Ask Your Question
0

no ping to Instance from neutron-gateway/0 - error "Destination Host Unreachable"

asked 2019-02-07 16:18:18 -0500

d@kj gravatar image

updated 2019-04-05 05:15:23 -0500

I performed a cluster node installation using this guide [OpenStack Charms Deployment Guide].(https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/install-maas.html), where the type of network is a Flat network and the components used are:

  • Maas
  • Juju
  • Openstack

My lab is composed by following devices:

  • 1 IBM System 3540 M4 Maas (500GB HDD - 8GB RAM - 1 Nic)
  • 1 IBM System 3540 M4 Juju (500GB HDD - 8GB RAM -1 Nic)
  • 4 IBM System 3540 M4 Openstack (500GBx2 HDD - 16GB RAM - 2 Nic)
  • 1 Palo Alto Network Firewall

Public Network 10.20.81.0/24 - Private Network 10.0.0.0/24

  • Maas: 10.20.81.1
  • Juju: 10.20.81.2
  • Openstack 10.20.81.21-24
  • Gateway 10.20.81.254
  • Instance: 10.0.0.9 - 10.20.81.215 (floating)

Network plan

10.20.81.0/24     
                          +-------------+
                              Firewall
                            10.20.81.254
                          +-------------+
                                 | 
+-------------------------------------------------------------+
                              Switch 
      vlan81              vlan81                  vlan81
+-------------------------------------------------------------+
        |                   |                   || | | |
+--------------+     +------------+        +------------------+
|Maas+Juju           |Juju Gui|            |Openstack
|10.20.81.1          |10.20.81.2           |10.20.81.21-24
+--------------+     +-------------+       +------------------+
                                                     |
                                +--------------------------------------------+
                                Private Subnet-1           Public Subnet-2
                                 10.0.0.0/24                10.20.81.0/24
                                 +---+----+--+              +----+------+
                                 |    |        +----+            |
                                 |    |        |    |            |
                                 |    +--------+ VR +-------------+
                                 |             |    |
                                 +--+-+        +----+
                                 |    |
                                 | VM |
                                 | .9 |
                                 |    |
                                 +----+

On my lab, the nodes for Openstack present two eth interface, the first one (eno2) the single external network used as floating IP, then the other one (eno3) for the private network.

I can not reach teh install via SSH or ping

Maas route:

$: ip route
default via 10.20.81.254 dev enp2s0 proto static 
10.20.81.0/24 dev enp2s0 proto kernel scope link src 10.20.81.1

Juju Controller:

ubuntu@juju-controller:~$ ip route
default via 10.20.81.254 dev enp8s0 proto static 
10.20.81.0/24 dev enp8s0 proto kernel scope link src 10.20.81.2

Compute Nodes:

ubuntu@os-compute01:~$ ip route
default via 10.20.81.254 dev br-eno2 proto static 
10.20.81.0/24 dev br-eno2 proto kernel scope link src 10.20.81.21 
10.38.53.0/24 dev lxdbr0 proto kernel scope link src 10.38.53.1

ubuntu@os-compute02:~$ ip route
default via 10.20.81.254 dev br-eno2 proto static 
10.20.81.0/24 dev br-eno2 proto kernel scope link src 10.20.81.22 
10.104.230.0/24 dev lxdbr0 proto kernel scope link src 10.104.230.1 

ubuntu@os-compute03:~$ ip route
default via 10.20.81.254 dev br-eno2 proto static 
10.20.81.0/24 dev br-eno2 proto kernel scope link src 10.20.81.23 
10.126.34.0/24 dev lxdbr0 proto kernel scope link src 10.126.34.1 

ubuntu@os-compute04:~$ ip route
default via 10.20.81.254 dev br-eno2 proto static 
10.20.81.0/24 dev br-eno2 proto kernel scope link src 10.20.81.24 
10.72.47.0/24 dev lxdbr0 proto kernel scope link src 10.72.47.1

Router:

$:openstack router show u1804Ro
Password: 
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field                   | Value                                                                                                                                                                                    |
+-------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up          | UP                                                                                                                                                                                       |
| availability_zone_hints |                                                                                                                                                                                          |
| availability_zones      | nova                                                                                                                                                                                     |
| created_at              | 2019-02-28T22:27:36Z                                                                                                                                                                     |
| description             |                                                                                                                                                                                          |
| distributed             | False                                                                                                                                                                                    |
| external_gateway_info   | {"network_id": "e2ba9320-b1cb-4fd8-acd8-b4d9df9df819", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "b3ae37b6-487b-4063-8d69-ec849fd9c9c7", "ip_address ...
(more)
edit retag flag offensive close merge delete
add a comment

3 answers

Sort by ยป oldest newest most voted
0

answered 2019-03-01 08:33:22 -0500

d@kj gravatar image

updated 2019-04-01 05:50:27 -0500

Update 22/03/19:

Using the following commands I can ping the virtual interfaces on router u1804Ro of openstack

$: juju ssh neutron-gateway/0

then

ubuntu@os-compute01:~$ cat /var/lib/neutron/dhcp/008cdb55-51f4-49f6-87d2-a9c187485d26/host 
fa:16:3e:77:d6:96,host-10-0-0-10.openstacklocal,10.10.0.10
fa:16:3e:b4:9e:0c,host-10-0-0-1.openstacklocal,10.10.0.1
fa:16:3e:d3:49:76,host-10-0-0-9.openstacklocal,10.10.0.13

then

ubuntu@os-compute01:~$ ip netns list
qrouter-fc288112-3fce-405d-9c3f-5451253de4f0 (id: 4)
qdhcp-feb5596f-b201-4e01-9c04-64abd1273d2f (id: 3)

if I try to ping the public interface and the internat interface set on the router of Openstack, that ones work

ubuntu@os-compute01:~$ sudo ip netns exec qrouter-8129a212-8db7-42a7-8d91-a5c8cdca42e0 ping 10.20.81.222
PING 10.20.81.222 (10.20.81.222) 56(84) bytes of data.
64 bytes from 10.20.81.222: icmp_seq=1 ttl=64 time=0.085 ms
64 bytes from 10.20.81.222: icmp_seq=2 ttl=64 time=0.081 ms

ubuntu@os-compute01:~$ sudo ip netns exec qrouter-fc288112-3fce-405d-9c3f-5451253de4f0 ping 10.10.0.1
PING 10.10.0.1 (10.10.0.1) 56(84) bytes of data.
64 bytes from 10.10.0.1: icmp_seq=1 ttl=64 time=0.075 ms
64 bytes from 10.10.0.1: icmp_seq=2 ttl=64 time=0.070 ms

while the ping to the instance and http://google.com no works

ubuntu@os-compute01:~$ sudo ip netns exec qrouter-fc288112-3fce-405d-9c3f-5451253de4f0 ping 10.0.0.13
PING 10.10.0.13 (10.10.0.13) 56(84) bytes of data.
From 10.10.0.13 icmp_seq=1 Destination Host Unreachable
From 10.10.0.13 icmp_seq=2 Destination Host Unreachable

ubuntu@os-compute01:~$ sudo ip netns exec qrouter-fc288112-3fce-405d-9c3f-5451253de4f0 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 10.20.81.222 icmp_seq=1 Destination Host Unreachable
From 10.20.81.222 icmp_seq=2 Destination Host Unreachable

then:

ubuntu@os-compute01:~$ sudo ip netns exec qdhcp-feb5596f-b201-4e01-9c04-64abd1273d2f ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 0  bytes 0 (0.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 0  bytes 0 (0.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ns-cefc1973-b1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1458
            inet 10.0.0.10  netmask 255.255.255.0  broadcast 10.0.0.255
            inet6 fe80::f816:3eff:fedc:af67  prefixlen 64  scopeid 0x20<link>
            ether fa:16:3e:dc:af:67  txqueuelen 1000  (Ethernet)
            RX packets 2297  bytes 96522 (96.5 KB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 5  bytes 446 (446.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ubuntu@os-compute01:~$ sudo ip netns exec qrouter-fc288112-3fce-405d-9c3f-5451253de4f0 ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0 ...
(more)
edit flag offensive delete link more
add a comment
0

answered 2019-03-11 06:21:38 -0500

Donny D gravatar image

Just a thought, but have you checked your security group settings?

edit flag offensive delete link more

Comments

yes that is the Sec Grp applied on instance:

default

ALLOW IPv4 to 0.0.0.0/0

ALLOW IPv6 to ::/0

u1804Icmp

ALLOW IPv4 icmp from 0.0.0.0/0

u1804Ssh

ALLOW IPv4 22/tcp from 0.0.0.0/0

d@kj gravatar imaged@kj ( 2019-03-11 17:35:53 -0500 )edit

So your network topology isn't exactly clear. How do you have your instances connected to the real world?

It should look something like physical network or vlan --> Openstack External Network --> Openstack Router --> Instance Network --> VM

Donny D gravatar imageDonny D ( 2019-03-12 07:59:09 -0500 )edit

I've followed this https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/rocky/install-maas.html (guide) where in my lab is present a physical network (10.20.81.0/24), I can ping all device configured with that network inclusive the interface on router u1804Ro in Openstack.

d@kj gravatar imaged@kj ( 2019-03-12 16:30:03 -0500 )edit

So how is Public Subnet-2 connected to the real world? Is it on a VLAN, is it FLAT?

Donny D gravatar imageDonny D ( 2019-03-15 06:28:11 -0500 )edit

If your openstack router cannot reach the instance, then something is broken in ovs.

what is the output of ovs-vsctl show on both controller and compute nodes?

Donny D gravatar imageDonny D ( 2019-03-15 06:38:44 -0500 )edit
see more comments
0

answered 2019-02-10 23:09:23 -0500

TijoV gravatar image

updated 2019-02-10 23:14:28 -0500

I hope you can ssh to MAAS machine, if you are, then from MAAS machine Try juju status and then

juju ssh <host_ip>
edit flag offensive delete link more

Comments

that works well...the issue is on the instance created on Openstack. The IP address 10.20.81.50, showed above, is the floating address assigned of Openstack to Vm, and if a try to make a ssh to that obtain tha error. I think the issue is on virtual router. Any idea?

d@kj gravatar imaged@kj ( 2019-02-11 03:53:38 -0500 )edit
1

Can you verify that the router is configured with the proper upstream gateway to access the internet? If you can't ping the router, I'm guessing it isn't accessible from your network.

reynoni gravatar imagereynoni ( 2019-02-14 11:15:40 -0500 )edit

from nodes, from lxd vm, and from maas/juju server the ping reachs the gw but not internet. Each part has configured as gw the same IP addr (10.20.81.254). I've also rebuild the empire lab using conjure-up but the issue is the same and don't know if I wrong something on Openstack or Maas

d@kj gravatar imaged@kj ( 2019-02-15 12:20:16 -0500 )edit

Pretty sure it's a neutron misconfiguration in openstack. I haven't had any success with conjure-up, but juju deploy openstack-base seems pretty reliable if you can manage that.

reynoni gravatar imagereynoni ( 2019-02-19 13:51:35 -0500 )edit

I'm rebuild that, as you said me, but I've the same issue

d@kj gravatar imaged@kj ( 2019-02-20 10:30:24 -0500 )edit
see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2019-02-07 16:18:18 -0500

Seen: 425 times

Last updated: Apr 05

Related questions

Openstack with MAAS + juju network setup

Replace Controller Node and add new controller using juju in existing Openstack Environment

Self-service User Password Change - NotAuthorized

How can I install Openstack with MAAS, JUJU single node

How to access instances from the outside world?

juju bootstrap failed

Openstack instance problem

Openstack Ocata deployment fails with Failed deployment: Power state queried: on

Juju + Openstack Multiple Interfaces

How to deploy Openstack for production ? [closed]