “root”. This could be dangerous.
2 2016-05-03 12:27:09 192.168.122.124 -> 192.168.122.4 ICMP 98 Echo (ping) request  id=0x720a, seq=1/256, ttl=64
3 2016-05-03 12:27:09 192.168.122.4 -> 192.168.122.124 ICMP 98 Echo (ping) reply    id=0x720a, seq=1/256, ttl=63 (request in 2)
4 2016-05-03 12:27:10 192.168.122.124 -> 192.168.122.4 ICMP 98 Echo (ping) request  id=0x720a, seq=2/512, ttl=64
5 2016-05-03 12:27:10 192.168.122.4 -> 192.168.122.124 ICMP 98 Echo (ping) reply    id=0x720a, seq=2/512, ttl=63 (request in 4)
6 2016-05-03 12:27:11 192.168.122.124 -> 192.168.122.4 ICMP 98 Echo (ping) request  id=0x720a, seq=3/768, ttl=64
7 2016-05-03 12:27:11 192.168.122.4 -> 192.168.122.124 ICMP 98 Echo (ping) reply    id=0x720a, seq=3/768, ttl=63 (request in 6)

[root@allinone-7 ~(keystone_admin)]# tshark -tad -n -r /tmp/qg-interface.pcap -Y ‘icmp’ -T fields -e ip.src -e ip.dst -e eth.src -e eth.dst
Running as user “root” and group “root”. This could be dangerous.
192.168.122.124    192.168.122.4    52:5f:04:f2:18:41    fa:16:3e:96:f6:13
192.168.122.4    192.168.122.124    fa:16:3e:96:f6:13    52:5f:04:f2:18:41
192.168.122.124    192.168.122.4    52:5f:04:f2:18:41    fa:16:3e:96:f6:13
192.168.122.4    192.168.122.124    fa:16:3e:96:f6:13    52:5f:04:f2:18:41
192.168.122.124    192.168.122.4    52:5f:04:f2:18:41    fa:16:3e:96:f6:13
192.168.122.4    192.168.122.124    fa:16:3e:96:f6:13    52:5f:04:f2:18:41

[root@allinone-7 ~(keystone_admin)]# tshark -tad -n -r /tmp/qr-interface.pcap -Y ‘icmp’
Running as user “root” and group “root”. This could be dangerous.
103 2016-05-03 12:27:09 192.168.122.124 -> 10.10.1.15   ICMP 98 Echo (ping) request  id=0x720a, seq=1/256, ttl=63
106 2016-05-03 12:27:09   10.10.1.15 -> 192.168.122.124 ICMP 98 Echo (ping) reply    id=0x720a, seq=1/256, ttl=64 (request in 103)
109 2016-05-03 12:27:10 192.168.122.124 -> 10.10.1.15   ICMP 98 Echo (ping) request  id=0x720a, seq=2/512, ttl=63
110 2016-05-03 12:27:10   10.10.1.15 -> 192.168.122.124 ICMP 98 Echo (ping) reply    id=0x720a, seq=2/512, ttl=64 (request in 109)
113 2016-05-03 12:27:11 192.168.122.124 -> 10.10.1.15   ICMP 98 Echo (ping) request  id=0x720a, seq=3/768, ttl=63
114 2016-05-03 12:27:11   10.10.1.15 -> 192.168.122.124 ICMP 98 Echo (ping) reply    id=0x720a, seq=3/768, ttl=64 (request in 113)

[root@allinone-7 ~(keystone_admin)]# tshark -tad -n -r /tmp/qr-interface.pcap -Y ‘icmp’ -T fields -e ip.src -e ip.dst -e eth.src -e eth.dst
Running as user “root” and group “root”. This could be dangerous.
192.168.122.124    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9
10.10.1.15    192.168.122.124    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55
192.168.122.124    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9
10.10.1.15    192.168.122.124    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55
192.168.122.124    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9
10.10.1.15    192.168.122.124    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55

[root@allinone-7 ~(keystone_admin)]# tshark -tad -n -r /tmp/br-int.pcap -Y ‘icmp’
Running as user “root” and group “root”. This could be dangerous.
181 2016-05-03 12:27:09 192.168.122.124 -> 10.10.1.15   ICMP 102 Echo (ping) request  id=0x720a, seq=1/256, ttl=63
184 2016-05-03 12:27:09   10.10.1.15 -> 192.168.122.124 ICMP 102 Echo (ping) reply    id=0x720a, seq=1/256, ttl=64 (request in 181)
187 2016-05-03 12:27:10 192.168.122.124 -> 10.10.1.15   ICMP 102 Echo (ping) request  id=0x720a, seq=2/512, ttl=63
188 2016-05-03 12:27:10   10.10.1.15 -> 192.168.122.124 ICMP 102 Echo (ping) reply    id=0x720a, seq=2/512, ttl=64 (request in 187)
191 2016-05-03 12:27:11 192.168.122.124 -> 10.10.1.15   ICMP 102 Echo (ping) request  id=0x720a, seq=3/768, ttl=63
192 2016-05-03 12:27:11   10.10.1.15 -> 192.168.122.124 ICMP 102 Echo (ping) reply    id=0x720a, seq=3/768, ttl=64 (request in 191)

[root@allinone-7 ~(keystone_admin)]#  tshark -tad -n -r /tmp/br-int.pcap -Y ‘icmp’ -T fields -e ip.src -e ip.dst -e eth.src -e eth.dst
Running as user “root” and group “root”. This could be dangerous.
192.168.122.124    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9
10.10.1.15    192.168.122.124    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55
192.168.122.124    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9
10.10.1.15    192.168.122.124    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55
192.168.122.124    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9
10.10.1.15    192.168.122.124    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55

Scenario 2 : Pinging the external world from instance when it’s having floating ip assigned.

[root@allinone-7 neutron(keystone_admin)]# tshark -tad -n -r /tmp/br-int_rev.pcap -Y ‘icmp’
Running as user “root” and group “root”. This could be dangerous.
29 2016-05-03 12:57:36   10.10.1.15 -> 8.8.8.8      ICMP 102 Echo (ping) request  id=0x6c01, seq=0/0, ttl=64
30 2016-05-03 12:57:36      8.8.8.8 -> 10.10.1.15   ICMP 102 Echo (ping) reply    id=0x6c01, seq=0/0, ttl=51 (request in 29)
33 2016-05-03 12:57:37   10.10.1.15 -> 8.8.8.8      ICMP 102 Echo (ping) request  id=0x6c01, seq=1/256, ttl=64
34 2016-05-03 12:57:37      8.8.8.8 -> 10.10.1.15   ICMP 102 Echo (ping) reply    id=0x6c01, seq=1/256, ttl=51 (request in 33)
37 2016-05-03 12:57:38   10.10.1.15 -> 8.8.8.8      ICMP 102 Echo (ping) request  id=0x6c01, seq=2/512, ttl=64
38 2016-05-03 12:57:38      8.8.8.8 -> 10.10.1.15   ICMP 102 Echo (ping) reply    id=0x6c01, seq=2/512, ttl=51 (request in 37)

[root@allinone-7 neutron(keystone_admin)]# tshark -tad -n -r /tmp/br-int_rev.pcap -Y ‘icmp’ -T fields -e ip.src -e ip.dst -e eth.src -e eth.dst
Running as user “root” and group “root”. This could be dangerous.
10.10.1.15    8.8.8.8    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55
8.8.8.8    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9
10.10.1.15    8.8.8.8    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55
8.8.8.8    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9
10.10.1.15    8.8.8.8    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55
8.8.8.8    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9

[root@allinone-7 neutron(keystone_admin)]# tshark -tad -n -r /tmp/qr-interface_rev.pcap -Y ‘icmp’
Running as user “root” and group “root”. This could be dangerous.
7 2016-05-03 12:57:36   10.10.1.15 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x6c01, seq=0/0, ttl=64
8 2016-05-03 12:57:36      8.8.8.8 -> 10.10.1.15   ICMP 98 Echo (ping) reply    id=0x6c01, seq=0/0, ttl=51 (request in 7)
9 2016-05-03 12:57:37   10.10.1.15 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x6c01, seq=1/256, ttl=64
10 2016-05-03 12:57:37      8.8.8.8 -> 10.10.1.15   ICMP 98 Echo (ping) reply    id=0x6c01, seq=1/256, ttl=51 (request in 9)
11 2016-05-03 12:57:38   10.10.1.15 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x6c01, seq=2/512, ttl=64
12 2016-05-03 12:57:38      8.8.8.8 -> 10.10.1.15   ICMP 98 Echo (ping) reply    id=0x6c01, seq=2/512, ttl=51 (request in 11)

[root@allinone-7 neutron(keystone_admin)]# tshark -tad -n -r /tmp/qr-interface_rev.pcap -Y ‘icmp’ -T fields -e ip.src -e ip.dst -e eth.src -e eth.dst
Running as user “root” and group “root”. This could be dangerous.
10.10.1.15    8.8.8.8    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55
8.8.8.8    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9
10.10.1.15    8.8.8.8    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55
8.8.8.8    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9
10.10.1.15    8.8.8.8    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55
8.8.8.8    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9

[root@allinone-7 neutron(keystone_admin)]# tshark -tad -n -r /tmp/qg-interface_rev.pcap -Y ‘icmp’
Running as user “root” and group “root”. This could be dangerous.
1 2016-05-03 12:57:36 192.168.122.4 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x6c01, seq=0/0, ttl=63
2 2016-05-03 12:57:36      8.8.8.8 -> 192.168.122.4 ICMP 98 Echo (ping) reply    id=0x6c01, seq=0/0, ttl=52 (request in 1)
3 2016-05-03 12:57:37 192.168.122.4 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x6c01, seq=1/256, ttl=63
4 2016-05-03 12:57:37      8.8.8.8 -> 192.168.122.4 ICMP 98 Echo (ping) reply    id=0x6c01, seq=1/256, ttl=52 (request in 3)
5 2016-05-03 12:57:38 192.168.122.4 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x6c01, seq=2/512, ttl=63
6 2016-05-03 12:57:38      8.8.8.8 -> 192.168.122.4 ICMP 98 Echo (ping) reply    id=0x6c01, seq=2/512, ttl=52 (request in 5)

[root@allinone-7 neutron(keystone_admin)]# tshark -tad -n -r /tmp/qg-interface_rev.pcap -Y ‘icmp’ -T fields -e ip.src -e ip.dst -e eth.src -e eth.dst
Running as user “root” and group “root”. This could be dangerous.
192.168.122.4    8.8.8.8    fa:16:3e:96:f6:13    52:54:00:68:9d:b5
8.8.8.8    192.168.122.4    52:54:00:68:9d:b5    fa:16:3e:96:f6:13
192.168.122.4    8.8.8.8    fa:16:3e:96:f6:13    52:54:00:68:9d:b5
8.8.8.8    192.168.122.4    52:54:00:68:9d:b5    fa:16:3e:96:f6:13
192.168.122.4    8.8.8.8    fa:16:3e:96:f6:13    52:54:00:68:9d:b5
8.8.8.8    192.168.122.4    52:54:00:68:9d:b5    fa:16:3e:96:f6:13

Scenario 3 : Pinging the external world from instance when it’s not having floating ip assigned.

IP assigned to gateway interface :

[root@allinone-7 neutron(keystone_admin)]# tshark -tad -n -r /tmp/qr-interface_rev_wflp.pcap -Y ‘icmp’
Running as user “root” and group “root”. This could be dangerous.
9 2016-05-03 13:05:33   10.10.1.15 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x6d01, seq=0/0, ttl=64
10 2016-05-03 13:05:33      8.8.8.8 -> 10.10.1.15   ICMP 98 Echo (ping) reply    id=0x6d01, seq=0/0, ttl=51 (request in 9)
13 2016-05-03 13:05:34   10.10.1.15 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x6d01, seq=1/256, ttl=64
14 2016-05-03 13:05:34      8.8.8.8 -> 10.10.1.15   ICMP 98 Echo (ping) reply    id=0x6d01, seq=1/256, ttl=51 (request in 13)
17 2016-05-03 13:05:35   10.10.1.15 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x6d01, seq=2/512, ttl=64
18 2016-05-03 13:05:35      8.8.8.8 -> 10.10.1.15   ICMP 98 Echo (ping) reply    id=0x6d01, seq=2/512, ttl=51 (request in 17)

[root@allinone-7 neutron(keystone_admin)]# tshark -tad -n -r /tmp/qr-interface_rev_wflp.pcap -Y ‘icmp’ -T fields -e ip.src -e ip.dst -e eth.src -e eth.dst
Running as user “root” and group “root”. This could be dangerous.
10.10.1.15    8.8.8.8    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55
8.8.8.8    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9
10.10.1.15    8.8.8.8    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55
8.8.8.8    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9
10.10.1.15    8.8.8.8    fa:16:3e:df:0f:b9    fa:16:3e:62:46:55
8.8.8.8    10.10.1.15    fa:16:3e:62:46:55    fa:16:3e:df:0f:b9

27: qg-03f40a0b-5f: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether fa:16:3e:96:f6:13 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.3/24 brd 192.168.122.255 scope global qg-03f40a0b-5f

[root@allinone-7 neutron(keystone_admin)]# tshark -tad -n -r /tmp/qg-interface_rev_wflp.pcap -Y ‘icmp’
Running as user “root” and group “root”. This could be dangerous.
1 2016-05-03 13:05:33 192.168.122.3 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x6d01, seq=0/0, ttl=63
2 2016-05-03 13:05:33      8.8.8.8 -> 192.168.122.3 ICMP 98 Echo (ping) reply    id=0x6d01, seq=0/0, ttl=52 (request in 1)
3 2016-05-03 13:05:34 192.168.122.3 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x6d01, seq=1/256, ttl=63
4 2016-05-03 13:05:34      8.8.8.8 -> 192.168.122.3 ICMP 98 Echo (ping) reply    id=0x6d01, seq=1/256, ttl=52 (request in 3)
5 2016-05-03 13:05:35 192.168.122.3 -> 8.8.8.8      ICMP 98 Echo (ping) request  id=0x6d01, seq=2/512, ttl=63
6 2016-05-03 13:05:35      8.8.8.8 -> 192.168.122.3 ICMP 98 Echo (ping) reply    id=0x6d01, seq=2/512, ttl=52 (request in 5)

[root@allinone-7 neutron(keystone_admin)]# tshark -tad -n -r /tmp/qg-interface_rev_wflp.pcap -Y ‘icmp’ -T fields -e ip.src -e ip.dst -e eth.src -e eth.dst
Running as user “root” and group “root”. This could be dangerous.
192.168.122.3    8.8.8.8    fa:16:3e:96:f6:13    52:54:00:68:9d:b5
8.8.8.8    192.168.122.3    52:54:00:68:9d:b5    fa:16:3e:96:f6:13
192.168.122.3    8.8.8.8    fa:16:3e:96:f6:13    52:54:00:68:9d:b5
8.8.8.8    192.168.122.3    52:54:00:68:9d:b5    fa:16:3e:96:f6:13
192.168.122.3    8.8.8.8    fa:16:3e:96:f6:13    52:54:00:68:9d:b5
8.8.8.8    192.168.122.3    52:54:00:68:9d:b5    fa:16:3e:96:f6:13

 

[1] https://access.redhat.com/solutions/2060413

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s