Ask Your Question
0

floating ip and namespace issue

asked 2013-01-07 03:00:47 -0500

vijayrg gravatar image

I have set up folsom Quantum based on this url (controller node/network node/compute node): https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/blob/master/OpenStack_Folsom_Install_Guide_WebVersion.rst (https://github.com/mseknibilel/OpenSt...)

use_namespaces , allow_overlapping_Ips set to TRUE.

nova-api is on the controller node ,and l3 and dhcp agents are on network node

Added the external router gateway(192.168.1.185) as the next hop in the controller node where nova-api is running. [Able to ping the gateway address from other nodes].

I am able to launch a simple tty linux image.

I am able to ping and ssh into it through router namespace from the network node.

I still see problems:

1) The launched VM still cannot access the metadata service. wget: can't connect to remote host (169.254.169.254): Network is unreachable iptables rule for this set in router namespace. See below for the iptables rules.

2) Floating ip : I am able to assign floating ip to VM. However, I can ping and ssh to it only through router namespace on the network node. I cannot access it directly from the other nodes on that network (floating ip/external network).

Any clue is appreciated.

root@network:/home/localadmin# ip netns qdhcp-f69a3d72-5284-48f1-ac71-d416ae11fef4 qrouter-24231e93-71e6-43e7-a692-7a96019aba4b

root@network:/home/localadmin# ip netns exec qrouter-24231e93-71e6-43e7-a692-7a96019aba4b ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

qg-c2281f74-eb Link encap:Ethernet HWaddr fa:16:3e:2f:2c:97 inet addr:192.168.1.185 Bcast:192.168.1.191 Mask:255.255.255.240 inet6 addr: fe80::f816:3eff:fe2f:2c97/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:9565 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:617789 (617.7 KB) TX bytes:468 (468.0 B)

qr-5ad57be7-ae Link encap:Ethernet HWaddr fa:16:3e:96:3d:83 inet addr:192.168.14.1 Bcast:192.168.14.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe96:3d83/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:192 errors:0 dropped:0 overruns:0 frame:0 TX packets:178 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:22694 (22.6 KB) TX bytes:19030 (19.0 KB)

root@network:/home/localadmin# ip netns exec qrouter-24231e93-71e6-43e7-a692-7a96019aba4b iptables -L -nv -t nat Chain PREROUTING (policy ACCEPT 4 packets, 708 bytes) pkts bytes target prot opt in out source destination 4 708 quantum-l3-agent-PREROUTING all -- * * 0.0.0.0/0 0.0.0.0/0 no Chain INPUT (policy ACCEPT 2 packets, 632 ... (more)

edit retag flag offensive close merge delete

7 answers

Sort by ยป oldest newest most voted
0

answered 2013-01-08 00:13:56 -0500

gongysh gravatar image

first, you need to make sure 192.168.1.78 metadata server pingable from qrouter namespace. I am confused by 192.168.1.185 pingable but floating ip is not from external network. what kind of linux are u using? ubuntu 12.04 or Fedora or others?

edit flag offensive delete link more
0

answered 2013-01-07 03:41:04 -0500

gongysh gravatar image

can u ping 192.168.1.78 metataserver in qrouter namespace? can u ping 192.168.1.185 router gateway port in the external network?

edit flag offensive delete link more
0

answered 2013-01-07 22:43:56 -0500

vijayrg gravatar image

CORRECTION FROM MY PREVIOUSE COMMENT: No, I am NOT able to ping 192.168.1.78 metaserver from inside qrouter namespace.

Yes. I am able to ping 192.168.1.185 router gateway from other nodes on the external network

edit flag offensive delete link more
0

answered 2013-01-07 16:26:57 -0500

vijayrg gravatar image

Yes. I am able to ping 192.168.1.78 metaserver in qrouter namespace Yes. I am able ping 192.168.1.185 router gateway from other nodes on the external network.

edit flag offensive delete link more
0

answered 2013-01-08 22:22:25 -0500

vijayrg gravatar image

Thanks for the reply. I fixed the external network configuration. Now, my VMs can reach nova metadata service on the controller node and I am able to associate floating ip and ssh into them from the outside network ( also able to ping/ssh vms using fixed ip). However, I am not able to access internet from within the VM. My internet gateway router is not pingable from the qrouter namespace. It is in the same network as the other nodes. I can ping other nodes on that network though.

edit flag offensive delete link more
0

answered 2013-01-08 22:22:25 -0500

vijayrg gravatar image

Thanks for the reply. I fixed the external network configuration. Now, my VMs can reach nova metadata service on the controller node and I am able to associate floating ip and ssh into them from the outside network ( also able to ping/ssh vms using fixed ip). However, I am not able to access internet from within the VM. My internet gateway router is not pingable from the qrouter namespace. It is in the same network as the other nodes. I can ping other nodes on that network though.

edit flag offensive delete link more
0

answered 2013-01-10 01:21:08 -0500

Vijay, You can run tcpdump in the qrouter and figure out why packets are not reaching internet. It is just like any other router. You can also check iptables NAT rules and see if the DNAT rule hits etc.,

Make sure you did not forgot to set gateway on the router. 'quantum router-gateway-set'

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-01-07 03:00:47 -0500

Seen: 189 times

Last updated: Jan 10 '13