Ask Your Question
0

Newton - Instance can't access internet

asked 2017-02-20 18:11:09 -0500

SysFiller gravatar image

Hi, it's worth mentioning that I've not used Openstack in a long time, so please bear with me. I've followed the setup guide step by step using Ubuntu 16.04 (option 2 - provider network). I can successfully spin up an instance and it gets assigned with an internal ip address (network 172.16.1.0/24) and it can successfully ping the router 172.16.1.1. The problem that I have is that the instance is not able to ping 8.8.8.8 so can't reach the internet. Would anybody be able to help me troubleshoot this issue?

Note that I've not configured ipv4_forwarding therefore it's disabled. I did try enabling it but after a reboot the instance wasn't able to get the DHCP so I reverted it (not even sure this is related). I had to disable IPv6 completely, somebody had this DHCP problem and solved it like that.

My setup has two instances on Virtualbox (controller-01 and compute-01). Each instance has 3 network cards: - unconfigured interface which is in bridge mode on Virtualbox and the plan was to use this interfaces as a provider network in order to put the instances on my home network (192.168.1.0/24) - host only adapter interface with manually assigned ip addresses. This is used as a management network, hosts will communicate with each other using this interface - NAT interface, used as default gateway for the servers to install packets and generally reach the internet.

Networks:

root@controller-01:~# openstack network agent list
+--------------------------------------+--------------------+---------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host          | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+---------------+-------------------+-------+-------+---------------------------+
| 1efe2e5b-549c-434d-b72d-4075bdf6bff8 | L3 agent           | controller-01 | nova              | True  | UP    | neutron-l3-agent          |
| 59de3ebc-15d7-4443-b99d-9de7e9d64f8b | Metadata agent     | controller-01 | None              | True  | UP    | neutron-metadata-agent    |
| 869c63f3-11d8-4d81-8109-b16c05d6e020 | DHCP agent         | controller-01 | nova              | True  | UP    | neutron-dhcp-agent        |
| ec0da48c-c6c1-43ec-b0ab-d08771897ca0 | Linux bridge agent | controller-01 | None              | True  | UP    | neutron-linuxbridge-agent |
| f7288eb7-0eee-4a5a-85c4-f0dfd748bcc0 | Linux bridge agent | compute-01    | None              | True  | UP    | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+---------------+-------------------+-------+-------+---------------------------+

root@controller-01:~# openstack network list
+--------------------------------------+-------------+--------------------------------------+
| ID                                   | Name        | Subnets                              |
+--------------------------------------+-------------+--------------------------------------+
| 1302958b-dbe1-4281-9296-ff6036e4f423 | selfservice | a4ba714f-6063-4b89-aa34-eb9547e5bd29 |
| 5dc26ed3-9548-4da2-ac59-6511a3b8a2d9 | provider    | 4d43003f-f037-4d1a-94d6-a6b034eec803 |
+--------------------------------------+-------------+--------------------------------------+

root@controller-01:~# openstack network show selfservice
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | UP                                   |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2017-02-20T20:42:27Z                 |
| description               |                                      |
| id                        | 1302958b-dbe1-4281-9296-ff6036e4f423 |
| ipv4_address_scope        | None                                 |
| ipv6_address_scope        | None                                 |
| mtu                       | 1450                                 |
| name                      | selfservice                          |
| port_security_enabled     | True                                 |
| project_id                | 23993cc4b916486c8ca5070396ea35c1     |
| project_id                | 23993cc4b916486c8ca5070396ea35c1     |
| provider:network_type     | vxlan                                |
| provider:physical_network | None                                 |
| provider:segmentation_id  | 96                                   |
| revision_number           | 5                                    |
| router:external           | Internal                             |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   | a4ba714f-6063-4b89-aa34-eb9547e5bd29 |
| tags                      | []                                   |
| updated_at                | 2017-02-20T20:43:27Z                 |
+---------------------------+--------------------------------------+
root@controller-01:~# openstack network show provider
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | UP                                   |
| availability_zone_hints   |                                      |
| availability_zones        | nova                                 |
| created_at                | 2017-02-20T20:44:46Z                 |
| description               |                                      |
| id                        | 5dc26ed3-9548-4da2-ac59-6511a3b8a2d9 |
| ipv4_address_scope        | None                                 |
| ipv6_address_scope        | None                                 |
| is_default                | False                                |
| mtu                       | 1500                                 |
| name                      | provider                             |
| port_security_enabled     | True                                 |
| project_id                | 23993cc4b916486c8ca5070396ea35c1     |
| project_id                | 23993cc4b916486c8ca5070396ea35c1     |
| provider:network_type     | flat                                 |
| provider:physical_network | provider                             |
| provider:segmentation_id  | None                                 |
| revision_number           | 5                                    |
| router:external           | External                             |
| shared                    | True                                 |
| status                    | ACTIVE                               |
| subnets                   | 4d43003f-f037-4d1a-94d6-a6b034eec803 |
| tags                      | []                                   |
| updated_at                | 2017-02-20T20:47:00Z                 |
+---------------------------+--------------------------------------+

I'm happy to provide more info about my environment, although not sure what's relevant and whats not. Thanks in advance

edit retag flag offensive close merge delete

Comments

Are you able to access the instance from your home network? Also, did you add an ICMP rule in security group?

Thanks

craja gravatar imagecraja ( 2017-02-21 00:26:50 -0500 )edit

Hi craja, thanks for your reply. No, and weirdly I'm not even able to login onto the instance from the compute or controller either. Seems like when I try to ping/SSH from the openstack nodes it goes to default route. I'm only able to use vnc via the browser. Yes SSH and ping rules are there

SysFiller gravatar imageSysFiller ( 2017-02-21 01:59:41 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
3

answered 2017-02-21 10:04:43 -0500

SysFiller gravatar image

Most of my problems were probably related to Virtualbox networking. I've now switched the provider interface to NAT on both nodes (controller/compute) and re-created the provider network. It now seems to work. Next step would be to use a bridged interface in order to test floating ip capabilities (which I'm not able to test with NAT of course). Some important commands for networking troubleshooting:

root@controller-01:~# ip netns list
qdhcp-222197c6-cc31-42d5-9165-c2421ca73b25 (id: 0)
qrouter-f4908af9-a0ee-49a9-85d3-6d872d788946 (id: 2)
qdhcp-567c890a-c527-4f11-9b82-5cfe031c89a7 (id: 1)

root@controller-01:~# ip netns exec qrouter-f4908af9-a0ee-49a9-85d3-6d872d788946 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.2.2        0.0.0.0         UG    0      0        0 qg-ccda1db5-d8
10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 qg-ccda1db5-d8
172.16.1.0      0.0.0.0         255.255.255.0   U     0      0        0 qr-a00da6af-e2

root@controller-01:~# ip netns exec qrouter-f4908af9-a0ee-49a9-85d3-6d872d788946 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=63 time=10.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=63 time=8.40 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=63 time=9.24 ms

I forgot about this after a long time off from Openstack, but they are fundamental. If you are not able to ping the "outside world" from the router's namespace, there's no chance you'll be able to do it from an instance. Hope this helps. Also let me know if you have any other advice or tell me if I've misinterpreted something.

Thanks everybody for your help

edit flag offensive delete link more

Comments

Hello @SysFiller, have you managed to associate floating ips on your environment ? I kind of have the same issue, I have a 2 nodes architecture, with two interfaces the 1st hot-only (for management) and the second NAT to use as the provider. could you please tell me if you have any idea ? thanks

mehdi92 gravatar imagemehdi92 ( 2017-05-10 02:38:49 -0500 )edit
0

answered 2017-02-21 03:57:24 -0500

Rupesh Chowdary gravatar image

Check the default route path from the instance using #route -n command.

Also check the instance interfaces ip's are reaching from the nodes and local system. Create one floating ip and try to assign to the instance that you launched.

I am suspecting your instance is able to reach till the router after that packets are not reaching. It might be issue with your network configuration on the nodes. Your default gateway should be ping from the nodes and local system that means your network part is good and just enabling SSH is simple steps that create security group and add rule to do ssh and that will be allow SSH from the outside also.

edit flag offensive delete link more

Comments

1

Yes,from the instance I'm only able to ping the router's ip address. Packets don't get routed outside the selfservice network. It must be an issue with the controller/compute networking as I'm not able to ping the instance. What's the way to troubleshoot this? Any check to run on the nodes? Thanks

SysFiller gravatar imageSysFiller ( 2017-02-21 04:17:32 -0500 )edit

Add the default route gateway in the instance also add the instance range in the router to accept packet flow via router. This is the issue with the default gateway issue and network configuration issue.

Rupesh Chowdary gravatar imageRupesh Chowdary ( 2017-02-21 04:35:47 -0500 )edit

Rupesh, just to be sure I didn't miss anything I've started from scratch. The first validation that doesn't work following the documentation is the last point of this page https://docs.openstack.org/newton/ins... I can't ping it.

SysFiller gravatar imageSysFiller ( 2017-02-21 07:45:49 -0500 )edit

I've also found this:

Feb 21 13:53:08 controller-01 neutron-linuxbridge-agent[2597]: 2017-02-21 13:53:08.840 2597 WARNING stevedore.named [req-8909e853-6006-445f-8d56-8f860b2e4296 - - - - -] Could not load neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

And

Feb 21 13:54:30 controller-01 neutron-dhcp-agent[2541]: 2017-02-21 13:54:30.110 2541 WARNING stevedore.named [-] Could not load neutron.agent.linux.interface.BridgeInterfaceDriver
SysFiller gravatar imageSysFiller ( 2017-02-21 07:54:20 -0500 )edit
1

Also I've just checked the instance: it's def gw is 172.16.1.1(router's iface) which can be reached via ping. If I ping 8.8.8.8 it won't work though.

SysFiller gravatar imageSysFiller ( 2017-02-21 08:06:19 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2017-02-20 18:11:09 -0500

Seen: 3,807 times

Last updated: Feb 21 '17