connected with floating ip cant reach to external world (google.com)

asked 2018-06-07 08:30:23 -0500

updated 2018-06-07 22:12:01 -0500

Launched CirrOS instances in private network

image description

Floating IP of the Instance

  1. 10.64.83.44
  2. 10.64.83.34

Private IP of the Instance

  1. 172.168.2.5
  2. 192.168.1.11

I can connect the VM using the floating IP without any Issue

[root@network ~]# ssh cirros@10.64.83.44
cirros@10.64.83.44's password: 
$ 

[root@network ~]# ssh cirros@10.64.83.34
cirros@10.64.83.34's password: 
$

My network node can reach to google.com , but private instances cant

 [root@network ~]# ping google.com
    PING google.com (172.217.3.46) 56(84) bytes of data.
    64 bytes from iad23s57-in-f14.1e100.net (172.217.3.46): icmp_seq=1 ttl=44 time=256 ms
    64 bytes from iad23s57-in-f14.1e100.net (172.217.3.46): icmp_seq=2 ttl=44 time=256 ms

[root@network ~]# ifconfig 
br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.64.83.43  netmask 255.255.255.192  broadcast 10.64.83.63
        inet6 fe80::a052:75ff:fe76:8042  prefixlen 64  scopeid 0x20<link>
        ether 2c:d0:2d:b3:03:d4  txqueuelen 1000  (Ethernet)
        RX packets 2636263  bytes 228811380 (218.2 MiB)
        RX errors 0  dropped 659  overruns 0  frame 0
        TX packets 2430020  bytes 643304338 (613.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::2ed0:2dff:feb3:3d4  prefixlen 64  scopeid 0x20<link>
    ether 2c:d0:2d:b3:03:d4  txqueuelen 1000  (Ethernet)
    RX packets 2754681  bytes 273986163 (261.2 MiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 2556138  bytes 651903043 (621.7 MiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    device memory 0xc7000000-c70fffff  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 793219  bytes 147669824 (140.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 793219  bytes 147669824 (140.8 MiB)
        TX errors

vxlan_sys_4789: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 65000
        inet6 fe80::e43e:dbff:fe58:4b68  prefixlen 64  scopeid 0x20<link>
        ether e6:3e:db:58:4b:68  txqueuelen 1000  (Ethernet)
        RX packets 13293  bytes 1058096 (1.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14772  bytes 1061650 (1.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


Interfaces on Compute Node 

[root@compute ~]# ifconfig 
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.64.83.23  netmask 255.255.255.192  broadcast 10.64.83.63
        inet6 fe80::7974:ec5d:1216:268a  prefixlen 64  scopeid 0x20<link>
        ether 2c:d0:2d:b3:31:76  txqueuelen 1000  (Ethernet)
        RX packets 3197387  bytes 3418504882 (3.1 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1165474  bytes 247740797 (236.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions ...
(more)
edit retag flag offensive close merge delete

Comments

What is your configuration? ML2 and router config, how did you create the provider network, how did you create the cloud, what interfaces do you see on the compute node?

Bernd Bausch gravatar imageBernd Bausch ( 2018-06-07 16:38:09 -0500 )edit

This is a flat network, and interfaces added in the Original Question

Free OpenStack Consultant gravatar imageFree OpenStack Consultant ( 2018-06-07 22:11:29 -0500 )edit

Floating IPs on a flat network is a strange concept to me. I may show my ignorance, but I think instances' fixed IPs should be external addresses.

I am interested in your answer to the other questions: ML2 and router config, how did you create the provider network, how did you create the cloud.

Bernd Bausch gravatar imageBernd Bausch ( 2018-06-08 01:07:35 -0500 )edit

In your case, DNAT from outside (floating IP) to the instance seems to work, but not SNAT from the instance to outside. On a flat network, which doesn't have a router, I wonder where NAT takes place. This is where the problem must be.

Bernd Bausch gravatar imageBernd Bausch ( 2018-06-08 01:08:46 -0500 )edit

You seem to be using the Openvswitch mechanism driver, as evidenced from br-ex, qvo and qvb interfaces. In this case, there should be a br-int and a br-ex on the compute node. They are missing. How are packets supposed to flow from an instance to the compute node's network?

Bernd Bausch gravatar imageBernd Bausch ( 2018-06-08 01:29:56 -0500 )edit