Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Hi Mohammad, thanks for the detailed write-up. Seems like this may be a bug.

I'd like to clarify one thing though: the "correct" behavior is actually that VMs from the two networks CAN reach each other, but only after traversing an L3 hop. This at least, is based on a discussion I had with Vish about how VLANManager works (which is essentially what Quantum emulates if you create per-project networks). I think the reason it works that way is that they were emulating Amazon, where you have "internal" IPs that can all reach each other, then public floating IPs that cannot. In Folsom Quantum will get rid of the old nova networking L3 code and will support much richer configuration of L3 topologies. In the mean time, we're stuck with what was in Nova.

So with that in mind, the real question is why we can't connect to VMs in the other subnet when they are on the same host. Running tcpdump on the gateway interfaces that should be receiving and forwarding the traffic should be informative. The devices are named with the pattern gw-*, where * is the start of the network uuid visible if you run "quantum list_nets <tenant-id>" or "nova-manage network quantum_list". In the case where traffic does not flow, it would be interesting to see whether the traffic is reaching the gateway device for the subnet, and if so, whether it is leaving the gateway device for the subnet.