/ meta-data

How to use meta-data service for VM with provider network

When VM is using provider network, the traffic to network outside cloud passes through physical Router via L2 network, which means in VM, the default route is pointed to physical Router.

However, to make meta-data service working, the route of meta-data service IP 169.254.169.254 should be routed to virtual Router created by neutron L3 agent.

Please check the traffic flow as below:

Meta-data service working with provider network

Step-by-step guide

  • Create network with specific provide network defined. (Admin right needed)
neutron net-create test-net --tenant-id <tenant id of your tenant> \
          --provider:network_type vlan \
          --provider:physical_network physnet2 \
          --provider:segmentation_id 100
 
#physnet2 is the bridge mapping name of eth2 setting in 
#OVS plugin configuration /etc/neutron/plugin.ini
#bridge_mappings=physnet2:br-eth2
  • Create subnet, specify 2 static routes for meta-data service IP and default gw
neutron subnet-create --name test-subnet --gateway 10.0.0.1  \
--host-route destination=169.254.169.254/32,nexthop=10.0.0.1 \
--host-route destination=0.0.0.0/0,nexthop=10.0.0.254 test-net 10.0.0.0/24
  • Check neutron dhcp-agent options config file of the created network, we can see those route entries
[root[email protected] ~(demo)]# cat /var/lib/neutron/dhcp/<network id>/opts
tag:tag0,option:classless-static-route,169.254.169.254/32,10.0.0.1
tag:tag0,249,169.254.169.254/32,10.0.0.1
tag:tag0,option:router,10.0.0.254
  • Create the router and link subnet to the router
neutron router-create test-router
neutron router-interface-add test-router test-subnet
  • Launch a VM using the created network, after VM in up and running, log in to VM to check the routing table
[[email protected] ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.254 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.169.254 10.0.0.1 255.255.255.255 UGH 0 0 0 eth0
  • Test meta-data service
[[email protected] ~]# curl http://169.254.169.254/openstack/latest/
meta_data.json
user_data
password
vendor_data.json
  • Test default route connectivity by pinging an external IP
[[email protected] ~]# ping 6.6.6.6
PING 6.6.6.6 (6.6.6.6) 56(84) bytes of data.
64 bytes from 6.6.6.6: icmp_seq=1 ttl=64 time=0.282 ms
64 bytes from 6.6.6.6: icmp_seq=2 ttl=64 time=0.173 ms
64 bytes from 6.6.6.6: icmp_seq=3 ttl=64 time=0.163 ms
......