Ask Your Question
1

Pings not work from controller

asked 2014-05-08 08:02:20 -0600

Daniel Ruiz gravatar image

updated 2014-05-08 08:11:50 -0600

Hi,

After installing OpenStack IceHouse --all-in-one mode using packstack, I cannot ping the VMs from the system (controller and compute at same time)

We can ping using "ip netns exec qrouter-blablabla ping VM_IP"

My router table after launching instances is:

[root@IH-Server ~(keystone_admin)]# route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

MY_NETWORK   0.0.0.0         255.255.240.0   U     0      0        0 eth0

169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0

0.0.0.0         MY_GW              0.0.0.0         UG    0      0        0 eth0

ovs-vsctl show: image description

Any help will be highly appreciated.

Thanks.

edit retag flag offensive close merge delete

Comments

Have you added All ICMP rule in security group.

SGPJ gravatar imageSGPJ ( 2014-05-08 12:09:38 -0600 )edit

Yes, of course:

[root@IH-Server ~(keystone_admin)]# nova secgroup-list-rules default +-------------+-----------+---------+-----------+--------------+ | IP Protocol | From Port | To Port | IP Range | Source Group | +-------------+-----------+---------+-----------+--------------+ | | | | | default | | tcp | 22 | 22 | 0.0.0.0/0 | | | | | | | default | | icmp | -1 | -1 | 0.0.0.0/0 | | +-------------+-----------+---------+-----------+--------------+

Daniel Ruiz gravatar imageDaniel Ruiz ( 2014-05-09 03:39:24 -0600 )edit

Please don't paste pictures of text. Just put the actual output of ovs-vsctl show in your question. This makes questions much more searchable.

larsks gravatar imagelarsks ( 2014-05-09 10:46:23 -0600 )edit

2 answers

Sort by ยป oldest newest most voted
1

answered 2014-05-09 10:47:57 -0600

larsks gravatar image

updated 2014-05-09 10:48:12 -0600

The behavior that you are seeing is expected. By design, instances networks are isolated from the host and from each other so that multiple tenants can deploy networks with the same address range. If the networks were directly accessible from the host this would not be possible.

In order to access instances from the host (or elsewhere), you need to assign a floating ip to the instance using the nova add-floating-ip command.

edit flag offensive delete link more
0

answered 2014-05-28 11:03:41 -0600

BergBrains gravatar image

Is this stance different from release to release?

What's the standard approach to enabling tenant network access to the larger internet? Lars, you helped me put my single-tenant set-up on my existing internal network, and also just released http://youtu.be/8zFQG5mKwPk (RDO Icehouse: Configuring the external bridge) on youtube. I guess that each tenant has to be set up as per this video, but that seems like some pretty standard functionality that would be better with some helper code to implement it.

Thoughts?

edit flag offensive delete link more

Comments

Setting up the external bridge is not a per-tenant task. It is a per-external-network tasks, and many environments have only a single external network (and many tenants).

larsks gravatar imagelarsks ( 2014-05-28 11:29:04 -0600 )edit

That video is also particular to single-interface systems; a production environment would typically have dedicated interfaces for this sort of thing and would not be using dhcp.

larsks gravatar imagelarsks ( 2014-05-28 11:29:10 -0600 )edit

So, to answer your question (which should have been posted as question rather than an "answer" here), the standard approach to enabling per-tenant access to the larger internet is to create an external network and have users assign floating ips to instances.

larsks gravatar imagelarsks ( 2014-05-28 11:30:13 -0600 )edit

Yeah, sorry about the answer faux pas. I submitted and only then saw that I'd incremented the Answer count.

Am I correct in my understanding that for each tenant that needs public internet access, you'd create a router connected to both the tenant's network and the public network plus floating IPs?

BergBrains gravatar imageBergBrains ( 2014-05-28 12:34:02 -0600 )edit
1

That's correct. This document, though dated, is a good overview.

larsks gravatar imagelarsks ( 2014-05-28 13:25:28 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-05-08 08:02:20 -0600

Seen: 199 times

Last updated: May 28 '14