Ask Your Question
0

Cannot ping instance after creating vm (using quantum networking)

asked 2013-02-26 06:24:14 -0500

digitalwonk gravatar image

Hi there,

I attempted to follow the steps outlined here to configure an initial network for a tenant/vm:

http://docs.openstack.org/trunk/openstack-network/admin/content/demo_logical_network_config.html (http://docs.openstack.org/trunk/opens...)

The primary difference I made from the steps is that I setup the external network to be shared.

1) quantum net-create --tenant-id db6ffb835f294f86979998dc65b59b0b net1 --provider:network_type vlan --provider:physical_network physnet1 --provider:segmentation_id 1

id = 5ca4b65d-6d54-4b2b-b783-2965702ef1cd

2) quantum subnet-create --tenant-id db6ffb835f294f86979998dc65b59b0b net1 172.16.1.0/24

id = e848983f-dd27-4a33-a833-ebcbd867ab02

3) quantum net-create ext_net --shared --router:external=True

id = 766c713e-3778-4497-bbb5-e816dffc4289

4) quantum subnet-create ext_net --allocation-pool start=1.1.1.130,end=1.1.1.249 --gateway 1.1.1.1 1.1.1.0/24 -- --enable_dhcp=False

id = 03221555-3c1c-4e84-963e-bae1b077f279

5) quantum router-create --tenant_id db6ffb835f294f86979998dc65b59b0b router1

id = 9aa3fb8a-d774-4a7b-9478-b64f12ce7eb9

6) quantum router-interface-add 9aa3fb8a-d774-4a7b-9478-b64f12ce7eb9 e848983f-dd27-4a33-a833-ebcbd867ab02

7) quantum router-gateway-set 9aa3fb8a-d774-4a7b-9478-b64f12ce7eb9 766c713e-3778-4497-bbb5-e816dffc4289

8) Launched a VM (NOTE: For some reason I didn't need to allocated an ip). Here is the VM information:

$ nova list +--------------------------------------+---------+--------+------------------------------------------+ | ID | Name | Status | Networks | +--------------------------------------+---------+--------+------------------------------------------+ | 5fdc74be-b2e3-4bcb-8429-4d8f9f30fbcd | TestVM1 | ACTIVE | ext_net=1.1.1.131; net1=172.16.1.2 | +--------------------------------------+---------+--------+------------------------------------------+

I had a couple of questions 1) According to the quantum documention page, I should have been required to allocate a floating ip first. However, it seems to automatically be allocated when the vm booted. I haven't defined auto_assign_floating_ip, and it appears to be false by default (according to nova-scheduler.log). Is there a reason why didn't I need to allocate a floating ip?
2) I can't ssh or ping this instance. On the nova controller and the quantum network node, I get destination unreachable; on the compute node, I get "ping: sendmsg: Operation not permitted". What step(s) am I potentially missing when configuring this vm's network?

Using cloud archive, OpenStack Folsom.

Thank you in advance! Ed

edit retag flag offensive close merge delete
add a comment

11 answers

Sort by ยป oldest newest most voted
12next »
0

answered 2013-03-01 12:56:37 -0500

digitalwonk gravatar image

The problem still exists..

edit flag offensive delete link more
add a comment
0

answered 2013-03-19 01:42:30 -0500

pritkoth gravatar image

any chance you could post the exact command which fixed this, i was looking at the bug and wanted to see if i could reproduce it.

edit flag offensive delete link more
add a comment
0

answered 2013-03-19 02:54:34 -0500

digitalwonk gravatar image

chown -R quantum.quantum /var/lib/quantum

I installed from the folsom packages from the ubuntu cloud archive, using 12.04.

edit flag offensive delete link more
add a comment
0

answered 2013-03-19 17:01:40 -0500

pritkoth gravatar image

ok good, thanks, will see if i can reproduce it locally here.

edit flag offensive delete link more
add a comment
0

answered 2013-03-03 22:44:35 -0500

digitalwonk gravatar image

I have since switched my configuration to a shared flat network in order to try a simpler setup. I will revisit this question if I can get the simple case working. Thanks!

edit flag offensive delete link more
add a comment
0

answered 2013-02-26 07:59:58 -0500

gongysh gravatar image

1.when u have two networks, you should specify which network to boot a vm. nova boot --image xxx --flavor 1 --nic net-id=<net-id> myserver1 by default, nova allocates one ip for each of available networks. So it is not about auto_assign_floating_ip 2. to fix it, we have to know what configuration in nova.conf, quantum.conf and L2 configuration

edit flag offensive delete link more
add a comment
0

answered 2013-02-26 17:39:17 -0500

danwent gravatar image

I think step #3 was a mistake.

3) quantum net-create ext_net --shared --router:external=True

Should be:

3) quantum net-create ext_net --router:external=True

I.e., the network should be be shared.

Shared allows VMs to plug directly in, whereas we want ext_net to purely be external (but not shared).

When a VM is booted and no --nic is provided, it will be connected to all networks it sees, namely those that are owned by the tenant booting the VM, as well as all shared networks. This is why your VM has a NIC on ext_net when it shouldn't. The VM has no floating IPs.

Also, the reason you likely can't reach your VM via SSH on the internal IP may be security groups.

edit flag offensive delete link more
add a comment
0

answered 2013-02-27 06:46:33 -0500

digitalwonk gravatar image

Thanks for the tips so far! After setting the --nic option on "nova boot" and then re-issuing the "quantum net-create" without the --shared option, I was able to progress farther down the instructions, including issuing floating ips. While I can now ping, it would seem that I cannot ssh. I tried manually adding the floating ips to the br-ex bridge, but that did not seem to help. Here are some observations:

  • From the quantum network node and quantum server (on the nova controller), I can ping any ip between 172.16.1.1 - 172.16.1.101.
  • From the compute node, I can only ping 172.16.1.1. Any other 172.16.1.x ip results in a "sendmsg: Operation not permitted"
  • From the quantum network node, I can ping 1.1.1.131 and 1.1.1.132; however, I cannot ping those ips from the quantum server or the nova compute node.
  • I cannot ssh into any instance, though I added tcp/22 into the default security group (using nova, not quantum)

I will upload the config files shortly.

Here are the outputs from some commands:

http://paste.openstack.org/show/32572/

Other notes: * I created two vms * On the quantum network node, I attempted to add the floating ips using 'ip addr', e.g. "ip addr add 1.1.1.131/24 dev br-ex". The ips added to br-ex, but I could not ssh into the vms * I attempted to use "route add -net 172.16.1.0/24 gw 172.16.1.1", but I received "SIOCADDRT: No such process". It didn't add, but do I need to do this?

Again, thank you for the help, Ed

edit flag offensive delete link more
add a comment
0

answered 2013-03-01 12:55:40 -0500

digitalwonk gravatar image

http://paste.openstack.org/show/32695/

This is a paste of the following config files:

nova controller's nova.conf quantum server's quantum.conf (on nova controller) quantum server's ovs_quantum_plugin.ini (on nova controller)

network node's dhcp_agent.ini network node's l3_agent.ini

network and compute nodes' quantum.conf network and compute nodes' ovs_quantum_plugin.ini

Are there any other configs that would be useful to provide?

edit flag offensive delete link more
add a comment
0

answered 2013-03-02 08:36:17 -0500

enikanorov gravatar image

1.

From the quantum network node and quantum server (on the nova controller), I can ping any ip between 172.16.1.1 - 172.16.1.101

What does mean you can ping any of those ips? Do you mean that you don't get "Operation not permitted"?

  1. > From the compute node, I can only ping 172.16.1.1. Any other 172.16.1.x ip results in a "sendmsg: Operation not permitted"

You may try the following commands: 1) ip netns will give you a list of network namespaces. Choose one that is related to tenant subnet (172.16.1.x) - it would be either qdhcp-<network_id> or qrouter-<router_id> where <router_id> is a router attached to 172.16.1.x network

2) sudo ip netns exec namespace ssh 172.16.1.2 Where namespace is eiath qdhcp-... or qrouter-.. from previous command

  1. > From the quantum network node, I can ping 1.1.1.131 and 1.1.1.132; however, I cannot ping those ips from the quantum server or the nova compute node.

Sure you can ping them since it's ips on one of the local nics (br-ex). No other hosts can see them since they don't share 1.1.1.0/24 network with quantum network node.

1) Seems that your br-ex has 10.140.65.63 which is a real external address. 2) I'm wondering why you specify subnet for external network as 1.1.1.0/24 | {"start": "1.1.1.130", "end": "1.1.1.249"} It looks like it should be something like 10.140.65.0/??

edit flag offensive delete link more
add a comment
12next »

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2013-02-26 06:24:14 -0500

Seen: 419 times

Last updated: Mar 19 '13

Related questions

A question about ovs-vlan-test

Something wrong with the flow tables after openvswitch initialized??

installation of openstack + floodlight

HA of Glance

quantum stops working after reboot

Mystery subnet

Probleme with my floating IP

Router Interfaces Down

Domain usage to restrict admin features

Validation on flavor name