Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Thanks for the replies dbaxps. I followed your blog and was successfully able to get the ovs bridge configuration up. However, I am still having issues accessing my vm. Here are some more details:

 [root@ip-10-3-3-219 ~]# ip netns
qrouter-396c7174-ce92-4b89-ba05-ffc1afc9a1ca
qdhcp-f3d8fdfe-c6e0-4ba6-a2f3-12b57f09d635
qrouter-cdb38450-a1ee-4024-b85e-02af405d4901

[root@ip-10-3-3-219 ~]# ip netns exec qrouter-396c7174-ce92-4b89-ba05-ffc1afc9a1ca iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-OUTPUT -d 10.3.3.249/32 -j DNAT --to-destination 192.168.1.2
-A neutron-l3-agent-POSTROUTING ! -i qg-8a044353-c1 ! -o qg-8a044353-c1 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-PREROUTING -d 10.3.3.249/32 -j DNAT --to-destination 192.168.1.2
-A neutron-l3-agent-float-snat -s 192.168.1.2/32 -j SNAT --to-source 10.3.3.249
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -s 192.168.1.0/24 -j SNAT --to-source 10.3.3.251
-A neutron-postrouting-bottom -j neutron-l3-agent-snat

My VM got allocated his ip - 192.168.1.2 I associated a floating ip with it - 10.3.3.249. This ip belongs to my external network subnet.

However, when I ping 10.3.3.249 or ssh into it .. there is a connection timeout. What might be going wrong here?