Ask Your Question
1

cannot ping gateways from instance

asked 2014-05-04 16:20:10 -0500

granadol gravatar image

I am having a difficult time troubleshooting my instance issues inability to get to the internet. I can perform an nslookup from the router as well as ping instances. The instances cannot ping the gateways? Should they be able to?

edit retag flag offensive close merge delete

Comments

  1. Can you ping Controller from instance ?
  2. Can you ssh connect Controller from instance and vice versa ?
  3. In other words , can instances communicate with LAN via floating IPs ?
dbaxps gravatar imagedbaxps ( 2014-05-04 22:44:46 -0500 )edit

I not an expert but. Your instances do not have internet access? right?

mani619cash gravatar imagemani619cash ( 2014-05-05 08:06:47 -0500 )edit

I am not sure but run this command. sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

mani619cash gravatar imagemani619cash ( 2014-05-05 08:07:21 -0500 )edit

Will check on this. Thanks.

granadol gravatar imagegranadol ( 2014-05-05 08:44:54 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-05-05 01:25:46 -0500

dbaxps gravatar image

updated 2014-05-05 01:50:58 -0500

You should be able ping gateways and DNS of your ISP from instances.

                 Sample bellow. Logged into VM via ssh
            [root@vf20rs01 ~]# uname -a
            Linux vf20rs01.novalocal 3.14.2-200.fc20.x86_64 #1 SMP Mon Apr 28 14:40:57 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
            [root@vf20rs01 ~]# ifconfig
            eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1454
                    inet 10.0.0.13  netmask 255.255.255.0  broadcast 10.0.0.255
                    inet6 fe80::f816:3eff:fe51:6a34  prefixlen 64  scopeid 0x20<link>
                    ether fa:16:3e:51:6a:34  txqueuelen 1000  (Ethernet)
                    RX packets 3141  bytes 3137849 (2.9 MiB)
                    RX errors 0  dropped 0  overruns 0  frame 0
                    TX packets 2042  bytes 176307 (172.1 KiB)
                    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

            lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
                    inet 127.0.0.1  netmask 255.0.0.0
                    inet6 ::1  prefixlen 128  scopeid 0x10<host>
                    loop  txqueuelen 0  (Local Loopback)
                    RX packets 0  bytes 0 (0.0 B)
                    RX errors 0  dropped 0  overruns 0  frame 0
                    TX packets 0  bytes 0 (0.0 B)
                    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

            Gateway from LAN to Net 192.168.1.1

            [root@vf20rs01 ~]# ping -c5  192.168.1.1
            PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
            64 bytes from 192.168.1.1: icmp_seq=1 ttl=63 time=1.88 ms
            64 bytes from 192.168.1.1: icmp_seq=2 ttl=63 time=1.26 ms
            64 bytes from 192.168.1.1: icmp_seq=3 ttl=63 time=1.38 ms
            64 bytes from 192.168.1.1: icmp_seq=4 ttl=63 time=1.21 ms
            64 bytes from 192.168.1.1: icmp_seq=5 ttl=63 time=1.76 ms

            --- 192.168.1.1 ping statistics ---
            5 packets transmitted, 5 received, 0% packet loss, time 4007ms
            rtt min/avg/max/mdev = 1.213/1.502/1.889/0.274 ms

  [root@vf20rs01 ~]# traceroute www.lxer.com
traceroute to www.lxer.com (108.166.170.174), 30 hops max, 60 byte packets
 1  10.0.0.5 (10.0.0.5)  0.779 ms  0.795 ms  0.547 ms <= qdhcp namespace internal gateway
 2  192.168.1.1 (192.168.1.1)  0.975 ms  0.874 ms  0.866 ms <= office gateway
 3  195.214.221.83.static.donpac.com (83.221.214.195)  2.152 ms  2.215 ms  2.476 ms <= ISP Servers
  . . . . . . 
15  ae-2.r07.dllstx09.us.bb.gin.ntt.net (129.250.3.67)  244.642 ms ae3.cr1.dfw2.us.above.net (64.125.21.129)  192.944 ms ae-2.r07.dllstx09.us.bb.gin.ntt.net (129.250.3.67)  251.929 ms
16  xe-0-0-0-15.r07.dllstx09.us.ce.gin.ntt.net (129.250.195.118)  241.739 ms xe-0-0-0.er3.dfw2.us.above.net (64.125.31.82)  193.563 ms  190.321 ms
17  cust-108-166-160-18.corexchange.com (108 ...
(more)
edit flag offensive delete link more

Comments

Troubleshooting steps here.

dbaxps gravatar imagedbaxps ( 2014-05-05 02:01:10 -0500 )edit

I have used a lot of these troubleshooting steps. I can ping gateways from within the DHCP and router namespaces using the ip netns exec command. I can get to my instance vai ssh when assigned a public ip address. However, from within the instance itself, I cannot ping anything nor get external access. It is almost like the instance did not get added to the namespace. I can see the arp requests for both the instance and gateway. I am very perplexed.

granadol gravatar imagegranadol ( 2014-05-05 07:20:32 -0500 )edit

What is status of your Neutron Metadata Service ?
Is you instance able to run coud-init at startup ?
or it's complaining 169.254.169.264 unavailable ?
For instance yesterday , I launched Cirrios instance and didn't assign a floating IP, however from within VM I was able to ping providers DNS Server, to go out Cirros Instance needed cloud-init to be happy with access metadata. Please view this snapshot. It's a fair.

dbaxps gravatar imagedbaxps ( 2014-05-05 08:30:36 -0500 )edit

Please, run :-
$ ip netns exec qrouter-xxxxxxxx netstat -antp
Can you reproduce within your qrouter namespace :-

[root@dfw02 network-scripts(keystone_admin)]$ ip netns exec qrouter-bf360d81-79fb-4636-8241-0a843f228fc8 netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:8700            0.0.0.0:*               LISTEN      4730/python         
[root@dfw02 network-scripts(keystone_admin)]$ ps -ef | grep 8700
root      4466     1  0 07:29 ?        00:00:00 /usr/bin/python /bin/neutron-ns-metadata-proxy --pid_file=/var/lib/neutron/external/pids/0686e526-0584-4004-a8b0-7d64b376f0ce.pid --metadata_proxy_socket=/var/lib/neutron/metadata_proxy --router_id=0686e526-0584-4004-a8b0-7d64b376f0ce --state_path=/var/lib/neutron --metadata_port=8700 --verbose --log-file=neutron-ns-metadata-proxy-0686e526-0584-4004-a8b0-7d64b376f0ce.log --log-dir=/var/log/neutron
root      4730     1  0 07:29 ?        00:00:00 /usr/bin/python /bin/neutron-ns-metadata-proxy --pid_file=/var/lib/neutron/external/pids/bf360d81-79fb-4636-8241-0a843f228fc8.pid --metadata_proxy_socket=/var/lib/neutron/metadata_proxy --router_id=bf360d81-79fb-4636-8241-0a843f228fc8 --state_path=/var/lib/neutron --metadata_port=8700 --verbose --log-file=neutron-ns-metadata-proxy-bf360d81-79fb-4636-8241-0a843f228fc8.log --log-dir=/var/log ...
(more)
dbaxps gravatar imagedbaxps ( 2014-05-05 08:35:40 -0500 )edit

It does complain about the 169.254.169.264 being unavailable regardless of instance type Cirros or Ubuntu. Will check. Thank you so much. Beating my head against the wall on this one.

granadol gravatar imagegranadol ( 2014-05-05 08:44:21 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-05-04 16:20:10 -0500

Seen: 3,044 times

Last updated: May 05 '14