OpenStack各个组件中网络这块比较困难,以下是网络错误常用排除方法,供大家参考,后续我会发布一个完整的网络配置文档(安装见上一篇文章havana)

Debugging network issues: Devices

ip a #shows status of all physical and virtual devices
ovs-vsctl show #shows interfaces and bridges in the virtual switch
ovs-dpctl show #shows datapaths on the switch
Debuggin network issues: Tracking packets
tcpdump is you friend
tcpdump -n -i <interface> -w <filename>
# Set interface to vnet device,instance eth0,bridge device,or host ethernet device to see where packets are not getting through
# -i any for all interfaces

Debugging network issues: Network namespaces
Network namespaces allow VLAN to share overlapping address space - important for bigger deployments, and to provide multi-tenant networks
ip netns list # lists al known network namespaces
ip netns exec <namespace id> route -n
#Shows routing table inside specific namespace
#Execute arbitrary commands( incl.ssh,ping)
Debugging networking issues: DHCP
Scenario: instance is not getting IP address
Step 1: nova console-log <instance name>
#DHCP request sent,no reply received
Step2: Verify neutron-dhcp-agent is running
Step3: Check host logs(/var/log/messages and /var/log/neutron/*)
Step4: If host is not seeing DHCP traffic: tcpdump -i all | grep -i dhcp

Debugging networking issues: Access/routing
Scenario: I cna't SSH into an instance
Step1: Security groups: port 22 TCP & all ICMP allowed?
Step2: Is floating IP address routable from client?
route -n #on client
Verify that public subnet in OpenStack is accessible from client (eg. for local LAN,that it matches 192.168.0.0/24)
Step3: Bridges OK?
Step4: Iptables Firewall close?
Bridge issues:
ovs-vsctl show # is ethernet card attached to same bridge as public network?
neutron router show router1 # are the private subnet and public subnet connected to the router?
ip netns exec <public namespace id> ping <floating ip> # does the public network match the local LAN exactly?
ip netns exec <private namespace id> route -n # is traffic being correctly routed from the instance out?