Ask Your Question
0

[Failed] Add a scope global ip into instance

asked 2011-06-15 11:07:45 -0500

tonytkdk gravatar image

Hi all

We're build several private cloud in our lab to implement Fault Zone and Web-Services HA+LB

There're two NOVA deployments, and run up software LoadBalancer (pound) + heartbeat(keepalived) on each deployment.

It's ok with keepalived part. Two LB instance can detect each other . The problem is pound. While pound startup , it establish a virtual IP for master LB. Attach to instance's eth0. As below , 192.168.1.102 is instance original ip. 192.168.1.55 is for keepalived and pound to be a virtual ip. But this Virtual seems not work in instance. Other client in same network segment can not find out 192.168.1.55. Is this the limitation of VM ? How could I realize this virtual IP? I think this issue is on Hypervisor layer.......

====================================== eth0: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 02:16:3e:0c:e9:94 brd ff:ff:ff:ff:ff:ff inet 192.168.1.102/24 brd 192.168.1.255 scope global eth0 inet 192.168.1.55/32 scope global eth0 inet6 fe80::16:3eff:fe0c:e994/64 scope link

valid_lft forever preferred_lft forever

Any suggestion will help :>

Cheers Hugo Kuo

edit retag flag offensive close merge delete

5 answers

Sort by ยป oldest newest most voted
0

answered 2011-06-16 08:06:44 -0500

tonytkdk gravatar image

Thanks Vish Ishaya, that solved my question.

edit flag offensive delete link more
0

answered 2011-06-16 08:31:15 -0500

tonytkdk gravatar image

Oh, Sorry . don't delete line 217...... a typo Sorry.......

I hope this will help for someone.

edit flag offensive delete link more
0

answered 2011-06-16 04:08:51 -0500

vishvananda gravatar image

Instances cannot spoof other ip addresses. If you want to allow them to you have to disable some firewall rules.

In nova/virt/libvirt/firewall.py there is a method called _ensure_static_filters. You will see one called nova-base and one called nova-vpn. The base filter stops arp, mac, and ip spoofing. nova-vpn allows all of that traffic. You can see that the image defined as FLAGS.vpn_image_id uses nova-vpn instead of nova-base. So you can a) use nova-vpn for all instances b) set FLAGS.vpn_image_id to make it work for one image c) write some new code to allow certain images/instances to have spoofing protection turned off

Vish

On Jun 15, 2011, at 4:11 AM, Hugo Kou wrote:

New question #161512 on OpenStack Compute (nova): https://answers.launchpad.net/nova/+q...

Hi all

We're build several private cloud in our lab to implement Fault Zone and Web-Services HA+LB

There're two NOVA deployments, and run up software LoadBalancer (pound) + heartbeat(keepalived) on each deployment.

It's ok with keepalived part. Two LB instance can detect each other . The problem is pound. While pound startup , it establish a virtual IP for master LB. Attach to instance's eth0. As below , 192.168.1.102 is instance original ip. 192.168.1.55 is for keepalived and pound to be a virtual ip. But this Virtual seems not work in instance. Other client in same network segment can not find out 192.168.1.55. Is this the limitation of VM ? How could I realize this virtual IP? I think this issue is on Hypervisor layer.......

====================================== eth0: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 02:16:3e:0c:e9:94 brd ff:ff:ff:ff:ff:ff inet 192.168.1.102/24 brd 192.168.1.255 scope global eth0 inet 192.168.1.55/32 scope global eth0 inet6 fe80::16:3eff:fe0c:e994/64 scope link

valid_lft forever preferred_lft forever

Any suggestion will help :>

Cheers Hugo Kuo


You received this question notification because you are a member of Nova Core, which is an answer contact for OpenStack Compute (nova).

edit flag offensive delete link more
0

answered 2011-06-16 06:42:00 -0500

tonytkdk gravatar image

Hello Vish

Thanks for ur reply , it's the answer what I need .

And in my research ...............

I found a wiki about Atlas-LB , Is this works in current NOVA? http://wiki.openstack.org/Atlas-LB

As I know , both Rackspace and AWS , or even IBM cloud .... They provide a service named "Shared IP" / "Cloud Server Virtual IP"

This Virtual IP could be used for heartbeat.......I'm interesting about how's the approach of those public providers to provision Virtual IP.

Thanks

Hugo Kuo

edit flag offensive delete link more
0

answered 2011-06-16 08:28:09 -0500

tonytkdk gravatar image

After a test, Rewrite firewall.py it's work now....

Actually , these two NOVA deployments only for our web-service etc.. So it's much more free than a public cloud. But it's not a recommend way for every time.... I'll keep l working on Atlas-LB ....... To implement " Virtual IPs " as RackSpace.

209 def _ensure_static_filters(self): 210 if self.static_filters_configured: 211 return 212 213 self._define_filter(self._filter_container('nova-base', 214 ['no-mac-spoofing', #del 215 'no-ip-spoofing', #del 216 'no-arp-spoofing', #del 217 'allow-dhcp-server'])) #del 218 self._define_filter(self._filter_container('nova-vpn', 219 ['allow-dhcp-server'])) 220 self._define_filter(self.nova_base_ipv4_filter) 221 self._define_filter(self.nova_base_ipv6_filter) 222 self._define_filter(self.nova_dhcp_filter) 223 self._define_filter(self.nova_ra_filter) 224 if FLAGS.allow_project_net_traffic: 225 self._define_filter(self.nova_project_filter) 226 if FLAGS.use_ipv6: 227 self._define_filter(self.nova_project_filter_v6) 228

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2011-06-15 11:07:45 -0500

Seen: 104 times

Last updated: Jun 16 '11