Ask Your Question
0

i'm not able to ping or ssh my instance, it is saying no route to host avalable

asked 2019-08-23 05:44:54 -0500

noobie gravatar image

updated 2019-08-27 07:09:05 -0500

hello everyone,

this is the result of ping $ ping 192.168.3.142

Pinging 192.168.3.142 with 32 bytes of data: Reply from 192.168.1.69: Destination host unreachable. Reply from 192.168.1.69: Destination host unreachable. Reply from 192.168.1.69: Destination host unreachable.

Ping statistics for 192.168.3.142: Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),

this is the result of ssh $ ssh -i openstack.pem centos@192.168.3.142 ssh: connect to host 192.168.3.142 port 22: Connection timed out

these are the security groups of the instance default ALLOW IPv6 to ::/0 ALLOW IPv4 to 0.0.0.0/0 ALLOW IPv6 from default ALLOW IPv4 from default openstack ALLOW IPv4 icmp from 0.0.0.0/0 ALLOW IPv4 to 0.0.0.0/0 ALLOW IPv4 22/tcp from 0.0.0.0/0 ALLOW IPv4 icmp from openstack ALLOW IPv4 80/tcp from 0.0.0.0/0 ALLOW IPv6 to ::/0

can anyone help me out\

http:// (image description)

edit retag flag offensive close merge delete

Comments

The problem is stated in the error message: There is no route to this address.

If your local address is 192.168.1.69, and your network prefix is 24, 192.168.3.142 is in a different network, and you need a router between the two networks.

I suspect, however, that 192.168.3.142 is a static IP.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-23 06:03:17 -0500 )edit

If the router you talk about is a Neutron router, it does not route traffic from outside to static IP addresses (192.168). Even if it does, you would have to set up your routing table so that this router is used.

The real solution is associating floating IPs with your static addresses.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-26 02:00:42 -0500 )edit

i tried with a floating ip also but no luck with that

noobie gravatar imagenoobie ( 2019-08-26 03:53:54 -0500 )edit

Focus on fixing instance access via floating IP. Static IP addresses are not supposed to be reachable from outside the cloud.

I can't comment on the VLAN problem without knowing error and log messages. Is VLAN configured at all? You may want to create a separate question for this problem.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-26 06:24:48 -0500 )edit

If 192.168.13.0/16 is the address range of a tenant network, these addresses are not supposed to be reachable from outside. The concept of floating IPs exists for precisely this purpose: Reach instances from outside the cloud.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-27 01:34:26 -0500 )edit

Yes, you create a floating IP from your external network. No, you don't associate it with an address range, but with an instance or a port.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-27 02:22:16 -0500 )edit
Bernd Bausch gravatar imageBernd Bausch ( 2019-08-27 02:28:34 -0500 )edit

You can't create a router between a tenant network and a network that is outside of the cloud.

To create a router:

openstack router create

To connect it to a tenant network:

openstack router add subnet

To connect it to an external network:

openstack router set --external-gateway
Bernd Bausch gravatar imageBernd Bausch ( 2019-08-27 06:02:35 -0500 )edit

The floating IP comes from the external network.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-27 06:03:27 -0500 )edit

No. You can't access a static IP from outside the cloud. You need to use floating IPs.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-27 06:29:06 -0500 )edit

It looks like you set up your OpenStack cloud with Devstack or Packstack. By default, they create a fake "external" network that can only be reached from the Devstack or Packstack host. If you want to connect your cloud to the outside network, you have to set it up differently

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-27 07:12:18 -0500 )edit

Devstack: https://docs.openstack.org/devstack/l...

Packstack: https://www.rdoproject.org/networking...

You can share pictures without Linkedin. Use a public service like imgur.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-27 07:19:44 -0500 )edit

Sorry to disappoint you, but if you want to ssh into your instance from outside the cloud, you need to connect your cloud to the external network.

Alternatively, connect to your instance from the Packstack host, using a floating IP from the 172 network.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-27 07:32:50 -0500 )edit

Assuming security group and keypair are already in place, associate a floating IP with the instance, then connect to that floating IP. It works because the Packstack host has a route to 172.24.4.??/??.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-27 21:51:08 -0500 )edit

You run the ping and ssh commands in a Mingw64 shell. This is not the Packstack host but a Windows PC with Cygwin.

As I said, the 172 network is fake. It simulates an external network, but it is only accessible from the Packstack host.

Everything else looks good.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-28 07:31:31 -0500 )edit

okay then can u tell me a way to access that from a Mingw64

No. My networking skills are not sufficient, but it should be possible to route traffic to this network on the Packstack host. Perhaps using port forwarding.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-28 08:54:33 -0500 )edit

To access Jenkins on an OpenStack instance, just add the relevant port to the security group. Problem: Your AWS server is connected to the external network, but your OpenStack instance isn't.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-28 08:56:57 -0500 )edit

Regarding your problems with the key, I don't know. Perhaps you launched the instance with a different key, or the instance doesn't get metadata access. Perhaps you get clues by making ssh verbose ssh -vvv.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-28 09:01:35 -0500 )edit

From the terminal, ssh to the Packstack host. From there, ssh to the instance.

If you need to go directly from the Mingw window to the instance, the only way I know is by connecting the external network (br-ex) to the same network as the Packstack host.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-29 03:39:01 -0500 )edit

To access Jenkins from the browser on your laptop, the only solution I know is connecting the cloud to a real external network. See https://www.rdoproject.org/networking....

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-29 04:42:58 -0500 )edit

I was able to launch the Stein version of Packstack with Openvswitch this way: https://ask.openstack.org/en/question.... Not sure if it still works now, but give it a try.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-29 07:20:21 -0500 )edit

NICs are named differently depending on the NIC driver. Replace eth0 with the NIC that is connected to the external network. In your case, probably ens160.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-30 00:33:42 -0500 )edit

The subnet of the external network must match the address range to which the Packstack server is connected. If that is 192.168.0.0/16, you are fine.

I don't think you set up allocation pools on an external network. Remove that.

The internal subnet can have any address range you want.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-30 03:55:17 -0500 )edit

The subnets in your network topology are different from the subnets in the other screenshots. The topology uses 192.168.0.0/16 for both external and internal subnet; I don't know if that works, but even if it does, it's very confusing. Don't do that.

Bernd Bausch gravatar imageBernd Bausch ( 2019-08-30 03:56:41 -0500 )edit

I am interested in:

  • ip a show dev br-ex on the Packstack host
  • bridge_mappings parameter in openvswitch_agent.ini
  • openstack network show public
  • from where do you ping the instance
Bernd Bausch gravatar imageBernd Bausch ( 2019-08-30 09:44:06 -0500 )edit
1

when im creating the network with 192.168.12.0/16 it is creating tghe network as 192.168.0.0

That is expected. The network address is 192.168, all other addresses are for devices on that network.

However, what is the netmask of your laptop's network? 16 or 24 or something else?

Bernd Bausch gravatar imageBernd Bausch ( 2019-09-02 09:21:23 -0500 )edit

Hope you are better!

Bernd Bausch gravatar imageBernd Bausch ( 2019-09-02 09:22:23 -0500 )edit

laptop's network and Packstack host's network need to have the same netmask/prefix, I think.

Can you ssh from the laptop to the Packstack host?

What virtual machine hypervisor are you using? I used to have mysterious network problems with VirtualBox, which I never solved.

Bernd Bausch gravatar imageBernd Bausch ( 2019-09-02 09:25:12 -0500 )edit

How is the Packstack host connected to the laptop? Is it bridged, NAT'd, ...? I don't know if anything except bridge works.

Confusing: None of the addresses in https://m.imgur.com/i9sDaGU seem to be related to 192.168.12.x.

Bernd Bausch gravatar imageBernd Bausch ( 2019-09-02 10:18:58 -0500 )edit

If laptop and Packstack host are in different subnets, don't you need a router between them? I don't think I understand your network setup; have you considered tracing (Wireshark, tcpdump) to see where packets disappear?

Bernd Bausch gravatar imageBernd Bausch ( 2019-09-02 15:53:33 -0500 )edit

This is how it should work:

image description

Note that the public network has the same subnet as the network to which the Packstack host is connected. Packstack host and laptop have IP addresses from the same subnet.

Bernd Bausch gravatar imageBernd Bausch ( 2019-09-02 18:39:58 -0500 )edit

I remember, in the distant past, that VirtualBox seemed to block some traffic and didn't allow me to connect to instances from outside. Rather than troubleshooting it, I switched to the KVM hypervisor, where the problem does not occur.

Bernd Bausch gravatar imageBernd Bausch ( 2019-09-02 18:42:30 -0500 )edit

i dont understand the ip range(10.0.0.22/24)

The instance is connected to a Neutron network. Since you run Packstack, it's probably named private. 10.0.0.22 is the instance's address on that network.

Bernd Bausch gravatar imageBernd Bausch ( 2019-09-03 01:00:07 -0500 )edit

if i can from A to B and B to C then i should be able to ping from A to C

Except if VirtualBox blocks the traffic. This happened to me a few years ago. Perhaps VirtualBox only permits traffic to IP addresses of its guests. As I said, I didn't solve the problem and just switched to KVM.

Bernd Bausch gravatar imageBernd Bausch ( 2019-09-03 01:02:26 -0500 )edit

i can create only one instance

Most likely, your Packstack host doesn't have enough disk space or RAM.

Bernd Bausch gravatar imageBernd Bausch ( 2019-09-03 04:06:04 -0500 )edit

If you don't provision demo (provision-demo=n), I think you have to manually create your networks, both the external network and tenant networks. Now I wonder to which network you connect the instance?

Bernd Bausch gravatar imageBernd Bausch ( 2019-09-03 04:08:59 -0500 )edit

thank u. i also think of that and im increasing the disk space. i'll let u know.

noobie gravatar imagenoobie ( 2019-09-03 04:09:25 -0500 )edit

To set up your OpenStack networks, see instructions at https://www.rdoproject.org/networking....

Bernd Bausch gravatar imageBernd Bausch ( 2019-09-03 04:29:09 -0500 )edit

The network section was empty when i created without provisioning demo. I had created a network 10.0.0.0/24 (https://imgur.com/AhJdYOi , https://imgur.com/jjJOjeA )and created a instance on it and i had assigned a floating IP (https://imgur.com/3BEzOzu)i can ping the instance from the packstack ho

noobie gravatar imagenoobie ( 2019-09-03 06:11:51 -0500 )edit

ping from the packstack host(https://imgur.com/7FhrA0q)

noobie gravatar imagenoobie ( 2019-09-03 06:12:22 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
1

answered 2019-09-09 02:41:23 -0500

updated 2019-09-09 02:42:45 -0500

In order to double-check what I am saying, I just created a new Stein Packstack. The Packstack server is a KVM virtual machine, bridged to my home network 192.168.1.0/24. It's IP is 192.169.1.202.

Packstack set up as follows:

sudo packstack --debug --allinone --default-password pw        \
               --os-neutron-ovs-bridge-interfaces=br-ex:eth0   \
               --os-neutron-ml2-tenant-network-types=vxlan     \
               --os-neutron-ml2-mechanism-drivers=openvswitch  \
               --os-neutron-ml2-type-drivers=vxlan,flat        \
               --os-neutron-l2-agent=openvswitch               \
               --provision-demo-floatrange=192.168.1.0/24      \
               --provision-demo-allocation-pools '["start=192.168.1.240,end=192.168.1.254"]' \
               --os-heat-install=y --os-heat-cfn-install=y

(exactly as https://ask.openstack.org/en/question..., except for the IP addresses).

--os-neutron-ovs-bridge-interfaces=br-ex:eth0 means that the eth0 interface is plugged into the external bridge, thereby connecting the cloud to the home network.

--provision-demo-allocation-pools sets the IP addresse ranges used for floating IPs.

The packstack command provisions two networks: External network public and a tenant network private, which belongs to the demo project.

The Packstack host's br-ex has two IP addresses. I am puzzled about 192.168.1.1; it's the same address as my home router. I removed this address from br-ex and have not seen any problems so far. 192.168.1.202 is the original IP address of eth0.

6: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether 52:54:00:dd:2c:f3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.202/24 brd 192.168.1.255 scope global br-ex
       valid_lft forever preferred_lft forever
    inet 192.168.1.1/24 scope global secondary br-ex
       valid_lft forever preferred_lft forever

With this setup, I can create an instance attached to private, give it a floating IP from the 192.168.1.240-192.168.1.254 range, and can access the instance from outside. My topology:

image description

$ openstack server list -c Name -c Networks
+--------+----------------------------------+
| Name   | Networks                         |
+--------+----------------------------------+
| testvm | private=10.0.0.96, 192.168.1.251 |
+--------+----------------------------------+
$ openstack router show router1 -c external_gateway_info -c interfaces_info --fit-width
+-----------------------+----------------------------------------------------------------+
| Field                 | Value                                                          |
+-----------------------+----------------------------------------------------------------+
| external_gateway_info | {"network_id": "5ab6e727-4ca7-48df-8a4e-e59fcba1e48f",         |
|                       | "enable_snat": true, "external_fixed_ips": [{"subnet_id":      |
|                       | "68eb7a3d-9498-4e77-8c9f-26c07e35104a", "ip_address":          |
|                       | "192.168.1.245"}]}                                             |
| interfaces_info       | [{"subnet_id": "a68c38da-22dd-48c1-bc8b-12262ed4a1c6",         |
|                       | "ip_address": "10.0.0.1", "port_id":                           |
|                       | "d1a839e8-ce7d-4788-85b3-4875a1fc2f76"}]                       |
+-----------------------+----------------------------------------------------------------+

From a Windows PC in my network (bad round trip times, but I don't mind):

$ ping 192.168.1.251
PING 192.168.1.251 (192.168.1.251): 56 data bytes
64 bytes from 192.168.1.251: icmp_seq=0 ttl=63 time=8.941 ms
64 bytes from 192.168.1.251: icmp_seq=1 ttl=63 time=2.108 ms
64 bytes from 192.168.1.251: icmp_seq=2 ttl=63 time=3.909 ms
--- 192.168.1.251 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.108/4.986/8.941/2.892 ms

The router's gateway address, 192.168.1.245, can also be reached from a device external to the cloud.

I don't know what is different in your setup. My suspicion is that you need to configure something with VMware ... (more)

edit flag offensive delete link more

Comments

Thank you very much for the answer.

noobie gravatar imagenoobie ( 2019-09-09 06:14:50 -0500 )edit

I had found this (https://kb.vmware.com/s/article/1004099). Can you please tell me is it the one that causing problem?

noobie gravatar imagenoobie ( 2019-09-10 05:25:25 -0500 )edit

Thank you very much @Bernd Bausch for the answer. Because of the promiscuous mode is n rejecting i am not able to ping the vm , i had changed that by using the https://kb.vmware.com/s/article/1004099 im able to ping and ssh the vm's now

noobie gravatar imagenoobie ( 2019-09-10 05:58:04 -0500 )edit

Actually, that was solved but i'm not able to ping the outside world from the vm now. Can u tell me how to solve that.

noobie gravatar imagenoobie ( 2019-09-10 06:02:38 -0500 )edit

What do you mean by VM - the Vmware VM that runs Packstack? If so I can't help. If you mean an OpenStack instance, it is the router that facilitates outside access via SNAT. By default, SNAT is implemented by iptables rules in the router's network namespace; you can check there.

Bernd Bausch gravatar imageBernd Bausch ( 2019-09-10 08:25:52 -0500 )edit
1

answered 2019-08-29 05:20:17 -0500

Awais Shah gravatar image

You should allow the port 22 ingress in the security group settings. Either edit the current group or add a new security group. Click on the Security groups, Manage rules, Add rule, Add All ICMP, Direction Ingress, All TCP, Direction Ingress, All UDP, Direction Ingress. Allocate floating ip to the instance, using the key you can ssh the instance. do not forget to chmod 400 key.pem before you ssh.

edit flag offensive delete link more

Comments

thanks for the answer.

noobie gravatar imagenoobie ( 2019-08-29 06:27:30 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2019-08-23 05:35:23 -0500

Seen: 1,284 times

Last updated: Sep 09 '19