Ask Your Question

Can ping instance but nothing more

asked 2014-05-28 17:39:48 -0500

ironhardchaw gravatar image

updated 2014-05-28 22:18:25 -0500

Hi all!

I upgraded to IceHouse from Havana, and have come into a problem. Namely, I can ping into and out of my instances, but any other traffic gets lost. I can confirm that this is not a security group issue, as my neutron security group permits all incoming and outgoing traffic.

I am running two L3 agents, which I've never had a problem with before. You can see my configs here:

The logs are showing nothing out of the ordinary.

Any thoughts or tips on what's going wrong?

edit retag flag offensive close merge delete


What exactly did the tcpdump command line look like? Which interface(s) are you looking at?

larsks gravatar imagelarsks ( 2014-05-28 22:12:50 -0500 )edit

Hi @larsks, I re-checked my tcpdump and realized that I was seeing the same packet simultaneously on multiple interfaces. I've edited my question to suit my situation. If I restrict my tcpdump to a single interface I get a reasonable result.

ironhardchaw gravatar imageironhardchaw ( 2014-05-28 22:19:41 -0500 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2014-05-29 05:16:09 -0500

dm07c3 gravatar image

Hi, I think I have the same problem far ago. Can you make a ssh - connection without rejection but timeout? There is a MTU bug which can handle by extending the iptables on compute node: Execute

iptables -A POSTROUTING -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1400
edit flag offensive delete link more


Turns out the MTU was my issue. I was able to get small chunks through, such as an HTTP/500 message from Jetty, but nothing more, and SSH wouldn't reject my request, but would just timeout. Thanks for that!!!

ironhardchaw gravatar imageironhardchaw ( 2014-06-03 08:06:42 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-05-28 17:39:48 -0500

Seen: 239 times

Last updated: May 29 '14