Ask Your Question

No symmetric pinging connectivity between VMs and routers/DHCP servers

asked 2013-08-30 05:05:53 -0500

perror gravatar image

updated 2013-08-30 16:05:48 -0500

smaffulli gravatar image

When I connect to one of my VMs through the VNC console, I am able to ping the router interfaces and the DHCP servers. But, when I connect to the routers or the DHCP servers through an ip netns exec, I can't reach the VM (but I can reach the other routers/DHCP servers).

I am on a single node Grizzly setting with LinuxBridge plugin on an Ubuntu 13.04 distribution within a VirtualBox. Here are a few (hopefully relevant) configuration files and response from my settings.


# The loopback network interface
auto lo
iface lo inet loopback

# Private network interface
auto eth0
iface eth0 inet static

# Public network interface
auto eth1
iface eth1 inet manual
up ifconfig eth1 up
up ifconfig eth1 promisc
down ifconfig eth1 down

# Public bridge interface
auto br-ex
iface br-ex inet static
  bridge_ports eth1

 # The primary network interface
auto eth2
iface eth2 inet dhcp

The creation of the basic network setting (basically there is an external-net (ext-net) and an internal-network (int-net and I try to make the external-network visible from outside):

$> quantum net-create ext-net --router:external true
$> quantum subnet-create ext-net

$> quantum net-create int-net
$> quantum subnet-create int-net

$> quantum router-create router-ext
$> quantum router-interface-add router-ext <int-net-subnet-id>
$> quantum router-gateway-set router-ext ext-net

$> quantum floatingip-create ext-net

$> nova-manage floating create --pool=nova --ip_range=

$> nova boot --image "Cirros 0.3.0" --flavor 1 \
              --nic net-id=<int-net-id> demo-server

$> quantum port-list
$> quantum floatingip-associate <floatingip-id> <demo-server-port-id>

About the security rules:

$> nova secgroup-list-rules default
| IP Protocol | From Port | To Port | IP Range  | Source Group |
| icmp        | -1        | -1      | |              |
| tcp         | 22        | 22      | |              |

And, pinging from inside (demo-server) is working well, but when logging to the router (eg and trying to ping is not working (although pinging, the DHCP server of int-net, is working fine).

Also, I cannot get the floating IP to have a status ACTIVE (they are always DOWN). This might be because of the same problem.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2013-11-06 15:47:56 -0500

NetCubist gravatar image

updated 2013-11-06 15:50:27 -0500

Were you able to figure out the issue? I am running in to the same issue. It is related to iptables and the ordering of the compute and linuxbridge chains within it. If you delete and add a already existing security group to one of your existing compute VMs, it will start working I bet.

Here is a link to my question regarding the same issue and what I found:

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2013-08-30 05:05:53 -0500

Seen: 616 times

Last updated: Nov 06 '13