Answer by dbaxps for My external IP address is 172.16.21.11 with CIDR /23 with gateway 172.16.20.1. This is my actual network configuration as in ifcfg-em1. I've installed Openstack with RDO on Fedora 20. After Installation # neutron router-list +--------------------------------------+---------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ | id | name | external_gateway_info | distributed | ha | +--------------------------------------+---------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ | 168fe615-95ea-4c72-824d-03a1b44921df | router1 | {"network_id": "d58bc7d6-3353-486e-af61-2179df64beb7", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "326cb3d9-936d-49a4-bf0a-506cfd006b14", "ip_address": "172.24.4.226"}]} | False | False | +--------------------------------------+---------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ [root@localhost hcuser(keystone_admin)]# neutron subnet-list +--------------------------------------+----------------+-----------------+--------------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+----------------+-----------------+--------------------------------------------------+ | d8601bb2-a0e5-43d7-b17c-1b9232a20ca5 | private_subnet | 10.0.0.0/24 | {"start": "10.0.0.2", "end": "10.0.0.254"} | | 326cb3d9-936d-49a4-bf0a-506cfd006b14 | public_subnet | 172.24.4.224/28 | {"start": "172.24.4.226", "end": "172.24.4.238"} | +--------------------------------------+----------------+-----------------+--------------------------------------------------+ I see in both places 172.24.4.X series is being used. From where this IP is comming ? As it says public. Is it supposed to be replaced by something on 172.16.21.11/23 ? How Can I fix it ? -- EDIT -- After changing my subnet to 172.16.20.0/23 [root@localhost ~(keystone_admin)]# neutron router-list +--------------------------------------+---------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ | id | name | external_gateway_info | distributed | ha | +--------------------------------------+---------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ | 168fe615-95ea-4c72-824d-03a1b44921df | router1 | {"network_id": "fe3a3489-9114-4fb0-9a81-b12e125d4204", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "6b0599d5-5407-440d-89f8-51ca2daa6fff", "ip_address": "172.16.21.21"}]} | False | False | +--------------------------------------+---------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+ [root@localhost ~(keystone_admin)]# neutron net-list +--------------------------------------+---------+-----------------------------------------------------+ | id | name | subnets | +--------------------------------------+---------+-----------------------------------------------------+ | 852f04cb-b478-4b08-ba25-77991a118497 | private | d8601bb2-a0e5-43d7-b17c-1b9232a20ca5 10.0.0.0/24 | | fe3a3489-9114-4fb0-9a81-b12e125d4204 | public | 6b0599d5-5407-440d-89f8-51ca2daa6fff 172.16.20.0/23 | +--------------------------------------+---------+-----------------------------------------------------+ [root@localhost ~(keystone_admin)]# neutron subnet-list +--------------------------------------+----------------+----------------+---------------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+----------------+----------------+---------------------------------------------------+ | d8601bb2-a0e5-43d7-b17c-1b9232a20ca5 | private_subnet | 10.0.0.0/24 | {"start": "10.0.0.2", "end": "10.0.0.254"} | | 6b0599d5-5407-440d-89f8-51ca2daa6fff | public_subnet | 172.16.20.0/23 | {"start": "172.16.21.21", "end": "172.16.21.171"} | +--------------------------------------+----------------+----------------+---------------------------------------------------+ But I cannot ping dhcp namespace from router namespace and vice verse -- ping status from dhcp to router [hcuser@localhost ~]$ sudo ip netns exec qdhcp-852f04cb-b478-4b08-ba25-77991a118497 ping 10.0.0.1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. From 10.0.0.2 icmp_seq=1 Destination Host Unreachable ^C --- 10.0.0.1 ping statistics --- 6 packets transmitted, 0 received, +5 errors, 100% packet loss, time 5001ms pipe 4 [hcuser@localhost ~]$ sudo ip netns exec qdhcp-852f04cb-b478-4b08-ba25-77991a118497 ping 10.0.0.2 PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.027 ms ^C --- 10.0.0.2 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.027/0.027/0.028/0.005 ms -- ping status from router to dhcp [hcuser@localhost ~]$ sudo ip netns exec qdhcp-852f04cb-b478-4b08-ba25-77991a118497 ping 10.0.0.1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. From 10.0.0.2 icmp_seq=1 Destination Host Unreachable ^C --- 10.0.0.1 ping statistics --- 6 packets transmitted, 0 received, +5 errors, 100% packet loss, time 5001ms pipe 4 [hcuser@localhost ~]$ sudo ip netns exec qdhcp-852f04cb-b478-4b08-ba25-77991a118497 ping 10.0.0.2 PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data. 64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0 ... (more)

UPDATE as of 11/24/2014
VLAN tag 4095 has special meaning that the port is "dead"
From your `ovs-vsctl show` report
[hcuser@localhost ~]$ sudo ovs-vsctl show 62c30134-97e2-4723-b42c-9474eb333885 Bridge br-int fail_mode: secure Port "tap231aae57-ee" tag: 1 Interface "tap231aae57-ee" Port "tap0b36c82a-61" tag: 4095 Interface "tap0b36c82a-61" The last interface corresponds your private demo network
Via dashboard :- Please create new demo_private1 network ( say 20.0.0.0/24), new router router2 Create interface to demo_private1 network at router2. Create gateway to public at router2. Repost new `ovs-vsctl` show. If you will still experience problems please open new question I would remove public_subnet and public network created by Neutron. Just clean up gateway to public in demo login. Then create new public network via admin account matching exactly your real network 172.16.20.0/23 with gateway matching real gateway 172.16.20.1 and with big enough allocation pool
New public network should have shared status if belongs admin tenant either belong tenant services.
Via CLI remove old public :
source keystonerc_demo neutron router-gateway-clear router1 source keystonerc_admin neutron subnet-delete public_subnet neutron net-delete public Create new public matching real # source keystonerc_admin # neutron net-create public --router:external=True --shared # neutron subnet-create public 172.16.20.0/23 --name sub_public --enable_dhcp False \ --allocation_pool start=172.16.20.50,end=172.16.21.150 \ --gateway 172.16.20.1 Relogin to demo and make router to have gateway to new public network.
Then make em1 OVS port of OVS bridge br-ex. Like this :-
[root@juno1 network-scripts(keystone_admin)]# cat ifcfg-br-ex DEVICE="br-ex" BOOTPROTO="static" IPADDR="172.16.21.11" NETMASK="255.255.254.0" BROADCAST="172.16.21.255" DNS1="8.8.8.8" GATEWAY="172.16.20.1" NM_CONTROLLED="no" DEFROUTE="yes" IPV4_FAILURE_FATAL="yes" IPV6INIT=no ONBOOT="yes" TYPE="OVSIntPort" OVS_BRIDGE=br-ex DEVICETYPE="ovs" [root@juno1 network-scripts(keystone_admin)]# cat ifcfg-em1 DEVICE="em1" # HWADDR=00:22:15:63:E4:E2 ONBOOT="yes" TYPE="OVSPort" DEVICETYPE="ovs" OVS_BRIDGE=br-ex NM_CONTROLLED=no IPV6INIT=no Disable && Stop NetworkManager, enable service network && restart it.