Ask Your Question
0

Cannot ping router on provider network from controller node

asked 2019-04-02 09:37:22 -0500

mac80211 gravatar image

updated 2019-04-02 10:30:49 -0500

Hello everyone,

I am currently setting up a private OpenStack instance following the official installation guide. Unfortunately, it appears that I got stuck at properly configuring networking. I am aiming to have both a provider network as well as an internal network for self-service for instances. I might add that I am setting this up for learning purposes only - this is not something meant for production (considering that I am new to OpenStack in general, this would be insanity).

I have created one provider and one self-service network already, plus a router connecting both of them. Sadly, I am not able to ping neither the router nor the instances on the provider network (I have added a rule allowing ICMP packets to the 'default' security group already).

My configuration is as follows:

  • Management network: 10.0.0.0/24 (with 10.0.0.1 as gateway, enp0s3)
  • Provider network: 10.0.1.0/24 (with 10.0.1.1 as gateway, enp0s8)
  • 2 virtual machines: controller + compute, with 2 NICs each (1x management network, 1x provider network)
  • Controller node: 10.0.0.10 (management network), UP interface without IP (provider network)
  • Compute node: 10.0.0.20 (management network), UP Interface without IP (provider network)
  • OpenStack Rocky, running on Ubuntu 18.04.2 LTS
  • IPv4 packet forwarding is enabled on all VMs and the host machine
  • Both provider and management networks have internet access via NAT (using iptables) on the host machine

I have created the provider network and the self-service network, including the router, like this (following the installation guide 1:1):

openstack network create  --share --external --provider-physical-network provider --provider-network-type flat provider

openstack subnet create --network provider --allocation-pool start=10.0.1.2,end=10.0.1.254 --dns-nameserver 1.1.1.1 --gateway 10.0.1.1 --subnet-range 10.0.1.0/24 provider

openstack network create selfservice

openstack subnet create --network selfservice --dns-nameserver 1.1.1.1 --gateway 10.0.3.1 --subnet-range 10.0.3.0/24 selfservice

openstack router create router

openstack router add subnet router selfservice

openstack router set router --external-gateway provider

Both networks as well as the router appear to have been created successfully. Following the "Verify Operation" section in the guide, the appropriate network namespaces have been created.

root@controller:~# ip netns
qrouter-a4b91aae-4904-4391-9fc8-20affb512460 (id: 2)
qdhcp-0b0bc563-8554-4171-b321-751c9f957d23 (id: 1)
qdhcp-b7852a56-9c5d-4682-b65b-33cea1f47593 (id: 0)

Both subnets look fine to me, too:

root@controller:~# openstack subnet list
+--------------------------------------+-------------+--------------------------------------+-------------+
| ID                                   | Name        | Network                              | Subnet      |
+--------------------------------------+-------------+--------------------------------------+-------------+
| 3069f54e-6dc5-4cbf-bf87-ddf8939fe37c | selfservice | 0b0bc563-8554-4171-b321-751c9f957d23 | 10.0.3.0/24 |
| 30e0627d-e6e8-402d-8d47-27b2011f291c | provider    | b7852a56-9c5d-4682-b65b-33cea1f47593 | 10.0.1.0/24 |
+--------------------------------------+-------------+--------------------------------------+-------------+

The router I created has IP addresses assigned for both subnets:

root@controller:~# openstack port list --router router
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+
| ID                                   | Name | MAC Address       | Fixed IP Addresses                                                       | Status |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+
| 79dc1dfd-fe84-4004-a32b-e736622f56b6 |      | fa:16:3e:b9:a5:cf | ip_address='10.0.3.1', subnet_id='3069f54e-6dc5-4cbf-bf87-ddf8939fe37c'  | ACTIVE |
| f7ec37be-fb71-42e8-b80d-2f8557e149d7 |      | fa:16:3e:0d:af:a3 | ip_address='10.0.1.22', subnet_id='30e0627d-e6e8-402d-8d47-27b2011f291c' | ACTIVE |
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------+--------+

However, as soon as I am trying to ping the router's provider network IP, things take a turn.

root@controller:~# ping -c ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2019-04-02 17:32:39 -0500

mac80211 gravatar image

Looks like I completely forgot about Layer 2 in this instance. I accidently hadn't set my VirtualBox interfaces to promiscuous mode. That way, essentially all traffic not directly directed to the controller (or compute node, respectively) interfaces got filtered.

Once I enabled permiscious mode for all interfaces, things magically started working.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2019-04-02 09:37:22 -0500

Seen: 35 times

Last updated: Apr 02