Hosting Openstack on an AWS EC2 instance. Openstack VMs unable to access internet!
Hi,
I'm currently looking to host OpenStack on an AWS instance. I have installed Openstack-Kilo (Single node setup) in Ubuntu 14.04(HVM Ec2 Instance) with OpenVswitch/GRE/Neutron networking and QEMU emulator for computing.
I can provision new VMs and ping the router Gateway from the VM. Also, can ping the VM's floating IP from the Controller.
But the problem is to access the internet from the VM. Notably pinging 8.8.8.8 from "ip netns exec router-xxxxx" also not reaching the gateway.
I have 3NICs attached to my EC2 instance. In that eth2 is mapped with br-ex OVS bridge, eth1 for VM tunnnel network, and eth0 for openstack Management network.
Important:
In available 3NICs, I can access the internet thru only one NIC at a time. I.e., Any one NIC is accessible to internet. For example, If I assigned the default gateway to eth0, then executing "ping 8.8.8.8 -I eth1" will failed to access the internet.
Notably, If I assigned default gateway to br-ex or eth2 (external network NIC), then no NIC is accessible to internet.
I have listed the VPC/OVS-Br/Route information below:
**AWS VPC Details:**
VPC CIDR: 172.16.0.0/16
VPC Subnet CIDR: 172.16.0.0/16
**VPC Route Table:**
Destination Target Status Propagated
172.16.0.0/16 local Active No
0.0.0.0/0 internet-GateWay Active No
**AWS Instance Details:**
VM_Name: Openstack_Kilo_Controller
NIC details:
Name Private_IP Public_IP
eth0 172.16.24.177 36.H.H.33
eth1 172.16.15.184 36.H.H.22
eth2 172.16.2.27
**VM routing table information**:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.16.0.1 0.0.0.0 UG 0 0 0 eth0
172.16.0.0 * 255.255.0.0 U 0 0 0 eth1
172.16.0.0 * 255.255.0.0 U 0 0 0 eth0
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0
Cat /etc/network/interface file:
#Management Network
auto eth0
iface eth0 inet static
address 172.16.24.177
netmask 255.255.0.0
gateway 172.16.0.1
# The external network interface
auto eth2
iface eth2 inet manual
up ip link set dev $IFACE up
down ip link set dev $IFACE down
#Tunnel network
auto eth1
iface eth1 inet static
address 172.16.15.184
netmask 255.255.0.0
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_flat]
flat_networks = external
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
local_ip = 172.16.15.184
bridge_mappings = external:br-ex
[agent]
tunnel_types = gre
ovs-vsctl show output:
1e33e3bd-ee07-4ded-86da-49d34068f7a8
Bridge br-tun
fail_mode: secure
Port br-tun
Interface br-tun
type: internal
Port "gre-ac1018b1"
Interface "gre-ac1018b1"
type: gre
options: {df_default="true", in_key=flow, local_ip="172.16.15.184", out_key=flow, remote_ip="172.16.24.177"}
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun ...