Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I've solved the problem. It turns out that my virtualization software was silently ignoring my guest OS request to set the virtual NIC in promiscuous mode. Other computers in the external network couldn't reach the virtual router's gateway port or floating IPs because the external interface (eth0), not being in promiscuous mode, was not accepting packets to other MAC addresses and hence the bridge was not taking traffic to all attached interfaces.

Reading about network namespaces on the lxc site e trying out their step-by-step configuration with ethernet bridges (http://lxc.sourceforge.net/index.php/about/kernel-namespaces/network/configuration/) I noticed that the behavior I was observing was not the expected result. Even without any OpenStack component installed, I couldn't ping other computers on the external network from a secondary namespace and, conversely, couldn't ping an interface in this secondary namespace from another computer but only the bridge IP address. Exactly the same problem I was having with my OpenStack setup.

The bottom line is that if you can't access interfaces in different namespaces from different computers you should check if your virtualization software is configured to allow promiscuous mode on that VM. Since so many people try out OpenStack on virtual machines it's a bit surpring not to see such remark on any installation guide. I bet others have run into the same kind of problem. Anyway now I understand the basics of how Quantum works with namespaces and hope this little tip can save others the same troubles I met.