Ask Your Question
0

can't ping router's ip

asked 2012-10-31 12:26:51 -0500

junlun-fan gravatar image

I install quantum and use gre tunnel and l3-agent. i create a router, set the router's gateway and add an interface to a subnet. Finally ,router 's gateway is 172.20.9.66, interface ip is 192.168.120.254.

root@openstack-1:/opt# ip netns exec qdhcp-c92a088d-329d-495e-95f6-c621a8f3b6c4 ping 192.168.120.254 PING 192.168.120.254 (192.168.120.254) 56(84) bytes of data. 64 bytes from 192.168.120.254: icmp_req=1 ttl=64 time=0.434 ms 64 bytes from 192.168.120.254: icmp_req=2 ttl=64 time=0.073 ms 64 bytes from 192.168.120.254: icmp_req=3 ttl=64 time=0.077 ms 64 bytes from 192.168.120.254: icmp_req=4 ttl=64 time=0.084 ms

root@openstack-1:/opt# ip netns exec qrouter-94482e47-10b1-46e2-acdb-b1949fc972e2 ping 172.20.9.66 PING 172.20.9.66 (172.20.9.66) 56(84) bytes of data. 64 bytes from 172.20.9.66: icmp_req=1 ttl=64 time=0.058 ms 64 bytes from 172.20.9.66: icmp_req=2 ttl=64 time=0.049 ms

however, i can't ping the router's gateway not using "ip netns "

root@openstack-1:/opt# ping 172.20.9.66 PING 172.20.9.66 (172.20.9.66) 56(84) bytes of data. ^C --- 172.20.9.66 ping statistics --- 29 packets transmitted, 0 received, 100% packet loss, time 28004ms

After that i create floating ip 172.20.9.67 and associate with a vm 192.168.120.2 root@openstack-1:/opt# quantum floatingip-list +--------------------------------------+------------------+---------------------+--------------------------------------+ | id | fixed_ip_address | floating_ip_address | port_id | +--------------------------------------+------------------+---------------------+--------------------------------------+ | 221554d5-cd29-4531-817c-0bbe1b3d0acb | 192.168.120.2 | 172.20.9.67 | dd1202a7-725b-44b7-8985-58c18c7c5074 | +--------------------------------------+------------------+---------------------+--------------------------------------+

root@openstack-1:/opt# ip netns exec qrouter-94482e47-10b1-46e2-acdb-b1949fc972e2 ping 172.20.9.67 PING 172.20.9.67 (172.20.9.67) 56(84) bytes of data. 64 bytes from 172.20.9.67: icmp_req=1 ttl=64 time=82.2 ms 64 bytes from 172.20.9.67: icmp_req=2 ttl=64 time=0.843 ms 64 bytes from 172.20.9.67: icmp_req=3 ttl=64 time=0.791 ms

yet i still can't ping 172.20.9.67 without using ip netns: root@openstack-1:/opt# ping 172.20.9.67 PING 172.20.9.67 (172.20.9.67) 56(84) bytes of data. ^C --- 172.20.9.67 ping statistics --- 5 packets transmitted, 0 received, 100% packet loss, time 4031ms

I don't know the cause of the problem as i know little about ip netns. Any one get the answer?

edit retag flag offensive close merge delete

8 answers

Sort by » oldest newest most voted
0

answered 2012-11-01 09:21:39 -0500

junlun-fan gravatar image

Thanks yong sheng gong, that solved my question.

edit flag offensive delete link more
0

answered 2012-10-31 15:15:51 -0500

junlun-fan gravatar image

@Weiwen Chen (wei-wen-chen) if what you say is true, then the external network can't ping VM's floating ip, that means floating ips make nonsense. what's more , i have one more question: root@openstack-1:/opt# ip netns exec qrouter-94482e47-10b1-46e2-acdb-b1949fc972e2 iptables-save

Generated by iptables-save v1.4.12 on Wed Oct 31 10:15:27 2012

*nat :PREROUTING ACCEPT [40789:3665651] :INPUT ACCEPT [111:27461] :OUTPUT ACCEPT [19:1596] :POSTROUTING ACCEPT [14:1176] :quantum-l3-agent-OUTPUT - [0:0] :quantum-l3-agent-POSTROUTING - [0:0] :quantum-l3-agent-PREROUTING - [0:0] :quantum-l3-agent-float-snat - [0:0] :quantum-l3-agent-snat - [0:0] :quantum-postrouting-bottom - [0:0] -A PREROUTING -j quantum-l3-agent-PREROUTING -A OUTPUT -j quantum-l3-agent-OUTPUT -A POSTROUTING -j quantum-l3-agent-POSTROUTING -A POSTROUTING -j quantum-postrouting-bottom -A quantum-l3-agent-OUTPUT -d 172.20.9.67/32 -j DNAT --to-destination 192.168.120.2 -A quantum-l3-agent-POSTROUTING ! -i qg-248c41e7-29 ! -o qg-248c41e7-29 -m conntrack ! --ctstate DNAT -j ACCEPT -A quantum-l3-agent-PREROUTING -d 172.20.9.67/32 -j DNAT --to-destination 192.168.120.2 -A quantum-l3-agent-float-snat -s 192.168.120.2/32 -j SNAT --to-source 172.20.9.67 -A quantum-l3-agent-snat -j quantum-l3-agent-float-snat -A quantum-l3-agent-snat -s 192.168.120.0/24 -j SNAT --to-source 172.20.9.66

the 192.168.120.0/24 SNAT to 172.20.9.66, which means that 192.168.120.0/24 can ping the external network. however ,in the 192.168.120.0/24 namespace, i got root@openstack-1:/opt# ip netns exec qdhcp-c92a088d-329d-495e-95f6-c621a8f3b6c4 ping 192.168.120.254 PING 192.168.120.254 (192.168.120.254) 56(84) bytes of data. 64 bytes from 192.168.120.254: icmp_req=1 ttl=64 time=0.346 ms 64 bytes from 192.168.120.254: icmp_req=2 ttl=64 time=0.071 ms root@openstack-1:/opt# ip netns exec qdhcp-c92a088d-329d-495e-95f6-c621a8f3b6c4 ping 172.20.9.66 connect: Network is unreachable

192.168.120.254 is the gateway of router, i can ping it from 192.168.120.0/24 , but i can't ping the external network. Is this situation right?

edit flag offensive delete link more
0

answered 2012-11-01 09:20:38 -0500

junlun-fan gravatar image

Thank you yong sheng gong, you solve my answers. I have three nic card. eth0、eth2 connect to the same physical switch, eth1 connect to another switch eth0 :172.20.9.1 (external network 1) eth1:120.88.9.254(external network 2) eth2: no ip address(external network 1)

i use openvswitch as my plugin. Bridge br-tun Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port br-tun Interface br-tun type: internal Bridge br-int Port patch-tun Interface patch-tun type: patch options: {peer=patch-int} Port br-int Interface br-int type: internal Port "qr-d5fad7c1-46" tag: 1 Interface "qr-d5fad7c1-46" type: internal Port "tapdd1202a7-72" tag: 1 Interface "tapdd1202a7-72" Port "tap2862df9a-c1" tag: 1 Interface "tap2862df9a-c1" type: internal Bridge br-ex Port "eth2" Interface "eth1" Port br-ex Interface br-ex type: internal Port "qg-444e05b6-10" Interface "qg-444e05b6-10" type: internal ovs_version: "1.4.0+build0"

I manually add two route rules: route add -net 172.20.9.64/28 gw 172.20.9.65 dev br-ex
####### i don't know why i need to do this for the linux bridge. BUT if i don't do this , i can't ping 172.20.9.64/28 subnet. ####### Do any know why? as i know, i don't need to add route for the linux bridge as it just a bridge connect two areas.

route add -net 192.168.120.0/24 gw 172.20.9.66
#######172.20.9.66 is the router's gateway ip,after that i can ping the 192.168.120.0/24 internal subnet. root@openstack-1:/opt# ping 192.168.120.2 PING 192.168.120.2 (192.168.120.2) 56(84) bytes of data. 64 bytes from 192.168.120.2: icmp_req=1 ttl=63 time=29.2 ms 64 bytes from 192.168.120.2: icmp_req=2 ttl=63 time=0.394 ms

root@openstack-1:/opt# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 120.88.9.254 0.0.0.0 UG 100 0 0 eth1 10.0.0.0 172.20.0.1 255.0.0.0 UG 0 0 0 eth0 120.88.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 172.20.0.0 0.0.0.0 255.255.128.0 U 0 0 0 eth0 172.20.9.64 0.0.0.0 255.255.255.240 U 0 0 0 br-ex #manual add 192.168.120.0 172.20.9.66 255.255.255.0 UG 0 0 0 br-ex #manual add 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0

edit flag offensive delete link more
0

answered 2012-10-31 13:48:03 -0500

wei-wen-chen gravatar image

This is right behavior. You can ping router's IP if not using namespace if you configured that for L3 agent at first place. With name space in place, router IP is only visible in the name space. Otherwise, how overlapping IP can work?

edit flag offensive delete link more
0

answered 2012-11-01 03:54:09 -0500

junlun-fan gravatar image

i get that linux bridge can connect the namespace . Obviously in my problem the bridge br-ex doesn't work. I assign an ip address on br-ex 172.20.9.65 , and add the route route add -net 172.20.9.64/28 dev br-ex yet i still can't ping 172.20.9.66 (router gateway ip)from the external network.

Is my quantum configuration wrong or something? [l3_agent.ini] interface_driver = quantum.agent.linux.interface.OVSInterfaceDriver auth_url = http://172.20.9.1:5000/v2.0 admin_tenant_name = service admin_user = quantum admin_password = keystone external_network_bridge = br-ex

edit flag offensive delete link more
0

answered 2012-11-01 04:06:54 -0500

gongysh gravatar image

for #1, do u have address like 172.20.9.xx on your host without netns? try to list it with ip addr without ip netns. and make sure your host can route to the router's gateway port ip.

for #3: root@openstack-1:/opt# ip netns exec qdhcp-c92a088d-329d-495e-95f6-c621a8f3b6c4 ping 172.20.9.66 connect: Network is unreachable but you can ping 172.20.9.66 within VM

192.168.120.254 is the gateway of router, i can ping it from 192.168.120.0/24 , but i can't ping the external network. Is this situation right? [yong sheng gong] confused, the router's gateway port ip is 172.20.9.66. U should be able to ping the external network within VM. on qdhcp namespace, we should not be able to do it. qdhcp namespace has just ip for dhcp port, it should only response to dhcp query.

edit flag offensive delete link more
0

answered 2012-11-01 04:25:25 -0500

junlun-fan gravatar image

#1: yes, i have other address like 172.20.9.xx on my host without netns my host ip is 172.20.9.1 route -n Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 120.88.9.254 0.0.0.0 UG 100 0 0 eth1 10.0.0.0 172.20.0.1 255.0.0.0 UG 0 0 0 eth0 120.88.9.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 172.20.0.0 0.0.0.0 255.255.128.0 U 0 0 0 eth0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0

according to what you say ,should i add an rule to the route table mannually?

#3 ok,i understant in the qdhcp namespace, we can't ping the external network

edit flag offensive delete link more
0

answered 2012-11-01 06:55:45 -0500

gongysh gravatar image

how does your quantum external network connect to external physical network? to run ovs-vsctl show br-ex and get the result. Is your host's eth0 connecting the physical network too? is the 172.20.9.1 host same one as the l3 agent's host? are u using which one plugin agent, linux one or openvswitch agent or others?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2012-10-31 12:26:51 -0500

Seen: 805 times

Last updated: Nov 01 '12