Neutron with no available floating ip pool, can ping router gateway but not ex-net gateway

2014-06-19

HoangDo gravatar image

2014-06-19

Hi guys,

I got myself in a quite complicated situation. I deployed OpenStack on OVH dedicated servers. Only 2 servers in OVH CIDR range belongs to us, one is compute node, and one is network/controller node. Others IPs belong to other OVH users. So in this case, we don't have available floating ip pool. The physical OVH network has default gateway: A.B.C.254

I don't need assigning floating IP to VMs yet, I just want to VMs can ping to Internet. I added eth0 to br-ex, create a router, a tenant network, a external network, and connected them together.

While I set external gateway of router to external network, it automatically create a floating IP A.B.C.100 as router gateway. Inside VM, I can ping to that IP, but ping to other nodes in OVH network will result "Unreachable". I can't even ping to default gateway A.B.C.254.

Obviously, the IP: A.B.C.100 is overlap with other server in OVH network. I don't know how to solve this problem. Is it possible to setup neutron with no available floating IP pool. Can I use my network node IP as router gateway?

After checking tcpdump, I found packets only reach the network node (which the A.B.C.100 tap is located), why A.B.C.100 doesn't forward packets to A.B.C.254 ?

Below is ovh output:

Bridge br-ex
    Port "eth0"
        Interface "eth0"
    Port "qg-c9f1c2f1-a7"
        Interface "qg-c9f1c2f1-a7"
            type: internal
    Port br-ex
        Interface br-ex
            type: internal
Bridge br-int
    Port br-int
        Interface br-int
            type: internal
    Port "qr-ddcccc2a-61"
        tag: 1
        Interface "qr-ddcccc2a-61"
            type: internal
    Port patch-tun
        Interface patch-tun
            type: patch
            options: {peer=patch-int}
    Port "tap612a84cf-4d"
        tag: 1
        Interface "tap612a84cf-4d"
Bridge br-tun
    Port "gre-b01f694c"
        Interface "gre-b01f694c"
            type: gre
            options: {in_key=flow, local_ip="", out_key=flow, remote_ip=""}
    Port patch-int
        Interface patch-int
            type: patch
            options: {peer=patch-tun}
    Port br-tun
        Interface br-tun
            type: internal
    Port "gre-7f000001"
        Interface "gre-7f000001"
            type: gre
            options: {in_key=flow, local_ip="", out_key=flow, remote_ip=""}
ovs_version: "2.0.1"
1 answer

2014-09-02

Germy Lure gravatar image

Check ip_forward. If it is enabled, tcpdump all interface to find out packets go out or be dropped by kernel.

Then check routes or iptables.

Asked: 2014-06-19

Seen: 856 times

Last updated: Sep 02 '14