Setup Linux Network Bridges on Ubuntu for Nova Networking

If you're using Platform9 Managed OpenStack with Nova Networking, Platform9 requires that you have configured one or more network bridges in order for it to discover networking for your servers. This tutorial is designed to guide you through a step-by-step process to create a network bridge in Ubuntu.

Step 1 - Install Required Packages

Install the bridge-utils package that allows you to configure a Linux ethernet bridge in Ubuntu

sudo apt-get install bridge-utils

Step 2 - Edit Network Configuration

Open /etc/network/interfaces with a text editor. You should see something similar below:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp

Modify the primary network interface from 'dhcp' to 'manual' and add the bridge with your specified bridge name. Suppose you would like to create a bridge named 'br_labnetwork':

# The primary network interface
auto eth0
iface eth0 inet manual
# The bridge
auto br_labnetwork
iface br_labnetwork inet dhcp
bridge_ports eth0

Platform9 assumes that bridges with the same name across hosts are physically connected to the same network.

Step 3 - Restart Networking Or Reboot

sudo service networking restart

Step 4 - Verify That The Bridge Exists

Execute the command below and verify if a network bridge with the name 'br_name' exists.

brctl show

Step 5 - Disable iptables Filtering on Bridge Devices

This step is necessary to ensure that your Ubuntu physical server is able to communicate with Platform9 controller. Specifically, iptables filtering needs to be disabled on bridge devices.

First, check if filtering is disabled:

sysctl net.bridge.bridge-nf-call-iptables

If you see the value 1, your host needs to be reconfigured as follows.

Open /etc/sysctl.conf and ensure the presence of the following lines:

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

Apply settings immediately and verify that the value is 0.

sudo sysctl -p
sysctl net.bridge.bridge-nf-call-iptables

Notes:
If you ever reboot the host, verify that the settings have persisted. If not, it could be due to a known problem described in this article: http://wiki.libvirt.org/page/Net.bridge-nf-call_and_sysctl.conf
For now, the work-around is: after a reboot, follow these steps:

- Ensure at least one bridge device is active by typing "brctl show". There should at least be one named "virbr0" if the libvirt-bin service is running.
- Type "sysctl -p" to apply the settings from /etc/sysctl.conf
- Type "sysctl net.bridge.bridge-nf-call-iptables" again to verify the values are set to 0.

Platform9 support team is investigating more permanent work-arounds for this problem. Once a solution is found, this article will be updated with the new information.


November 19, 2015