Ask Your Question
0

Unable to ping an instance from controller, but can ping the controller form instance [closed]

asked 2014-04-08 07:59:41 -0500

PainInNetwork gravatar image

updated 2014-04-08 08:21:53 -0500

Sorry for repeating this question again, I read the existing questions in this site, but didn't find any solution fitting...

I have a Ubuntu 13.10 PC with 3 nic, use devstack to deploy openstack on it. after create the VM instance, it's possible to login the VM instance with noVNC, from the VM instance console it's possible to ping the host PC, but can from the host PC I can not ping the VM instance.

Could someone help me to check why the ping is broken here?

Host PC:

etho: 192.168.0.200/16
eth1: 10.103.0.200/16
eth2: 10.1.0.200/16

route -n
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.255.254 0.0.0.0         UG    0      0        0 eth0
10.0.0.0        172.24.4.2      255.255.255.0   UG    0      0        0 br-ex
10.1.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth2
10.103.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth1
172.24.4.0      0.0.0.0         255.255.255.0   U     0      0        0 br-ex
192.168.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0

The VM Instance:

10.0.0.2/24
route -n
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0           10.0.0.1         0.0.0.0             UG    0        0       0    eth0
10.0.0.0         0.0.0.0          255.255.255.0   U      0        0       0    eth0

I use following local.conf for devstack

[[local|localrc]]
GIT_BASE=${GIT_BASE:-https://git.openstack.org}
MULTI_HOST=1
LOGFILE=/opt/stack/logs/stack.sh.log
ADMIN_PASSWORD=abc1234
MYSQL_PASSWORD=abc1234
RABBIT_PASSWORD=abc1234
SERVICE_PASSWORD=abc1234
SERVICE_TOKEN=abc1234
SYSLOG=1
HOST_IP=192.168.0.200


disable_service n-net
enable_service q-svc
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-meta
enable_service neutron

ENABLE_TENANT_VLANS=True
TENANT_VLAN_RANGE=1000:1999
PHYSICAL_NETWORK=eth2
OVS_PHYSICAL_BRIDGE=br-eth2

The openvswitch settings looks like below after devstack installation.

sudo ovs-vsctl show
f191e17a-9ef8-4e2f-a667-368a2c2f4a26
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge "br-eth2"
        Port "eth2"
            Interface "eth2"
        Port "phy-br-eth2"
            Interface "phy-br-eth2"
        Port "br-eth2"
            Interface "br-eth2"
                type: internal
    Bridge br-ex
        Port "qg-25f732b2-c6"
            Interface "qg-25f732b2-c6"
                type: internal
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        Port br-int
            Interface br-int
                type: internal
        Port "qvo79d20e7a-ff"
            tag: 1
            Interface "qvo79d20e7a-ff"
        Port "int-br-eth2"
            Interface "int-br-eth2"
        Port "qr-6f4cbace-df"
            tag: 1
            Interface "qr-6f4cbace-df"
                type: internal
        Port "tapff7a6f4f-f2"
            tag: 1
            Interface "tapff7a6f4f-f2"
                type: internal
    ovs_version: "1.10.2"

I tried to ping the VM instance from the router namespace, but didn't see any response.

ip netns
qdhcp-c926ba73-bdf3-4b78-8519-5b371364d306
qrouter-53044c43-6e39-4834-987f-ae27afabf1eb

sudo ip netns exec qrouter-53044c43-6e39-4834-987f-ae27afabf1eb ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
^C
--- 10.0.0.2 ping statistics ---
24 packets transmitted, 0 received, 100% packet loss, time 23184ms

The ... (more)

edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by koolhead17
close date 2014-06-05 07:44:55.160211

1 answer

Sort by ยป oldest newest most voted
1

answered 2014-04-08 11:30:56 -0500

SGPJ gravatar image

From dashboard: go to security groups -> edit default -> add ALL ICMP rule for both ingress & egress. Then associate floating IP to instance and try to ping from host machine.

edit flag offensive delete link more

Comments

thank you Shankar! that works fine for me!

PainInNetwork gravatar imagePainInNetwork ( 2014-04-08 13:15:34 -0500 )edit

actually use local.sh will make things easier. copy the examples/local.sh to devstack root folder, everytime we run stack.sh, these 2 security groups will be automatically added.

PainInNetwork gravatar imagePainInNetwork ( 2015-04-10 09:23:43 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-04-08 07:59:41 -0500

Seen: 1,163 times

Last updated: Apr 08 '14