can't ping external gateway or floating IP's from within router namespace
I just finished setting up an OpenStack packstack deployment for testing purposes. I was able to launch an instance and connect to it using ssh on the internal IP address. My router connects my external and internal networks and my security group is wide open. I've setup my bridge interface so that it links to eth0 which is my external network.
[root@ip-172-31-15-114 ~(keystone_admin)]# ip netns exec qrouter-7808ea77-12b3-432a-be6d-f85f2b980577 ssh 192.168.10.152 -l centos -i ~/.ssh/my-key
[centos@r20 ~]$
internal ping works:
[root@ip-172-31-15-114 ~(keystone_admin)]# ip netns exec qrouter-7808ea77-12b3-432a-be6d-f85f2b980577 ping 192.168.10.152
PING 192.168.10.152 (192.168.10.152) 56(84) bytes of data.
64 bytes from 192.168.10.152: icmp_seq=1 ttl=64 time=1.66 ms
64 bytes from 192.168.10.152: icmp_seq=2 ttl=64 time=0.721 ms
64 bytes from 192.168.10.152: icmp_seq=3 ttl=64 time=0.697 ms
64 bytes from 192.168.10.152: icmp_seq=4 ttl=64 time=0.662 ms
external ping doesn't:
[root@ip-172-31-15-114 ~(keystone_admin)]# ping 172.31.0.10
PING 172.31.0.10 (172.31.0.10) 56(84) bytes of data.
From 172.31.15.114 icmp_seq=1 Destination Host Unreachable
From 172.31.15.114 icmp_seq=2 Destination Host Unreachable
From 172.31.15.114 icmp_seq=3 Destination Host Unreachable
From 172.31.15.114 icmp_seq=4 Destination Host Unreachable
^C
--- 172.31.0.10 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3000ms
pipe 4
[root@ip-172-31-15-114 ~(keystone_admin)]#
unable to ping Google from within instance:
[root@ip-172-31-15-114 ~(keystone_admin)]# ip netns exec qrouter-7808ea77-12b3-432a-be6d-f85f2b980577 ssh 192.168.10.152 -l centos -i ~/.ssh/my-key
Last login: Sat Mar 9 21:36:08 2019 from gateway
[centos@r20 ~]$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 172.31.0.10 icmp_seq=1 Destination Host Unreachable
From 172.31.0.10 icmp_seq=2 Destination Host Unreachable
From 172.31.0.10 icmp_seq=3 Destination Host Unreachable
From 172.31.0.10 icmp_seq=4 Destination Host Unreachable
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3002ms
pipe 4
[centos@r20 ~]$ ip route
default via 192.168.10.1 dev eth0
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.169.254 via 192.168.10.1 dev eth0 proto static
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.152
pinging my gateway from my namespace doesn't work:
[root@ip-172-31-15-114 ~(keystone_admin)]# ip route
default via 172.31.0.1 dev br-ex
169.254.0.0/16 dev eth0 scope link metric 1002
169.254.0.0/16 dev br-ex scope link metric 1006
172.31.0.0/20 dev br-ex proto kernel scope link src 172.31.15.114
[root@ip-172-31-15-114 ~(keystone_admin)]# ip netns exec qrouter-7808ea77-12b3-432a-be6d-f85f2b980577 ping 172.31.0 ...add a comment
