Ask Your Question
0

Cannot ping router tenant gateway by OS Nodes and www by Instance

asked 2014-08-07 07:16:12 -0500

n7rxDE gravatar image

updated 2014-08-27 02:25:51 -0500

hello, setup-> OS Icehouse Networking Issue 3Nodesetup as VM with Neutron ML2 GRE

UPDATE6

curl command does work now! Still cannot ping router tenannt gateway by any cloud node!

UPDATE5 exec namespace qrouter

   root@network:~# ip netns exec qrouter-560eb2f3-1034-48d6-85e6-1525da6c3d46 iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-fa3fc507-5c ! -o qg-fa3fc507-5c -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -s 192.168.1.0/24 -j SNAT --to-source 203.0.113.101
-A neutron-postrouting-bottom -j neutron-l3-agent-snat
root@network:~# ip netns exec qrouter-560eb2f3-1034-48d6-85e6-1525da6c3d46 iptables -S -t nat | grep 169.254 
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
root@network:~# ip netns exec qrouter-560eb2f3-1034-48d6-85e6-1525da6c3d46 iptables netstat -antp
Bad argument `netstat'
Try `iptables -h' or 'iptables --help' for more information.
root@network:~# ip netns exec qrouter-560eb2f3-1034-48d6-85e6-1525da6c3d46 iptables -netstat -antp
iptables v1.4.21: unknown option "iptables"

by starting the instance i saw in log

checking http://169.254.169.254/2009-04-04/instance-id
failed 1/20: up 4.87. request failed
...
failed 20/20: up 46.93. request failed

UPDATE1+2: Changed some configs and uncomment rabbit_pass in each... So at now i can start an instance but nevertheless i am not able to ping tenant gateway with ping -c 4 203.0.113.101 or the vm itself it just works with defined namespace and netns command...

What do you think, maybe it is a problem of Virtualbox because of i cannot not even ping some internetaddress by the 3 OS Nodes... and anywhere i read that this is an issue of virtualbox. Do you think that can be a reason why i cannot ping my tenant gateway with normal ping command?

New Problem arrives... the startet instance is not be able to ping internetadresses!!!

What works is to telnet http://google.com at port 80 by the 3 OS Nodes. But telnet by instance doesn´t work too with error message: bad adresss....

i addressed some more: tried to get some information on qdhcp point with:

ip netns exec qdhcp-200c9ced-eb47-4f94-99f3-73e3a555d4f9 tcpdump -ln -i tap87176921-56

so there are no packets captured at this point!?

NO_ONE with ideas?

Update 3 (curl command by instance)

cannot upload the image because of carma:

$ uname -a
Linux cirros 3.2.0-60-.... #91-Ubuntu ...
$ curl http://169.254.169.254   (For what is this command?)
1.0
2007-01-19
2007-03-01
2007-08-29
2007-10-10
2007-12-15
2008-02-01
2008-09-01
2009-04-04
$ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
...
3packets transmitted 0 packets received

Rules for security group are set:

root@controller:~# neutron security-group-list
+--------------------------------------+---------+-------------+
| id                                   | name    | description |
+--------------------------------------+---------+-------------+
| 38e7edaa-87cd-4c28-a4cf-c1f32d4bf11a | default | default     |
| 7e5d3f0b-84ce-448c-8b76-69ceab021e21 | default | default     |
+--------------------------------------+---------+-------------+
root@controller ...
(more)
edit retag flag offensive close merge delete

Comments

Check your compute node is running properly and you see availability zone while launching VM. Also add icmp & tcp rules in security group.

SGPJ gravatar imageSGPJ ( 2014-08-11 08:24:52 -0500 )edit

added some information about the rules and what do you mean by availability zone?!

n7rxDE gravatar imagen7rxDE ( 2014-08-13 03:16:37 -0500 )edit

Availability zone

This enables you to arrange OpenStack compute hosts into logical groups and provides a form of physical isolation and redundancy from other availability zones, such as by using a separate power supply or network equipment.

You define the availability zone in which a specified compute host resides locally on each server. An availability zone is commonly used to identify a set of servers that have a common attribute. For instance, if some of the racks in your data center are on a separate power source, you can put servers in those racks in their own availability zone. Availability zones can also help separate different classes of hardware.

When users provision resources, they can specify from which availability zone they want their instance to be built. This allows cloud consumers to ensure that their application resources are spread across disparate machines to achieve high availability in the event of hardware failure.

SGPJ gravatar imageSGPJ ( 2014-08-13 03:23:01 -0500 )edit

"curl http://169.254.169.254 (For what is this command?)" This is to see whether your VM can access metadata server. It will normally do it on boot to obtain different configuraiton (e.g. ssh keys, host name, etc) from that server.

T u l gravatar imageT u l ( 2014-08-14 14:08:18 -0500 )edit

how did you fix the curl command. I have the same problem with you.

leethaoqn gravatar imageleethaoqn ( 2014-08-27 03:45:08 -0500 )edit

2 answers

Sort by » oldest newest most voted
0

answered 2014-08-08 10:25:26 -0500

dbaxps gravatar image

updated 2014-08-14 12:18:05 -0500

After login to CirrOS instance try to run :-
$ curl http://169.254.169.254/latest/meta-data
$ ping 8.8.8.8
Does CirrOS instance complaining 169.254.169.254 when starting up ?

image description

Failure  to run   
$ curl http://169.254.169.254/latest/meta-data/instance-id 
$ curl http://169.254.169.254/latest/meta-data/ 
is a core reason of your problems. You don't have access to nova metadata server, 
what causes cloud-init to fail setting up your CirrOS instance.
View troubleshooting steps here  http://bderzhavets.blogspot.com/2014/07/rdo-setup-two-real-node.html
edit flag offensive delete link more

Comments

curl not avaible at CirrOS instance... and because of no net i can´t install it. Ping 8.8.8.8 sends packets but doesnt get any response!

n7rxDE gravatar imagen7rxDE ( 2014-08-11 02:34:40 -0500 )edit

output looks exactly like yours: Update 3

n7rxDE gravatar imagen7rxDE ( 2014-08-13 02:43:55 -0500 )edit

Please, post ovs-vsctl show && ifconfig on Neutron Node.
Commands to create private && external network.

dbaxps gravatar imagedbaxps ( 2014-08-13 03:28:22 -0500 )edit

UPDATE4: gr8 thx for your support! not sure what you mean by commands: used: Doku and ovs-vsctl add-port br-ex eth3

n7rxDE gravatar imagen7rxDE ( 2014-08-13 03:43:45 -0500 )edit

Look at http://bderzhavets.blogspot.com/2014/... , regarding ml2_plugin.ini && plugin.ini configuration under /etc/neutron on Neutron Server.

dbaxps gravatar imagedbaxps ( 2014-08-13 04:07:58 -0500 )edit

Does 192.168.100.0/24 match real internet enabled network? Does virtual gateway 192.168.100.1 match real gateway address ?

dbaxps gravatar imagedbaxps ( 2014-08-13 04:17:15 -0500 )edit

You wrote: UPDATE4: gr8 thx for your support! not sure what you mean by commands: used: Doku and ovs-vsctl add-port br-ex eth3
However, per your ovs-vsctl shows eth2 like OVS port for br-ex

dbaxps gravatar imagedbaxps ( 2014-08-13 04:20:58 -0500 )edit

You wrote: In my Dashboard in looking networktopology the router-gateway (203.0.113.101) is DOWN!!! But router interface 192.168.1.1 is ACTIVE How can router has IP 203.0.113.101, why internal interface is 192.168.1.1

dbaxps gravatar imagedbaxps ( 2014-08-13 04:41:28 -0500 )edit
  • doesnt have any ml2_plugin.ini or plugin.ini at etc/neutron just ovs_plugin.ini under plugins
  • used ovs-vsctl add-port br-ex eth2, you´re right (eth3 is NAT NIC for NetNode)
  • the router is set up on an external network in Cloud and instances to it gets 192.168.1.xxx which is an internal network in cloud ( ext-net (203...) <-> 203... Router 192.168.1.xxx <-> int-net (192.168.1.xxx) <-> instance router gateway and interface are both up and ACTIVE!!!
  • 192.168.100.xxx is the api network and pingable by outside
n7rxDE gravatar imagen7rxDE ( 2014-08-13 05:24:13 -0500 )edit

i had setup a NAT for internetconnectivity of 3 Hostnodes (VM) this has ip 10.0.x.x which they get by hostmachine via dhcp looks like: http://docs.openstack.org/icehouse/install-guide/install/apt/content/neutron-initial-networks.html (http://docs.openstack.org/icehouse/in...)

n7rxDE gravatar imagen7rxDE ( 2014-08-13 05:25:25 -0500 )edit

doesnt have any ml2_plugin.ini or plugin.ini at etc/neutron just ovs_plugin.ini under plugins Look at http://bderzhavets.blogspot.com/2014/... , regarding ml2_plugin.ini && plugin.ini configuration under /etc/neutron on Neutron Server.

dbaxps gravatar imagedbaxps ( 2014-08-13 05:47:18 -0500 )edit
  • Changed some in the neutron.conf and the ml2-plugin.ini but nothing changes
  • my networktopology is liek yours, my ext-net is your public my demo-net is your demonet, router is between both and i dont have the green one. and the router does have the 203.... as gateway and is active but you dont have (just followd up install guide and attached router to demo net and ext-net like described...
n7rxDE gravatar imagen7rxDE ( 2014-08-13 07:05:16 -0500 )edit

OK. Then run
$ neutron router-list
if report contains your my_router_id, then run
$ ip netns | grep my_router_id
if no question is closed by itself

dbaxps gravatar imagedbaxps ( 2014-08-13 07:18:37 -0500 )edit

at docu i read i have to allow promisc Mode on external Interface "If you choose to install on VMs, make sure your hypervisor permits promiscuous mode on the external network." which external network is meant by this? maybe this causes the problem?

n7rxDE gravatar imagen7rxDE ( 2014-08-13 07:23:04 -0500 )edit

router is in router-list and 2nd command responses qrouter-560eb2f3-1034-48d6-85e6-1525da6c3d46 command just works by network-node

n7rxDE gravatar imagen7rxDE ( 2014-08-13 07:27:22 -0500 )edit

-i do not understand why i can ping it with ip netns exec qdhcp-200c9ced-eb47-4f94-99f3-73e3a555d4f9 ping 203.0.113.101 or qrouter-id but not only by ping ip?! argh

n7rxDE gravatar imagen7rxDE ( 2014-08-13 07:56:40 -0500 )edit
0

answered 2014-09-03 02:38:15 -0500

n7rxDE gravatar image

Question can be closed in fact of some progress. Resulting Problem is asked here: https://ask.openstack.org/en/question/45984/icehouse-instance-cannot-reach-web-updated/ (https://ask.openstack.org/en/question...)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2014-08-07 05:11:14 -0500

Seen: 2,069 times

Last updated: Sep 03 '14