Ask Your Question
0

Inner-project Floating IP communication is not working

asked 2012-05-28 16:19:22 -0500

joe-topjian-v gravatar image

Hello,

I have Essex running in a multi-node configuration using VLAN network manager.

Instances in the same project are unable to communicate with each other (or themselves) via Floating IP. Fixed IP communication works fine. Floating IP communication works from the outside-in as well as between projects.

I read over Bug 933640 and see that the modified IPTables rule is in place, but hairpin_mode is not set on any of the vlan interfaces -- I'm not sure whether it should be or not.

Does anyone have any ideas on what the problem could be?

Please let me know if you'd like to see any config.

Thanks, Joe

edit retag flag offensive close merge delete

9 answers

Sort by ยป oldest newest most voted
0

answered 2012-06-08 20:28:22 -0500

kj-tanaka gravatar image

I'm having the same problem.

edit flag offensive delete link more
0

answered 2012-06-08 21:33:15 -0500

emilienm gravatar image

Can you provide your nova.conf ?

Do you have --routing_source_ip flag into it ? I'm not sure, but I think you should have it for nova-network.

Regards

edit flag offensive delete link more
0

answered 2012-06-09 16:30:38 -0500

joe-topjian-v gravatar image

I see the same as Koji: --routing_source_ip made no difference and ICMP is definitely enabled in the security groups -- ping would not work externally if it was not.

Below is my nova.conf:

--logdir=/var/log/nova --state_path=/var/lib/nova --lock_path=/var/lock/nova --root_helper=sudo nova-rootwrap --verbose=false --public_interface=vlan20 --fixed_range=10.0.0.0/8 --image_service=nova.image.glance.GlanceImageService --use_deprecated_auth=false --glance_api_servers=cloud.sandbox.cybera.ca:9292 --service_down_time=60 --rabbit_port=5672 --vlan_interface=bond0 --rabbit_virtual_host=/ --vlan_start=100 --sql_connection=mysql://nova:password@cloud.private.sandbox.cybera.ca/nova --bindir=/usr/bin --api_paste_config=/etc/nova/api-paste.ini --rabbit_password=password --rabbit_userid=nova --rabbit_host=cloud.sandbox.cybera.ca --floating_range=199.116.232.40/29 --auth_strategy=keystone --network_manager=nova.network.manager.VlanManager --novncproxy_port=6080 --novncproxy_host=0.0.0.0 --metadata_host=192.168.6.2

edit flag offensive delete link more
0

answered 2012-06-08 20:51:20 -0500

heckj gravatar image

Check to make sure that you have enable ICMP through the security groups. Devstack and others do that by default, but it's a commonly missed setup.

Check the installation guides for an introduction on how to do this.

-joe

edit flag offensive delete link more
0

answered 2012-06-08 22:00:16 -0500

kj-tanaka gravatar image

I have --routing_source_ip flag, and ICMP is in the security groups. The strange thing is that associated floating IP works for communicating outside, but instance can't even ping to its own floating IP.

Everything works with floating IP from outside. If the ICMP or routing_ip flag are missed, it shouldn't work with outside, right?

Koji

edit flag offensive delete link more
0

answered 2012-06-11 14:37:18 -0500

kj-tanaka gravatar image

Here's a link about the similar issue. (maybe not.)
http://serverfault.com/questions/167601/no-ip-works-for-non-internal-clients-pinging-works-internally/167607#167607 (http://serverfault.com/questions/1676...)

I confirmed that hairpin_mode is activated on my compute nodes. And, I'm trying to manually fix somewhere on ip route, ip rule or iptables, but no luck yet.

I also tried these flags, "--baremetal_allow_project_net_traffic=true" and "--allow_same_net_traffic=true", on nova.conf. But didn't change anything as I expected, because they're supposed to be "true" as default.

Since floating IP works fine with other projects and outside, isn't it a bug or something? Floating IP should work within the same project, too.

Any help would be appreciated...

Koji

edit flag offensive delete link more
0

answered 2012-06-11 14:58:27 -0500

joe-topjian-v gravatar image

Hello,

For me, hairpin_mode is not set on any of the vlan interfaces but is set on some of the vnet interfaces (which I think are the KVM nics?):

$ for i in ls /sys/class/net/br1*/brif/*/hairpin_mode; do echo $i: cat $i; done /sys/class/net/br100/brif/vlan100/hairpin_mode: 0 /sys/class/net/br100/brif/vnet5/hairpin_mode: 1 /sys/class/net/br101/brif/vlan101/hairpin_mode: 0 /sys/class/net/br102/brif/vlan102/hairpin_mode: 0 /sys/class/net/br102/brif/vnet0/hairpin_mode: 0 /sys/class/net/br103/brif/vlan103/hairpin_mode: 0 /sys/class/net/br103/brif/vnet2/hairpin_mode: 0 /sys/class/net/br103/brif/vnet3/hairpin_mode: 0 /sys/class/net/br103/brif/vnet4/hairpin_mode: 1 /sys/class/net/br103/brif/vnet7/hairpin_mode: 1

Thanks, Joe

edit flag offensive delete link more
0

answered 2012-06-12 02:10:59 -0500

kj-tanaka gravatar image

I think /sys/class/net/br/brif/vnet are interfaces, so their hairpin_mode sould be 1. But /sys/class/net/br/brif/vlan are vlan id or something, not interfaces, so they should be fine as 0.

Koji

edit flag offensive delete link more
0

answered 2012-06-12 14:34:37 -0500

kj-tanaka gravatar image

Joe, I submitted this as a bug, hoping we would get some more help.

https://bugs.launchpad.net/nova/+bug/1012144 (https://bugs.launchpad.net/nova/+bug/...)

Koji

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-05-28 16:19:22 -0500

Seen: 49 times

Last updated: Jun 12 '12