Hi all!

I upgraded to IceHouse from Havana, and have come into a problem. Namely, I can ping into and out of my instances, but any other traffic gets lost. I can confirm that this is not a security group issue, as my neutron security group permits all incoming and outgoing traffic.

I am running two L3 agents, which I've never had a problem with before. You can see my configs here:

The logs are showing nothing out of the ordinary.

Any thoughts or tips on what's going wrong?

What exactly did the tcpdump command line look like? Which interface(s) are you looking at?

larsks

Hi @larsks, I re-checked my tcpdump and realized that I was seeing the same packet simultaneously on multiple interfaces. I've edited my question to suit my situation. If I restrict my tcpdump to a single interface I get a reasonable result.

ironhardchaw

answered 2014-05-29 05:16:09 -0500

dm07c3

Hi, I think I have the same problem far ago. Can you make a ssh - connection without rejection but timeout? There is a MTU bug which can handle by extending the iptables on compute node: Execute

iptables -A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400
Turns out the MTU was my issue. I was able to get small chunks through, such as an HTTP/500 message from Jetty, but nothing more, and SSH wouldn't reject my request, but would just timeout. Thanks for that!!!

ironhardchaw

