Ask Your Question

can not access floating ip

asked 2017-03-30 13:25:58 -0500

dimgr gravatar image

hello i have set up openstack ocata via the ansible role . The servers are hosted in Hetzner and i also have pool from Hetzner available to be used for floating ips so far i have done these:

neutron net-create GATEWAY_NET \ --router:external=True \ --provider:physical_network=flat \ --provider:network_type=flat

neutron subnet-create GATEWAY_NET \ --name GATEWAY_NET_SUBNET \ --gateway \ --allocation-pool start=,end= \

neutron net-create PRIVATE_NET \ --shared \ --router:external=True \ --provider:network_type=vxlan \ --provider:segmentation_id 101

neutron subnet-create PRIVATE_NET \ --name PRIVATE_NET_SUBNET

at this point the networks build fine . I have created and booted 4 instances and they all receive a floating ip , at this point i can not ping or ssh any of the instances .

from the compute host where they are tcpdump on the tap interface shows these

ARP, Request who-has tell, length 28 ARP, Reply is-at fa:16:3e:ce:16:23, length 28 ARP, Request who-has tell, length 28 ARP, Reply is-at fa:16:3e:ce:16:23, length 28

just the private ips

here is the intefaces file from one og the hosts , all hosts follow the same interfaces scheme with only IP changes

so , i can not ping any public ip or ssh . Any ideas.. ? thanks

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted

answered 2017-04-03 02:35:55 -0500

dimgr gravatar image

hello i have modified them to enable those TCP UDP and ICMP

edit flag offensive delete link more

answered 2017-04-01 16:24:59 -0500

AndriusF47 gravatar image

Hello, have you created and modified Neutron Routers ? Your privare network needs some way to communicate with external.

  1. neutron router-create RouterName
  2. neutron router-gateway-set PrivateNetwork ExternalNetwork
  3. neutron router-interface-add PrivateNetwork PrivateSubnet

If you done that check out what Neutron Namespace is telling you

  1. ip netns list
  2. neutron router-list
  3. ip netns exec qrouter-........ route (it supports standart tools such as ping, traceroute, iptables etc...)
edit flag offensive delete link more



i have already done these steps , here are the results

dimgr gravatar imagedimgr ( 2017-04-03 08:15:27 -0500 )edit

answered 2017-04-03 00:14:52 -0500

iGene gravatar image

Hi, I would like to ask have you modified the security group for instances. By default, both ssh (TCP port 22) and ICMP (ping) connections are not allowed.

You can refer to documentation here for how to create and modify security groups.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2017-03-30 13:25:58 -0500

Seen: 2,203 times

Last updated: Apr 03 '17