Ask Your Question
0

I cant ping my private IP but I can ping my floating ip

asked 2017-01-06 18:27:35 -0500

tcpip gravatar image

updated 2017-01-10 00:24:33 -0500

Hello, I have the following config, for "Int3" I can ping the floating IP but I cant ping the private IP.

I create a new router for this device. but still the same issue.

But when I want to ping if from the same host where I have installed the openstack.

For the ssh I have the same issue.

@dbaxps's Hello,

So If I create a new net with the subnet the only way I can ping is via the dhcp? but I followed your steps and , when I run "openstack security group list | grep 4c32b6f19d5049d89bdb033e527f72bd" (the ide if from my net-list) I dont get any output , is there any way I do the ping with out the dhcp?

I have the secgroup with the allowd rules

nova secgroup-list-rules default
WARNING: Command secgroup-list-rules is deprecated and will be removed after Nova 15.0.0 is released. Use python-neutronclient or python-openstackclient instead.
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
+-------------+-----------+---------+-----------+--------------+

But as you can see I have 2 private networks (private & net1) the private instance I can ping with no issue, to the instance with net1, the ping is not working.

Thanks!!

Neutron net-list
+--------------------------------------+---------+---------------------------------------------------------+
| id                                   | name    | subnets                                                 |
+--------------------------------------+---------+---------------------------------------------------------+
| 435f9158-da8f-4edd-978c-62ae78570795 | public  | cdace41c-57d0-4cc0-bb41-3c4bccf89a68 2001:db8::/64      |
|                                      |         | 3671350a-e605-4610-b850-c05f4b2fc048 172.24.4.0/24      |
| 8404bef7-a890-4ec0-b27a-5c6e20d07aad | **private** | 02106219-1665-47e8-b216-d8cb9a9a6a54 10.0.0.0/24        |
|                                      |         | e1cc8cc0-62a5-4fc9-861f-7e96c5a928ae 2001:db8:8000::/64 |
| 90c92136-b039-454d-bc39-22c8fa576e29 | **net1**    | 78029221-86e7-4d29-805b-94faa5d9f70a 10.1.0.0/24        |
+--------------------------------------+---------+---------------------------------------------------------+

thanks

 nova list
+--------------------------------------+------+--------+------------+-------------+-------------------------------------------------------------------+
| ID                                   | Name | Status | Task State | Power State | Networks                                                          |
+--------------------------------------+------+--------+------------+-------------+-------------------------------------------------------------------+
| 8a1e693e-fcbb-4d11-b604-63ecd35eb3f6 | int1 | ACTIVE | -          | Running     | private=10.0.0.5, 2001:db8:8000:0:f816:3eff:fec3:f0ab, 172.24.4.4 |
| **eaf267f1-9b55-43e1-bd98-5d8a47c89216 | int3 | ACTIVE | -          | Running     | pri1=10.1.0.4, 172.24.4.11**                                        |
+--------------------------------------+------+--------+------------+-------------+-------------------------------------------------------------------+


 neutron net-list
+--------------------------------------+---------+---------------------------------------------------------+
| id                                   | name    | subnets                                                 |
+--------------------------------------+---------+---------------------------------------------------------+
| 435f9158-da8f-4edd-978c-62ae78570795 | public  | 3671350a-e605-4610-b850-c05f4b2fc048 172.24.4.0/24      |
|                                      |         | cdace41c-57d0-4cc0-bb41-3c4bccf89a68 2001:db8::/64      |
| 8404bef7-a890-4ec0-b27a-5c6e20d07aad | private | 02106219-1665-47e8-b216-d8cb9a9a6a54 10.0.0.0/24        |
|                                      |         | e1cc8cc0-62a5-4fc9-861f-7e96c5a928ae 2001:db8:8000::/64 |
**| b4ade679-4af0-4c74-b6de-daeb60d7b293 | pri1    | 21b50b5e-68bb-45e8-becb-24b38d6bdf2f 10.1.0.0/24**        |
| ed9a12e8-10dc-4d35-9073-2a09165ac26b | pri2    | bbbe97cc-2ca7-4b86-afbf-0005e21f7f85 10.2.0.0/24        |
+--------------------------------------+---------+---------------------------------------------------------+

neutron subnet-list
+--------------------------------------+---------------------+--------------------+-----------------------------------------------------------------------------+
| id                                   | name                | cidr               | allocation_pools                                                            |
+--------------------------------------+---------------------+--------------------+-----------------------------------------------------------------------------+
| 02106219-1665-47e8-b216-d8cb9a9a6a54 | private-subnet      | 10.0.0.0/24        | {"start": "10.0.0.2", "end": "10.0.0.254"}                                  |
| **21b50b5e-68bb-45e8-becb-24b38d6bdf2f | pri1-subnet         | 10.1.0.0/24        | {"start": "10.1.0.2", "end": "10.1.0.254"}                                  |**
| 3671350a-e605-4610-b850-c05f4b2fc048 | public-subnet       | 172.24.4.0/24      | {"start": "172.24.4.2", "end": "172.24.4.254"}                              |
| bbbe97cc-2ca7-4b86-afbf-0005e21f7f85 | pri2-subnet         | 10.2.0.0/24        | {"start": "10.2.0.2", "end": "10.2.0.254"}                                  |
| cdace41c-57d0-4cc0-bb41-3c4bccf89a68 | ipv6-public-subnet  | 2001:db8::/64      | {"start": "2001:db8::1", "end": "2001:db8::1"}                              |
|                                      |                     |                    | {"start": "2001:db8::3", "end": "2001:db8::ffff:ffff:ffff:ffff"}            |
| e1cc8cc0-62a5-4fc9-861f-7e96c5a928ae | ipv6-private-subnet | 2001:db8:8000::/64 | {"start": "2001:db8:8000::2", "end": "2001:db8:8000:0:ffff:ffff:ffff:ffff"} |
+--------------------------------------+---------------------+--------------------+-----------------------------------------------------------------------------+

 ping 172.24.4.11
PING 172.24.4.11 (172.24.4.11) 56(84) bytes of data.
64 bytes from 172.24.4.11: icmp_seq=1 ttl=63 time=3.11 ms
64 bytes from 172.24.4.11 ...
(more)
edit retag flag offensive close merge delete

Comments

Do you have a route to 10.1.0.4? Can you ping the router?

Bernd Bausch gravatar imageBernd Bausch ( 2017-01-06 19:57:11 -0500 )edit

Static (a.k.a. priavte) IP addresses are not meant to be reached from outside the cloud. To be able to reach them, you must create a route explicitly. Can you provide details like the routing table on the computer where you run the ping, and how you created that router?

Bernd Bausch gravatar imageBernd Bausch ( 2017-01-07 17:49:18 -0500 )edit

Run :-

# ip netns | grep 8404bef7-a890-4ec0-b27a-5c6e20d07aad
You should get qdhcp-8404bef7-a890-4ec0-b27a-5c6e20d07aad
dbaxps gravatar imagedbaxps ( 2017-01-09 03:39:54 -0500 )edit

Then

ip netns exec qdhcp-8404bef7-a890-4ec0-b27a-5c6e20d07aad  ping PrivateIP-of-VM
dbaxps gravatar imagedbaxps ( 2017-01-09 03:41:41 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2017-01-08 11:06:24 -0500

dbaxps gravatar image

updated 2017-01-08 15:29:25 -0500

UPDATE
You wrote :-

So If I create a new net with the subnet the only way I can ping is via the dhcp? but I followed your steps and , when I run "openstack security group list | grep 4c32b6f19d5049d89bdb033e527f72bd" (the ide if from my net-list) I dont get any output , is there any way I do the ping with out the dhcp?

Please, create security rules via dashboard and allow ping and ssh for VMs created in project( tenant ) . Don't analyze my security group set up reports. Then launch VM attached to tenant's subnet. Then run :-
# ip netns 
it will provide you qdhcp-network-id  then ping private IP like 
# ip netns exec qdhcp-networok-id ping Private-IP-allocated-to-VM

END UPDATE
Private IPs are usually available via corresponding qdhcp namespaces

[root@overcloud-controller-0 ~]# neutron net-list
+-------------------------------+-------------------------------+-------------------------------+
| id                            | name                          | subnets                       |
+-------------------------------+-------------------------------+-------------------------------+
| 1b84376e-                     | int                           | 13bd889c-3e7a-                |
| 70a3-4a65-9434-87ac000b3d85   |                               | 40b4-ab55-54233012adf5        |
|                               |                               | 30.0.0.0/24                   |
| 6f0f6552-9715-4c94-ac38-56e59 | ext-net                       | d473d55c-                     |
| 9423751                       |                               | e2eb-4705-9245-fe18e159e097   |
|                               |                               | 192.168.24.0/24               |
| f76ec009-e784-40f5-993d-      | HA network tenant 4c32b6f19d5 | 7ae1bd3d-                     |
| 7a93ddf24a4e                  | 049d89bdb033e527f72bd         | 1a8c-4693-a879-26f81b6b06e5   |
|                               |                               | 169.254.192.0/18              |
+-------------------------------+-------------------------------+-------------------------------+
[root@overcloud-controller-0 ~]# ip netns
qdhcp-1b84376e-70a3-4a65-9434-87ac000b3d85
qrouter-c6191a8f-00d5-4cc4-b026-509efc118f9d
[root@overcloud-controller-0 ~]# nova list
+--------------------------------------+--------------+--------+------------+-------------+-------------------------------+
| ID                                   | Name         | Status | Task State | Power State | Networks                      |
+--------------------------------------+--------------+--------+------------+-------------+-------------------------------+
| dd582265-dcf2-43f6-831a-d851fdffbcde | UbuntuDevs01 | ACTIVE | -          | Running     | int=30.0.0.15, 192.168.24.101 |
| e7cce9a5-07d9-4eac-be91-359d6ee35312 | VF24Devs25   | ACTIVE | -          | Running     | int=30.0.0.9, 192.168.24.106  |
+--------------------------------------+--------------+--------+------------+-------------+-------------------------------+
[root@overcloud-controller-0 ~]# ip netns 
qdhcp-1b84376e-70a3-4a65-9434-87ac000b3d85
qrouter-c6191a8f-00d5-4cc4-b026-509efc118f9d
[root@overcloud-controller-0 ~]# ip netns exec qdhcp-1b84376e-70a3-4a65-9434-87ac000b3d85 ping -c 3 30.0.0.15
PING 30.0.0.15 (30.0.0.15) 56(84) bytes of data.
64 bytes from 30.0.0.15: icmp_seq=1 ttl=64 time=1.69 ms
64 bytes from 30.0.0.15: icmp_seq=2 ttl=64 time=1.31 ms
64 bytes from 30.0.0.15: icmp_seq=3 ttl=64 time=8.12 ms

--- 30.0.0.15 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.315/3.711/8.129/3.128 ms

Security group setup

[root@overcloud-controller-0 ~]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 4c32b6f19d5049d89bdb033e527f72bd | admin   |
| 678587aab1ef424887c6b91a747d9337 | service |
+----------------------------------+---------+
[root@overcloud-controller-0 ~]# openstack security group list | grep 4c32b6f19d5049d89bdb033e527f72bd
| ea94b8c1-2283-4000-a278-98dc47912711 | default | Default security group | 4c32b6f19d5049d89bdb033e527f72bd |
[root@overcloud-controller-0 ~]# openstack security group rule list ea94b8c1-2283-4000-a278-98dc47912711 | egrep "(tcp|icmp)"
| 0e118284-c63d-400a-8139-9fdcd24731b6 | tcp         | 0.0.0.0/0 | 22:22      | None                                 |
| fccd4fa4-3404-4082-8b35-35aad12c8bd2 | icmp        | 0.0.0.0/0 |            | None
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2017-01-06 18:27:35 -0500

Seen: 202 times

Last updated: Jan 10 '17