Ask Your Question
1

Instance Internet connection problems

asked 2014-05-29 08:01:00 -0500

hrzbrg gravatar image

Hi,

I have a 3 node setup with vagrant + VirtualBox which is similar to the official OpenStack Manuals. To give my instances access to the internet I added another bridged interface to my Network Node and an SANT rule. My network node is at 192.168.10.201 and my instances receive floating IPs from 192.168.10.10 to 20. I set the gateway of the external subnet to 192.168.10.201. So the traffic from the instances is received at the network node and from there to my labs LAN. The above mentioned SNAT rule is

iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source <IP from bridge to lab LAN>

Now my problems start. From the instances I ruled out the usual GRE issues and set the MTU down. I can now ping hostnames successfully. But if I try to wget a file it takes ~30 secs to start the download and then is extremely slow. I can't figure out why it takes so long for the transfer to start. I would love some suggestions or maybe other ways to give my instances a proper internet connection. How did you make it in your testlab?

Thanks

edit retag flag offensive close merge delete

Comments

Hi, in my experience standard configuration for external subnet should set the gateway as your real gateway. Then you do not need any additional SNAT rule on your network node.

Have you tried that configuration and switched to the actual one for any reason?

Antonio G. gravatar imageAntonio G. ( 2014-05-29 08:12:07 -0500 )edit

Would this changes to iptables help
$ iptables -A FORWARD -d 192.168.10.0/24 -j ACCEPT
$ iptables -A FORWARD -s 192.168.10.0/24 -j ACCEPT
$ iptables -t nat -I POSTROUTING 1 -s 192.168.10.0/24 -o eth0 -j MASQUERADE

dbaxps gravatar imagedbaxps ( 2014-05-29 08:17:52 -0500 )edit

Antonio - Tried that, no internet than.

@dbaxps - Switching to these rules made the problem not better or worse.

hrzbrg gravatar imagehrzbrg ( 2014-05-29 08:51:53 -0500 )edit

I would try
$ tcpdump -vv -i eth0 ( on Neutron Server Node)
when VM does slow networking. I guess somewhere incorrect checksums should be captured
You better know your gateways and bridges to verify for bad checksums. Then disable checksums offloading on this interface.

dbaxps gravatar imagedbaxps ( 2014-05-29 09:03:00 -0500 )edit

On Compute Node when instance is running brctl show should report you qbr-xxxxxxxx bridge.

First thing to verify is the vm's bridge. For instance:
$ brctl show
bridge name bridge id STP enabled interfaces
qbr1492886c-c7 8000.46de29f7bcc9 no qvb1492886c-c7
qbr6cc9af1a-5f 8000.aa387a60beaa no qvb6cc9af1a-5f
qbrd18de1da-fd 8000.3a26a24a7968 no qvbd18de1da-fd
qbrfb873e61-0a 8000.b2fb77d43bd6 no qvbfb873e61-0a
tapfb873e61-0a
$tcpdump -vv -i qbrfb873e61-0a

dbaxps gravatar imagedbaxps ( 2014-05-29 10:47:25 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
4

answered 2014-05-30 10:33:52 -0500

hrzbrg gravatar image

Answering my own question \o/

What I did was confusing and I got it right now I think.

Controller Node: eth3 - 192.168.10.200

Network Node: eth3 - 192.168.10.201

Compute Node: eth3 - 192.168.10.203

For my external net I created a subnet:

neutron subnet-create --tenant-id <blabla> --name float_subnet_1 --allocation-pool start=192.168.10.10,end=192.168.10.20 --gateway 192.168.10.1 ext_net 192.168.10.0/24 --enable_dhcp=False

On the network node the br-ex is attached to eth3. Now on the host machine, where the three VirtualBoxes are running, I created an SNAT rule:

iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source <IP of Host Machine in Lab LAN>

So the packets that come from the 192.168.10.0/24 network get the source address of the hypervisor machine. The packets run smoothly now, but I'm facing another problem. Maybe you will hear more about it in my next question. Stay tuned ;D

edit flag offensive delete link more
1

answered 2014-07-30 06:21:11 -0500

phiche gravatar image

The equivalent of doing this on OSX (using pfctl instead of iptables) can be found here: https://forums.virtualbox.org/viewtopic.php?f=8&t=47959 (https://forums.virtualbox.org/viewtop...)

Not sure if there is a better way to do this using some vagrant magic perhaps?

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2014-05-29 08:01:00 -0500

Seen: 2,788 times

Last updated: Jul 30 '14