OVN Network's IP is not online

Incus
1

Here’s my network config:

# incus network show UPLINK 
config:
  bgp.peers.opnsense.address: fd5b:7e71:a0dc::1
  bgp.peers.opnsense.asn: "65123"
  dns.nameservers: fd5b:7e71:a0dc:7::1
  ipv6.gateway: fd5b:7e71:a0dc:7::1/64
  ipv6.routes: fd5b:7e71:a0dc:1050::/60
  ovn.ingress_mode: routed
  parent: vlan07
  volatile.last_state.created: "false"
description: OVN Uplink
name: UPLINK
type: physical
used_by:
- /1.0/networks/ovn01
managed: true
status: Created
locations:
- none
project: default

# incus network show ovn01 
config:
  bridge.mtu: "1500"
  ipv4.address: none
  ipv6.address: fd5b:7e71:a0dc:1052::1/64
  ipv6.dhcp: "true"
  ipv6.dhcp.stateful: "false"
  ipv6.l3only: "false"
  ipv6.nat: "false"
  network: UPLINK
  security.acls: allow-everything # Basic ACL that allows all ingress & egress
  volatile.network.ipv6.address: fd5b:7e71:a0dc:7:1266:6aff:feec:385e
description: ""
name: ovn01
type: ovn
used_by:
- /1.0/instances/test2
managed: true
status: Created
locations:
- none
project: default

On my router, I can see that BGP has advertised the route:

Network:  fd5b:7e71:a0dc:1052::/64
Next Hop: fd5b:7e71:a0dc:7:1266:6aff:feec:385e

However the network is not usable:

# This is run on my router, from fd5b:7e71:a0dc:7::1
$ ping fd5b:7e71:a0dc:7:1266:6aff:feec:385e
<no response>
2

incus network info ovn01 will show you what system is the active chassis. You’ll then want to go do some traffic dumping on that system to confirm you’re seeing the ingress traffic arriving on the uplink.

3

Oh, that’s on IncusOS, isn’t it? :slight_smile:

That does make debugging a bit harder as we’re missing some of the obvious debugging tools in the image, let alone having them exposed over the API.

4

If on IncusOS, can you show your incus admin os system network show and incus admin os service show ovn?

Did you try running an instance on that network already?
It can be useful to see if 1) an instance can be created and started 2) if the instance is able to ping its gateway 3) if the instance is somehow able to speak to the outside world

5

Here’s some more information:

# incus network info ovn01 
Name: ovn01
MAC address: 10:66:6a:ec:38:5e
MTU: 1500
State: up
Type: broadcast

IP addresses:
  inet6	fd5b:7e71:a0dc:1052::1/64 (link)

OVN:
  Chassis: 4c4c4544-004e-5610-8048-b9c04f314a33
  Logical router: incus-net47-lr
  Logical switch: incus-net47-ls-int
  IPv6 uplink address: fd5b:7e71:a0dc:7:1266:6aff:feec:385e

# incus info
config:
  ...
  network.ovn.northbound_connection: tcp:[fd5b:7e71:a0dc:1001:1266:6aff:feb0:c1c1]:6641
  ...

# incus admin os service show ovn
WARNING: The IncusOS API and configuration is subject to change

config:
  database: tcp:[fd5b:7e71:a0dc:1001:1266:6aff:feb0:c1c1]:6642
  enabled: true
  tunnel_address: ::1
  tunnel_protocol: geneve
state: {}

# incus admin os system network show 
WARNING: The IncusOS API and configuration is subject to change

config:
  interfaces:
  - addresses:
    - dhcp4
    - slaac
    hwaddr: f8:e4:3b:b7:94:c3
    name: f8e43bb794c3
    required_for_online: ipv6
  time:
    timezone: America/Chicago
  vlans:
  - id: 8
    name: vlan08
    parent: f8e43bb794c3
    roles:
    - instances
  - id: 7
    name: vlan07
    parent: f8e43bb794c3
    roles:
    - instances
  - id: 6
    name: vlan06
    parent: f8e43bb794c3
    roles:
    - instances
state:
  interfaces:
    f8e43bb794c3:
      addresses:
      - 10.121.64.100
      - 2001:db8:0:0:fae4:3bff:feb7:94c3 # substituted
      - fd5b:7e71:a0dc:0:fae4:3bff:feb7:94c3
      hwaddr: f8:e4:3b:b7:94:c3
      mtu: 1500
      roles:
      - management
      - cluster
      routes:
      - to: default
        via: 10.121.64.1
      speed: "0"
      state: routable
      stats:
        rx_bytes: 8.73273868e+08
        rx_errors: 0
        tx_bytes: 2.9315658e+07
        tx_errors: 0
      type: interface
    vlan06:
      hwaddr: f8:e4:3b:b7:94:c3
      mtu: 1500
      roles:
      - instances
      speed: "0"
      state: carrier
      stats:
        rx_bytes: 0
        rx_errors: 0
        tx_bytes: 220
        tx_errors: 0
      type: vlan
    vlan07:
      hwaddr: f8:e4:3b:b7:94:c3
      mtu: 1500
      roles:
      - instances
      speed: "0"
      state: carrier
      stats:
        rx_bytes: 0
        rx_errors: 0
        tx_bytes: 14706
        tx_errors: 0
      type: vlan
    vlan08:
      hwaddr: f8:e4:3b:b7:94:c3
      mtu: 1500
      roles:
      - instances
      speed: "0"
      state: carrier
      stats:
        rx_bytes: 5.786602e+06
        rx_errors: 0
        tx_bytes: 3.800621e+06
        tx_errors: 0
      type: vlan

My ovn-central container is configured as listed in this previous topic.

6

I created an instance on the network, but it cannot ping the router.
However the machine does receive router advertisements.

Ie:

  1. Yes, an instance can be started
  2. The instance cannot ping its gateway through the OVN network interface
  3. The instance cannot speak to the outside world

However two instances on the same OVN network can ping each other

7

I’m going to setup a Raspberry Pi next, which will use Incus’s deb package instead of IncusOS. Hopefully that will help with my questions :slight_smile:

8

Have you had a chance to take a look at my configuration? I’ve restarted the system a few times with no luck, the gateway still isn’t responding to pings.