can not ping router or vms on private network that I created in openstack

asked 2017-12-04 15:47:07 -0600

jcorkey gravatar image

updated 2017-12-05 10:54:16 -0600

I did a multinode deployment of openstack with kolla on a one control node and one compute node. Because I used kolla to deploy, all openstack services are running in docker containers which is confusing me about how exactly I should trouble shoot this problem.

I can allocate a floating ip to an instance but I can not ssh or ping the floating ip assigned to the instance.

I have add the following security groups as well:

Egress  IPv6    Any Any ::/0    -   
Egress  IPv4    Any Any   -   
Egress  IPv4    ICMP    Any   -   
Ingress IPv4    ICMP    Any   -   
Egress  IPv4    TCP 1 - 65535   -   
Ingress IPv4    TCP 22 (SSH)   -   
Ingress IPv4    TCP 53 (DNS)    -   SecurityGLV 
Ingress IPv4    TCP 80 (HTTP)   -   SecurityGLV 
Ingress IPv4    TCP 443 (HTTPS)   -   
Ingress IPv4    UDP 1 - 65535   -   
Egress  IPv4    UDP 1 - 65535   -

both compute node and control node can ping each other but I cannot ping my vm's floating ip. I went into the console of the vm through the horizon dashboard and tried to ping the public network and the gateway but had no success. The only thing I can successfully ping from the vm instance is the router I created in openstack and other openstack vm's.

Here is info on the control node where all networking services are running:

[root@openstackcontroller ~]# ip netns


in my globals.yml I set em1 as my network_interface and I set em2 as my neutron_external_interface

[root@openstackcontroller ~]# nmcli d

DEVICE          TYPE         STATE         CONNECTION
docker0         bridge       connected     docker0
em1             ethernet     connected     em1
vxlan_sys_4789  vxlan        disconnected  --
em3             ethernet     unavailable   --
em4             ethernet     unavailable   --
p5p1            ethernet     unavailable   --
p5p2            ethernet     unavailable   --
p5p3            ethernet     unavailable   --
p5p4            ethernet     unavailable   --
em2             ethernet     unmanaged     --
lo              loopback     unmanaged     --
br-ex           openvswitch  unmanaged     --
br-int          openvswitch  unmanaged     --
br-tun          openvswitch  unmanaged     --
ovs-system      openvswitch  unmanaged     --

here is the em2 configuration on control node and compute node that I think br-ex uses?


ovs-vsctl show on Control node

[root@openstackcontroller neutron]# docker exec -ti openvswitch_vswitchd ovs-vsctl show
    Manager "ptcp:6640:"
        is_connected: true
    Bridge br-ex
        Controller "tcp:"
            is_connected: true
        fail_mode: secure
        Port "em2"
            Interface "em2"
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        Controller "tcp:"
            is_connected: true
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-ac1c0906"
            Interface "vxlan-ac1c0906"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="", out_key=flow, remote_ip=""}
    Bridge br-int
        Controller "tcp:"
            is_connected: true
        fail_mode: secure
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch ...
edit retag flag offensive close merge delete