VM's cannot get external/internet access

asked 2012-09-12 15:19:57 -0600

eoghank gravatar image

Working with the latest milestone-proposed Quantum branch and using the latest stack.sh to install Openstack. VM's spin up fine and do get IP's assigned. The VM's can ping each other and can ping the quantum router but they cannot get past that to the outside world.

When I looked at the router namespace it can ping the IP of the physical Openstack server but it does not have external access either.

Are there additional steps required to enable VM's to have external/internet access?

Thanks Eoghan

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted

answered 2012-09-12 18:07:15 -0600

eoghank gravatar image

Thanks Salvatore

I was able to get external access for VM's with those steps.


edit flag offensive delete link more

answered 2013-09-30 12:56:34 -0600

gvdm gravatar image


I'm facing the same problem on my setup (Devstack + Neutron). I followed these instructions but now my Devstack machine cannot reach the Internet and I cannot login into Horizon no more.

What should I do to gain Internet access to my VMs?


edit flag offensive delete link more

answered 2012-09-12 15:48:25 -0600

salvatore-orlando gravatar image

L3 support for devstack intentionally did not explictly attach to a physical interface. We did this so to avoid playing with the network configuration of the host computer.

Devstack assigns the gateway of the subnet defined for the external network to $PUBLIC_BRIDGE, so you should be able to ping it from your VMs. This will prove you that NAT is working.

If you want to bridge your VMs to the outside world - you should be able to do that with the following steps:

1) Fetch IP addresses of physical interface ($PUBLIC_INTERFACE):

salvatore@ubuntu:~/git/quantum$ ip addr show $PUBLIC_INTERFACE 2: eth0: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:79:c9:50 brd ff:ff:ff:ff:ff:ff inet brd scope global eth0 inet6 fe80::20c:29ff:fe79:c950/64 scope link valid_lft forever preferred_lft forever

you will need to parse this output in order to fetch the addresses. According to your needs you might want to parse the first address only or also additional addresses, including IPv6 addresses.

2) Flush IP addresses on this interface

salvatore@ubuntu:~/git/quantum$ sudo ip addr flush dev $PUBLIC_INTERFACE

3) Bring up interface associated with the public bridge ($PUBLIC_BRIDGE)

salvatore@ubuntu:~/git/quantum$ sudo ip link set $PUBLIC_BRIDGE up

4) Assign the Ip addresses retrieved in #1 to $PUBLIC_BRIDGE. Might be worth flushing existing addresses before doing that - but keep in mind devstack sets an IP address too there; so make sure you do not delete that one.

salvatore@ubuntu:~/git/quantum$ sudo ip addr add $PUBLIC_IP dev $PUBLIC_BRIDGE

The last command should be a loop if you fetched multiple addresses in #1 (and stored them in an array)

for IP_ADDRESS in ${PUBLIC_IPS[@]) do sudo ip addr add $IP_ADDR dev $PUBLIC_BRIDGE done

5) Attach the public interface, which now should have no IP address, to the public bridge

salvatore@ubuntu:~/git/quantum$ sudo ovs-vsctl add-port $PUBLIC_BRIDGE $PUBLIC_INTERFACE

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2012-09-12 15:19:57 -0600

Seen: 265 times

Last updated: Sep 30 '13