Ask Your Question
2

Why can't I connect to instance via their floating IPs from outside the compute machine?

asked 2014-07-03 05:16:03 -0500

piosystems gravatar image

updated 2014-07-08 05:05:47 -0500

I have carefully followed the instruction in the URL http://docs.openstack.org/admin-guide... to configure floating ip for openstack instances. I am using havana version and nova.network.manager.FlatDHCPManager as network manager.

After floating ip allocation to an instance, I am able to reach (ping, ssh) the instance's floating ip from the compute node itself. Unfortunately, I cannot access the instance via floating ip, from another server. When I run tcpdump on my public interface, it is clear that requests (e.g. ping requests) get to the interface. Unfortunately, response only occurs when I ping from the compute server itself.

As suggested in the URL http://docs.openstack.org/admin-guide... , I have set sysctl -w net.ipv4.conf.eth2.rp_filter=0. This has not solved the problem.

Setting firewall_driver=nova.virt.firewall.NoopFirewallDriver did not solve the problem either.

My situation is similar to that presented in https://ask.openstack.org/en/question... . Unfortunately, the solution was not properly explained in that thread. It only mentioned that the gateway had to be changed. Which gateway is not clear.

What else do I need to check or do in order to be able to reach the instances via floating ip, from external machines?

edit retag flag offensive close merge delete

Comments

Still stuck with inability to access floating ip. Any help?

piosystems gravatar imagepiosystems ( 2014-07-04 05:41:30 -0500 )edit

could you post the output of ip r and ip netns on the host where the floating IP is routed ?

dachary gravatar imagedachary ( 2014-07-05 05:31:21 -0500 )edit

Thanks dachary for the concern. In response to your request, I have added more information to my original question above (i.e. Additional info section). eth2 is the public ip interface. eth1 is the private ip interface.

piosystems gravatar imagepiosystems ( 2014-07-05 10:58:38 -0500 )edit

I even can't ping/access the floating IP from any of the nodes. How did you achieve that?

Jianliang gravatar imageJianliang ( 2017-09-21 07:53:01 -0500 )edit
add a comment

4 answers

Sort by ยป oldest newest most voted
0

answered 2014-07-08 05:18:44 -0500

piosystems gravatar image

updated 2014-07-08 05:20:00 -0500

The problem was that the default gateway was automatically set to that of the private network and not that of the public. The solution was to run "ip route replace ..." as shown below, in order to automatically change the gateway. I attached that execution to post-up of the public interface card.

#my public interface

auto eth2

iface eth2 inet static

    address x.x.x.66

    netmask 255.255.255.224

    post-up ip route replace default via x.x.x.65 dev eth2 metric 100

That's it!

x.x.x.66 is the ip of the public interface

x.x.x.65 is the public gateway

edit flag offensive delete link more

Comments

I am facing a similar issue - Where did you make these changes - Did u make these changes in the neutron node. I have assigned floating IP to my VM - this IP is on a particular VLAN - I have connected an external laptop to the same VLAN /address space and am trying to access the VM. Can you help

kaushal gravatar imagekaushal ( 2016-02-12 07:04:04 -0500 )edit
add a comment
1

answered 2014-07-06 23:08:45 -0500

naveenkothamasu gravatar image

updated 2014-07-06 23:10:31 -0500

My take,

  1. Check if you can access a VM (without any openstack setup) from a remote computer. If this fails, then you need to make a bridge to be able to give access to your VM from nodes other than host.
  2. Check if you can access the VM created by openstack through the dashboard. Generally you get an error code of some sort, if it fails to connect.
  3. Check the n-novnc logs (screen -r, Ctrl+A, Shift+", select n-novnc).
edit flag offensive delete link more

Comments

so now vm got internet access?

SGPJ gravatar imageSGPJ ( 2014-07-07 02:25:11 -0500 )edit

I can access VM through the fixed private ip from other systems. The problem is access the VM using the floating ip.

piosystems gravatar imagepiosystems ( 2014-07-07 10:39:47 -0500 )edit
add a comment
1

answered 2014-07-05 14:30:43 -0500

SGPJ gravatar image

From your VM, can you reach to internet? if yes then check your iptables.

edit flag offensive delete link more
add a comment
0

answered 2014-07-05 12:31:59 -0500

earcuri gravatar image

What is the IP of the source you are coming/pinging from? Can you try pinging that from your VM with the floating IP? It should give you an indication if it has a route, or at least what interface it is trying to go out. It sounds like it is not sending the ping response out of the right interface, since the packets get there.

edit flag offensive delete link more

Comments

Thanks for the clue, I finally found the solution as shown in my answer below.

piosystems gravatar imagepiosystems ( 2014-07-08 05:18:36 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-07-03 05:16:03 -0500

Seen: 11,442 times

Last updated: Jul 08 '14

Related questions

connect to vm using yellowcircle

OpenStack Havana and Ubuntu 13.10 Help

Different usecases using ML2

Neutron: Single External IP Address?

Openstack instances can't ping the outside world

why is the cinder-volume service down ?

Restrict access to subnet on provider network

libgfapi port in Havana 2013.2.1 and CentOS 6.5

Not able to create volume backup using cinder

Changes made to Neutron not being implemented [closed]