Ask Your Question
0

Neutron: cannot connect to instance in Icehouse

asked 2014-06-02 14:20:04 -0500

baldo gravatar image

Hello. I'm trying to configure OpenStack Icehouse on Ubuntu 14.04 following the official documentation and everything looks perfect until I have to configure networking. Let me advance that I'm far from being an expert in network configuration.

First, let me describe my scenario:

I want to deploy OpenStack in one node, which will act as controller, network and compute node. In the future I'd like to add further compute nodes, but I'm not into that so far.

In my enterprise, I have both public IP addresses and private IP addresses. Let's say they are as follows:

  • Public segment: XXX.YYY.174.128/27
  • Private segment: 192.168.174.0/24

So I would like to configure networking such that:

  1. All instances will have at the very least one private IP. This would enable communication between different machines and between instances and the host.
  2. Instances could be assigned a public IP, maybe through floating IPs. This way, only instances that required to be accessed from outside are assigned public IPs, which are more limited.

To be completely sincere, I'm not 100% sure about how to configure /etc/network/interfaces. In a first attempt, I configured it so that interface em1 had a public IP for the host (XXX.YYY.174.138) and interface em2 had a private IP (192.168.174.138). The problem with this approach is that, later, if I add a port to br-ex using the command ovs-vsctl add-port br-ex em1 the host ends up loosing connectivity (so I cannot connect using SSH to the server). So finally, I ended up by setting up both em1 and em2 with public IPs (to say, XXX.YYY.174.138 and XXX.YYY.174.139). That way, I don't loose connectivity.

So as a result, I can create instances and actually, if I set them to have the first virtual NIC with the private network (what the documentation calls "tenant network"), then they can successfully connect to the Internet (for instance, ping 8.8.8.8 will success). However, I have no means to connect to the instance, neither from the host nor from any other machine, and neither by pinging the private nor the public IP.

These are the steps I have followed: http://docs.openstack.org/icehouse/install-guide/install/apt/content/section_neutron-networking-ml2.html (http://docs.openstack.org/icehouse/in...)

I'd be grateful if you could help me to understand what's going on, as I'm not really familiar to concepts such as GRE tunneling and not figuring out how all this is working actually.

Thanks a lot.

edit retag flag offensive close merge delete

Comments

For the public network - basically what you can do is to create an external network and the router (L3-agent) on your machine will have a public IP from the address pool. If you want to access VMs from outside you have to assign them a floating IP. Don't give the physical interface an IP.

Itzik gravatar imageItzik ( 2014-06-02 14:40:34 -0500 )edit

Hi, thanks for your response. When following the documentation, I have one router with two interfaces, i.e.:

192.168.174.2 ACTIVE Internal interface UP
X.Y.174.142 DOWN External gateway UP

I can't ping VM even when assigning a floating IP. What do you mean by "don't give phys. int. an IP?

baldo gravatar imagebaldo ( 2014-06-03 03:36:57 -0500 )edit

What command did you run to get this output? Can you show outputs of 'ovs-vsctl show' and 'ip route'?

Itzik gravatar imageItzik ( 2014-06-03 04:40:06 -0500 )edit

I could see that from Horizon. Sure, I can provide you with the output of that commands:

ovs-vsctl show

http://pastebin.com/aRAs6iT4

ip route

http://pastebin.com/9XeDG9rS

baldo gravatar imagebaldo ( 2014-06-03 05:10:42 -0500 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-06-03 07:39:25 -0500

Antonio G. gravatar image

updated 2014-06-03 07:50:04 -0500

I think your first approach was good. The only thing I could suggest you to think of is the architecture; if you read this section of the guide, think your architecture as composed by one node only, containing all services and the network configuration of the network node (3 interfaces).

If you do not have 3 physical interfaces you could manage to use IP aliasing. So your external network corresponds to XXX.YYY.174.128/27, and your management one to 192.168.174.0/24. So you must have such a configuration. ---> example

When you create your external network in openstack you must set the gateway as your REAL gateway (the one you usually use). The corresponding command should be:

neutron subnet-create ext-net --name ext-subnet --allocation-pool start=XXX.YYY.174.140,end=XXX.YYY.174.150   --disable-dhcp --gateway XXX.YYY.174.129 XXX.YYY.174.128/27

This command should give you 11 floating ips (140-150), be sure XXX.YYY.174.129 is your real gateway.

edit flag offensive delete link more

Comments

Hi Antonio, thanks for your answer. I am creating the subnet correctly, so the problem doesn't seem to be there. Still, I have a couple questions: 1. I should emulate 3 interfaces, but in your example I only see two, right? 2. If I remove the static public IP, how will I connect from the outside?

baldo gravatar imagebaldo ( 2014-06-03 09:43:15 -0500 )edit

  1. if you want to use ip aliasing you must add:

    auto em2:1 iface em2:1 inet static address 10.0.1.138 network 10.0.1.0 netmask 255.255.255.0 broadcast 10.0.1.255 gateway 10.0.1.1

  2. you must assign the public IP to the bridge:

    auto br-ex iface br-ex inet static address XXX.YYY.174.138 netmask 255.255.255.xxx gateway XXX.YYY.174.Y

If you read the havana release section of the guide it is better explained.

Antonio G. gravatar imageAntonio G. ( 2014-06-03 10:21:03 -0500 )edit

Hi Antonio, with that configuration I'm unable to connect to the Internet from the machine itself. This is my interfaces file: http://paste.openstack.org/show/82765/

baldo gravatar imagebaldo ( 2014-06-04 07:36:37 -0500 )edit

Can you connect to this machine through an interface other than the public interface? I think that if you do you don't need to configure a public IP for either an interface or the br-ex - once l3-agent and ovs agent are restarted you should be able to access your machine with the IP XXX.YYY.174.140

Itzik gravatar imageItzik ( 2014-06-04 16:36:01 -0500 )edit

I'm not sure, by default our enterprise always assign public IPs to all computers. Still, even if I could, I'd like to have a public IP so I can connect from outside the enterprise. How would I configure it without the public interface anyway? Could you show me a interfaces file example? Thanks.

baldo gravatar imagebaldo ( 2014-06-05 04:31:00 -0500 )edit
see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-06-02 14:20:04 -0500

Seen: 1,831 times

Last updated: Jun 03 '14

Related questions

Networking Issue, icehouse - two nodes configuration, nova-network [closed]

Cannot traceroute from VM1 to VM2, but can traceroute to external IP?

VM cannot get network access

demo-router not pingable from external network (a promiscuous mode problem)

What is meant by "configure the hypervisor to permit promiscuous mode on the external network" as mentioned in the Docs for installing Icehouse on 3-Node setup

neutron.db.migration.migrate_to_ml2 (Havana ovs->Icehouse ml2)

How to configure direct public network access with external router and internal DHCP-agent

Nova getting "Connection to neutron failed: Maximum attempts reached" on a HA setup.

P2V and V2V for OpenStack based cloud

unable to delete network either from Horizon, cli or mysql