Ask Your Question
0

VM instance cannot access outside network

asked 2012-07-03 20:09:10 -0500

an-ronaldor gravatar image

I set up Openstack Essex on two machines. Those two machines only have one public NIC. I use FlatDHCPManager and place the bridge on the public interface. I can create the VM, log in through ssh. The VM only has private IP. The problem is I cannot access outside network when I log in to the VM, although I can ping/ssh among VM and between VM and management node. I cannot ping from VM to compute node.

I checked nova-compute.log, nova-network.log, nova-dhcpbridge.log and didn't find any errors.

Any help would be greatly appreciated.

edit retag flag offensive close merge delete

8 answers

Sort by ยป oldest newest most voted
0

answered 2012-07-05 09:54:13 -0500

koolhead17 gravatar image

You need to assign Public /floating IP for the VM in order to access them from outside network. The openstack guides are sufficient to help you on that.

nova-manage floating create <command> will help you.

cheers!!

edit flag offensive delete link more
0

answered 2012-07-05 12:37:25 -0500

an-ronaldor gravatar image

Perhaps I didn't make myself clear. My question is when I log in to the VM, I can't access the network from the VM , e.g. ping http://www.google.com , wget URL, etc. I wonder if there is a routing problem there but not sure where to start to check.

edit flag offensive delete link more
0

answered 2012-07-05 13:28:09 -0500

elvinas-piliponis gravatar image

Well, start tradiotional connectivity check:

  1. ipconfig / ifconfig -- if the IP configuration is correct and your OpenStack DHCP provides proper IP.
  2. route -- if teh route information is correct
  3. ping to your IP
  4. ping to gateray
  5. ping to some external IP
  6. DNS resolution works?

If there are some other DHCP and virtual instance some how gets IP configuration from outside DHCP, OpenStack will deny all network traffic via libvirt connection filtering. Such filters defined in virtual instance XML.

To check if this is the case, check what DHCP server provided network config or comment out similar lines in instance XML (or create custom template and specify it in nova.conf)

-------------snip from customized template file -------------------- --------------- end snip ----------------

edit flag offensive delete link more
0

answered 2012-07-05 18:46:21 -0500

an-ronaldor gravatar image

1) ifconfig shows the ip correctly 2) VM's own ip and gateway ip can be ping, other VM's ip can also be ping 3) management node's ip can be ping, but compute node's ip cannot be ping 4) The DNS for VM works fine since it returns the ip address when I ping some URL, but no response.

But I still cannot ping external ip/URL. I am driven crazy by this problem these days. dnsmasq is listening on 192.168.22.33 as it should be.

Below is my network configuration in nova.conf --network_manager=nova.network.manager.FlatDHCPManager --public_interface=eth0 --flat_interface=eth0 --flat_network_bridge=br100 --fixed_range=192.168.22.32/27 --floating_range=10.42.0.32/27 --network_size=32 --flat_network_dhcp_start=192.168.22.33 --flat_injected=False --force_dhcp_releas=True --connection_type=libvirt

Below is the route table in VM Destination Gateway Genmask Flags Iface default 192.168.22.33 0.0.0.0 UG eth0 192.168.22.32 * 255.255.255.224 U etho

Below is the route table in host Destination Gateway Genmask Flags Iface default some_url 0.0.0.0 0 br100 localnet * 255.255.255.128 0 br100 192.168.22.32 * 255.255.255.224 0 br100

edit flag offensive delete link more
0

answered 2012-07-10 14:37:50 -0500

how about enabling ip_forwarding on the compute node?

edit flag offensive delete link more
0

answered 2012-11-07 16:05:54 -0500

Hi, @HaoLi

Did you solve the issue? If so, how did you make that?

Could you share your solution here?

edit flag offensive delete link more
0

answered 2012-12-10 15:05:39 -0500

I fixed with ip_forwading.

edit sysctl.conf

vim /etc/sysctl.conf

uncomment the line net.ipv4.ip_forward=1 save :wq

reload sysctl.conf

sysctl -p /etc/sysctl.conf

restart procps service

service procps restart

:)

edit flag offensive delete link more
0

answered 2013-01-24 03:51:43 -0500

Yug Suo gravatar image

Add an iptables rule to your host:

sudo iptables -t nat -A POSTROUTING -s 10.0.0.2 -j MASQUERADE

-s is your instance's fixed_id.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-07-03 20:09:10 -0500

Seen: 549 times

Last updated: Jan 24 '13