Ask Your Question
1

No symmetric pinging connectivity between VMs and routers/DHCP servers

asked 2013-08-30 05:05:53 -0500

perror gravatar image

updated 2013-08-30 16:05:48 -0500

smaffulli gravatar image

When I connect to one of my VMs through the VNC console, I am able to ping the router interfaces and the DHCP servers. But, when I connect to the routers or the DHCP servers through an ip netns exec, I can't reach the VM (but I can reach the other routers/DHCP servers).

I am on a single node Grizzly setting with LinuxBridge plugin on an Ubuntu 13.04 distribution within a VirtualBox. Here are a few (hopefully relevant) configuration files and response from my settings.

/etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# Private network interface
auto eth0
iface eth0 inet static
  address 10.0.231.3
  network 10.0.231.0
  netmask 255.255.255.0
  broadcast 10.0.231.255

# Public network interface
auto eth1
iface eth1 inet manual
up ifconfig eth1 0.0.0.0 up
up ifconfig eth1 promisc
down ifconfig eth1 down

# Public bridge interface
auto br-ex
iface br-ex inet static
  bridge_ports eth1
  address 10.0.232.3
  network 10.0.232.0
  netmask 255.255.255.0
  broadcast 10.0.232.255

 # The primary network interface
auto eth2
iface eth2 inet dhcp

The creation of the basic network setting (basically there is an external-net (ext-net) and an internal-network (int-net and I try to make the external-network visible from outside):

$> quantum net-create ext-net --router:external true
$> quantum subnet-create ext-net 192.168.0.0/27

$> quantum net-create int-net
$> quantum subnet-create int-net 10.0.0.0/29

$> quantum router-create router-ext
$> quantum router-interface-add router-ext <int-net-subnet-id>
$> quantum router-gateway-set router-ext ext-net

$> quantum floatingip-create ext-net

$> nova-manage floating create --pool=nova --ip_range=10.0.232.4

$> nova boot --image "Cirros 0.3.0" --flavor 1 \
              --nic net-id=<int-net-id> demo-server

$> quantum port-list
$> quantum floatingip-associate <floatingip-id> <demo-server-port-id>

About the security rules:

$> nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

And, pinging from inside 10.0.0.2 (demo-server) is working well, but when logging to the router (eg 10.0.0.1/192.168.0.2) and trying to ping 10.0.0.2 is not working (although pinging 10.0.0.3, the DHCP server of int-net, is working fine).

Also, I cannot get the floating IP to have a status ACTIVE (they are always DOWN). This might be because of the same problem.

edit retag flag offensive close delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2013-11-06 15:47:56 -0500

NetCubist gravatar image

updated 2013-11-06 15:50:27 -0500

Were you able to figure out the issue? I am running in to the same issue. It is related to iptables and the ordering of the compute and linuxbridge chains within it. If you delete and add a already existing security group to one of your existing compute VMs, it will start working I bet.

Here is a link to my question regarding the same issue and what I found: https://ask.openstack.org/en/question/6736/in-iptables-input-forward-and-output-chains-should-nova-compute-rules-come-first-or-linuxbri-rules/

edit flag offensive delete publish link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Question Tools

Follow
2 followers

Stats

Asked: 2013-08-30 05:05:53 -0500

Seen: 309 times

Last updated: Nov 06 '13