Ask Your Question
0

Why packets from instance cannot make into linux bridge when configure a different IP

asked 2013-12-20 07:20:16 -0500

ryan-yi-liu gravatar image

I have done a experiment as below:

1) Create a network and make it DHCP disabled

2) Launch an instance in this network, then check its network port by 'neutron port-list', get the its info as below: | id | name | mac_address | fixed_ips | | 9dc008e0-4d98-45d7-a24f-fd5f2a7866c0 | | fa:16:3e:19:3a:2f | {"subnet_id": "6a1917b8-5fea-45ec-9937-237198cad697", "ip_address": "169.254.0.2"} |

3) Log in the instance, and configure its IP as "169.254.0.2", then PING "169.254.0.1", succeeded

4) Change its IP as "169.254.0.3", then PING "169.254.0.1", failed

 When configure IP as  "169.254.0.3 and PING "169.254.0.1", I tried to tcpdump -i tap9dc008e0-4d -n, I get the arp packet from instance:
 14:09:44.772154 ARP, Request who-has 169.254.0.1 tell 169.254.0.3, length 28

 However,  then I try "tcpdump -i qbr9dc008e0-4d -n", didn't get the arp packets.

 It is clearly that the packets from instance didn't make into linux bridge...

So, my question is why? Is the iptables filter the packets from instance when the source IP(169.254.0.3) is not the IP(169.254.0.2) that OpenStack assigned?

If yes, is there any way to configure to allow instance to use any available IP of the network, not just the one which OpenStack assigned?

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2013-12-20 07:22:59 -0500

ryan-yi-liu gravatar image

I tried to stop iptables service, the issue still exists.

edit flag offensive delete link more
0

answered 2014-01-03 09:51:00 -0500

gongysh gravatar image
  1. disable the security group [securitygroup]

    sample firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

Firewall driver for realizing neutron security group function.

firewall_driver = neutron.agent.firewall.NoopFirewallDriver

or 2. update port's allowed_address_pairs attr: neutron port-update portid --allowed_address_pairs xxx

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-12-20 07:20:16 -0500

Seen: 91 times

Last updated: Jan 03 '14