Ask Your Question
0

Floating IPs not accessible from inside && outside

asked 2017-04-03 05:55:12 -0600

Sofiane68 gravatar image

updated 2017-04-03 07:15:40 -0600

Hi,

I set up an OpenStack environment on vSphere

  • 3 controllers nodes
  • 2 compute nodes
  • 1 cinder node

I created a cirros instance and associate to it a floating ip

Problem:

This floating ip (10.29.14.144) is not accessible

[root@fuel ~]# ssh control01

root@node-2:~# ping 10.29.14.144
PING 10.29.14.144 (10.29.14.144) 56(84) bytes of data.
^C
--- 10.29.14.144 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2004ms

root@node-2:~# arp 10.29.14.144
Address                  HWtype  HWaddress           Flags Mask            Iface
10.29.14.144             ether   fa:16:3e:f1:14:7e   C                     br-ex
root@node-5:~# ip netns exec qrouter-05e079e8-b0c3-4d59-a5eb-4deb1507cd8f ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
28: ha-124b032c-e0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether fa:16:3e:51:88:b9 brd ff:ff:ff:ff:ff:ff
    inet 169.254.192.2/18 brd 169.254.255.255 scope global ha-124b032c-e0
       valid_lft forever preferred_lft forever
    inet 169.254.0.1/24 scope global ha-124b032c-e0
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe51:88b9/64 scope link 
       valid_lft forever preferred_lft forever
29: qg-896349c2-7b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether fa:16:3e:f1:14:7e brd ff:ff:ff:ff:ff:ff
    inet 10.29.14.130/24 scope global qg-896349c2-7b
       valid_lft forever preferred_lft forever
    inet 10.29.14.144/32 scope global qg-896349c2-7b
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fef1:147e/64 scope link 
       valid_lft forever preferred_lft forever
30: qr-41f36263-c3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether fa:16:3e:c7:02:4c brd ff:ff:ff:ff:ff:ff
    inet 192.168.111.1/24 scope global qr-41f36263-c3
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fec7:24c/64 scope link 
       valid_lft forever preferred_lft forever

This floating ip is not accessible from inside the network namespace

root@node-5:~# ip netns exec qrouter-05e079e8-b0c3-4d59-a5eb-4deb1507cd8f ping 10.29.14.144
PING 10.29.14.144 (10.29.14.144) 56(84) bytes of data.

i checked the l3 agent of neutron --> al is up and running

edit retag flag offensive close merge delete

Comments

Can you check "arping 10.29.14.144" from router namespace ? If you get response, ICMP rule might be missing in security group rule. Also, please check snat rules in iptables from router namespace.

Rajesh Ramachandran gravatar imageRajesh Ramachandran ( 2017-04-03 06:44:45 -0600 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2017-04-03 07:07:20 -0600

Sofiane68 gravatar image

updated 2017-04-03 07:10:59 -0600

root@node-5:~# ip netns exec qrouter-05e079e8-b0c3-4d59-a5eb-4deb1507cd8f arping -I qg-896349c2-7b 10.29.14.144 ARPING 10.29.14.144 from 10.29.14.144 qg-896349c2-7b ^CSent 16 probes (16 broadcast(s)) Received 0 response(s)

root@node-5:~# arp 10.29.14.144
    Address                  HWtype  HWaddress           Flags Mask            Iface
    10.29.14.144             ether   fa:16:3e:f1:14:7e   C                     br-floating
    10.29.14.144             ether   fa:16:3e:f1:14:7e   C                     br-ex

The thing I do not understand is this one:

root@node-5:~# ping 10.29.14.130
PING 10.29.14.130 (10.29.14.130) 56(84) bytes of data.
64 bytes from 10.29.14.130: icmp_seq=4 ttl=64 time=0.443 ms
64 bytes from 10.29.14.130: icmp_seq=5 ttl=64 time=0.614 ms
64 bytes from 10.29.14.130: icmp_seq=6 ttl=64 time=0.227 ms

I can ping the router gateway in "/24" but not the floating IP in "/32"

routing problem?

edit flag offensive delete link more

Comments

Problem resolved. Promiscuous mode not enabled in port group and vswitch in vSphere

Sofiane68 gravatar imageSofiane68 ( 2017-04-03 09:32:34 -0600 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2017-04-03 05:55:12 -0600

Seen: 101 times

Last updated: Apr 03 '17

Related questions

Associate public ip to vm's interface

floating ip is not active in devstack

Poor network performance for traffic that hit "Floating IP"

Floating IPs being consumed by router

Neutron unable to add same subnet in diffrent projects

API for releasing a floating IP from a network!

Instance not getting IP

Instances dnsdomainname not set

Error received from ovsdb monitor

Router Interfaces Down