Ask Your Question
0

cannot visit vm from external network

asked 2019-07-03 11:06:59 -0500

zxslm gravatar image

updated 2019-07-05 09:10:26 -0500

Hi, I am running openstack( 3.18.0) on a vm(CentOS7.6.1810) with RDO. all settings are default.

my vm(10.10.122.87) sits on 10.10.122.0/24 and the VLAN ID is 122. the NIC name in my vm is ens16780032.

I use below command to create the network, subnet and then bump a openstack vm

openstack network create --no-share --external --provider-physical-network eno16780032 --provider-network-type vlan --provider-segment 122 external

openstack subnet create --subnet-range 10.10.122.0/24 --gateway 10.10.122.1 \ --network external --allocation-pool start=10.10.122.90,end=10.10.122.99 \ --dns-nameserver 8.8.8.8 external_subnet

openstack server create --flavor 1 --image db044776-b398-46f4-8f42-dc862154b80c \ --nic net-id=5c955f6f-0d91-4b3e-a2cb-bf0adf7803be vm1

and then I add ingress rules for ICMP and SSH from 0.0.0.0/0

The vm1 got a IP address 10.10.122.97. I am not able to ping 10.10.122.97 from my vm(10.10.122.87).

can anybody tell me why I am not ping the openstack vm(10.10.122.97) from my vm(10.10.122.87) which openstack installed?

update the main configs as below

===========================================

/etc/neutron/plugins/ml2/openvswitch_agent.ini

[DEFAULT]
debug = True
[ovs]
bridge_mappings=extnet:br-ex
integration_bridge=br-int
tunnel_bridge=br-tun
local_ip=10.10.122.87
[agent]
l2_population=False
drop_flows_on_start=False
tunnel_types=vxlan
vxlan_udp_port=4789
[securitygroup]
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

===========================================

/etc/neutron/plugins/ml2/ml2_conf.ini

[DEFAULT]
[ml2]
type_drivers=vlan,vxlan,flat
tenant_network_types=vxlan
mechanism_drivers=openvswitch
path_mtu=0
extension_drivers=port_security,qos
[securitygroup]
enable_security_group=True
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ml2_type_vlan]
network_vlan_ranges=eno16780032:100:200
[ml2_type_vxlan]
vxlan_group=224.0.0.1
vni_ranges=10:100
[ml2_type_flat]
flat_networks=*

===========================================

/etc/neutron/neutron.conf

[DEFAULT]
debug=True
log_dir=/var/log/neutron
transport_url=rabbit://guest:guest@10.10.122.87:5672/
control_exchange=neutron
bind_host=0.0.0.0
auth_strategy=keystone
core_plugin=neutron.plugins.ml2.plugin.Ml2Plugin
allow_overlapping_ips=True
service_plugins=qos,trunk,router,metering
l3_ha=False
max_l3_agents_per_router=3
api_workers=4
rpc_workers=4
router_scheduler_driver=neutron.scheduler.l3_agent_scheduler.ChanceScheduler
notify_nova_on_port_status_changes=True
notify_nova_on_port_data_changes=True
[cors]
[database]
connection=mysql+pymysql://neutron:lifei123@10.10.122.87/neutron
[keystone_authtoken]
www_authenticate_uri=http://10.10.122.87:5000/
auth_uri=http://10.10.122.87:5000/
auth_type=password
auth_url=http://10.10.122.87:5000
username=neutron
password=lifei123
user_domain_name=Default
project_name=services
project_domain_name=Default
[oslo_concurrency]
lock_path=$state_path/lock
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
ssl=False
[oslo_middleware]
[oslo_policy]
policy_file=/etc/neutron/policy.json
[privsep]
[ssl]
[agent]
root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf
[service_providers]
[nova]
auth_url=http://10.10.122.87:5000
username=nova
password=lifei123
project_domain_id=default
project_domain_name=Default
project_name=services
user_domain_id=default
user_domain_name=Default
region_name=RegionOne
auth_type=password
tenant_name=services

===========================================

/etc/nova/nova.conf

[DEFAULT]
instance_usage_audit_period=hour
rootwrap_config=/etc/nova/rootwrap.conf
compute_driver=libvirt.LibvirtDriver
allow_resize_to_same_host=True
vif_plugging_is_fatal=True
vif_plugging_timeout=300
force_raw_images=True
reserved_host_memory_mb=512
cpu_allocation_ratio=16.0
ram_allocation_ratio=1.5
instance_usage_audit=True
heal_instance_info_cache_interval=60
force_snat_range=0.0.0.0/0
metadata_host=10.10.122.87
ssl_only=False
state_path=/var/lib/nova
report_interval=10
service_down_time=60
enabled_apis=osapi_compute,metadata
osapi_compute_listen=0.0 ...
(more)
edit retag flag offensive close merge delete

Comments

Let me check if I understand you. You installed OpenStack on a VM with IP address 10.10.122.87. This VM is connected to an untagged VLAN with ID 122. You create a provider network named external and launch an instance, VM1, attached to external.

Bernd Bausch gravatar imageBernd Bausch ( 2019-07-04 03:51:13 -0500 )edit

Unfortunately, vlan-type external networks expect to see tagged packets. If I am right, yours are untagged, and you have to create a flat external network instead of a vlan one. See https://developer.rackspace.com/blog/... (old but relevant).

Bernd Bausch gravatar imageBernd Bausch ( 2019-07-04 03:55:32 -0500 )edit

By the way, "RDO" is ambiguous. Do you mean Packstack, or TripleO, or a manual setup using Centos packages? What do you mean by "all settings are default" - what were the precise steps to create your cloud?

3.18.0 is the version of the openstack client. Your cloud must be version Stein.

Bernd Bausch gravatar imageBernd Bausch ( 2019-07-04 03:58:18 -0500 )edit

@Bernd, How can I check whether my VM (10.10.122.87) is connected to an untagged VLAN(ID 122). Let me try to set up a flat external to see if my OpenStack vm can talk to other VM site in VLAN 122. RDO is a community of people using and deploying OpenStack on CentOS, Fedora, and RHEL.

zxslm gravatar imagezxslm ( 2019-07-05 08:42:24 -0500 )edit

@Bernd, Yes, my OpenStack version is Stein.

zxslm gravatar imagezxslm ( 2019-07-05 08:42:52 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2019-09-25 00:27:37 -0500

elclaw gravatar image

Do a tcpdump on your hypervisor or capture packets from your switch. Filter with your IPs. You should be able to see the traffic whether they are tagged correctly.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2019-07-03 11:06:59 -0500

Seen: 135 times

Last updated: Jul 05 '19