Ask Your Question
0

Floating IPs not accessible from inside && outside

asked 2017-04-03 05:55:12 -0500

Sofiane68 gravatar image

updated 2017-04-03 07:15:40 -0500

Hi,

I set up an OpenStack environment on vSphere

  • 3 controllers nodes
  • 2 compute nodes
  • 1 cinder node

I created a cirros instance and associate to it a floating ip

Problem:

This floating ip (10.29.14.144) is not accessible

[root@fuel ~]# ssh control01

root@node-2:~# ping 10.29.14.144
PING 10.29.14.144 (10.29.14.144) 56(84) bytes of data.
^C
--- 10.29.14.144 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2004ms

root@node-2:~# arp 10.29.14.144
Address                  HWtype  HWaddress           Flags Mask            Iface
10.29.14.144             ether   fa:16:3e:f1:14:7e   C                     br-ex
root@node-5:~# ip netns exec qrouter-05e079e8-b0c3-4d59-a5eb-4deb1507cd8f ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
28: ha-124b032c-e0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether fa:16:3e:51:88:b9 brd ff:ff:ff:ff:ff:ff
    inet 169.254.192.2/18 brd 169.254.255.255 scope global ha-124b032c-e0
       valid_lft forever preferred_lft forever
    inet 169.254.0.1/24 scope global ha-124b032c-e0
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe51:88b9/64 scope link 
       valid_lft forever preferred_lft forever
29: qg-896349c2-7b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether fa:16:3e:f1:14:7e brd ff:ff:ff:ff:ff:ff
    inet 10.29.14.130/24 scope global qg-896349c2-7b
       valid_lft forever preferred_lft forever
    inet 10.29.14.144/32 scope global qg-896349c2-7b
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fef1:147e/64 scope link 
       valid_lft forever preferred_lft forever
30: qr-41f36263-c3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether fa:16:3e:c7:02:4c brd ff:ff:ff:ff:ff:ff
    inet 192.168.111.1/24 scope global qr-41f36263-c3
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fec7:24c/64 scope link 
       valid_lft forever preferred_lft forever

This floating ip is not accessible from inside the network namespace

root@node-5:~# ip netns exec qrouter-05e079e8-b0c3-4d59-a5eb-4deb1507cd8f ping 10.29.14.144
PING 10.29.14.144 (10.29.14.144) 56(84) bytes of data.

i checked the l3 agent of neutron --> al is up and running

edit retag flag offensive close merge delete

Comments

Can you check "arping 10.29.14.144" from router namespace ? If you get response, ICMP rule might be missing in security group rule. Also, please check snat rules in iptables from router namespace.

Rajesh Ramachandran gravatar imageRajesh Ramachandran ( 2017-04-03 06:44:45 -0500 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2017-04-03 07:07:20 -0500

Sofiane68 gravatar image

updated 2017-04-03 07:10:59 -0500

root@node-5:~# ip netns exec qrouter-05e079e8-b0c3-4d59-a5eb-4deb1507cd8f arping -I qg-896349c2-7b 10.29.14.144 ARPING 10.29.14.144 from 10.29.14.144 qg-896349c2-7b ^CSent 16 probes (16 broadcast(s)) Received 0 response(s)

root@node-5:~# arp 10.29.14.144
    Address                  HWtype  HWaddress           Flags Mask            Iface
    10.29.14.144             ether   fa:16:3e:f1:14:7e   C                     br-floating
    10.29.14.144             ether   fa:16:3e:f1:14:7e   C                     br-ex

The thing I do not understand is this one:

root@node-5:~# ping 10.29.14.130
PING 10.29.14.130 (10.29.14.130) 56(84) bytes of data.
64 bytes from 10.29.14.130: icmp_seq=4 ttl=64 time=0.443 ms
64 bytes from 10.29.14.130: icmp_seq=5 ttl=64 time=0.614 ms
64 bytes from 10.29.14.130: icmp_seq=6 ttl=64 time=0.227 ms

I can ping the router gateway in "/24" but not the floating IP in "/32"

routing problem?

edit flag offensive delete link more

Comments

Problem resolved. Promiscuous mode not enabled in port group and vswitch in vSphere

Sofiane68 gravatar imageSofiane68 ( 2017-04-03 09:32:34 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2017-04-03 05:55:12 -0500

Seen: 72 times

Last updated: Apr 03 '17

Related questions

Unable to ping a floating ip of a instance, port status of the floating ip is N/A

Cannot ping instance created in 2 node Openstack installation with neutron gre tunnelling

Problem using pfSense VM inside a tenant

Router external interface DOWN

Cannot ping external network from VM [closed]

Does the neutron support IP packet fragmentation ?

OpenvSwitch vs Ryu plugin

GRE inside Openstack Instances

neutron: publicURL endpoint for network service not found

Multiple external subnets