Ask Your Question
1

VM instanance not pingable from external network

asked 2014-09-10 14:09:35 -0500

C Sasi Kanth gravatar image

Hi,

I have installed IceHouse 3 node(nodes as Virtual Machine) setup on Ubuntu 14.04. I had problem when launching the instance and the problem was resolved after adding the properties vif_plugging_timeout = 10 vif_plugging_is_fatal = False After instance created i am not able to ping the VM from outside network...From the VM instance i can ping router IPs both external side and tenant network side.

Can you please provide me the what could be problem for not accessing Vm from external network ?

Thanks, Sasi

Attached the additional details from the setup.

Compute Node:

root@oscompute:/home/oscompute# ovs-vsctl show
7d6b6205-1a1b-4be6-bfb4-ba31ccc9c114
    Bridge br-int
        fail_mode: secure
        Port "qvo8adacb67-40"
            tag: 1
            Interface "qvo8adacb67-40"
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "gre-0a7ef305"
            Interface "gre-0a7ef305"
                type: gre
                options: {in_key=flow, local_ip="10.126.243.4", out_key=flow, remote_ip="10.126.243.5"}
        Port br-tun
            Interface br-tun
                type: internal
    ovs_version: "2.0.2"

root@oscompute:/home/oscompute# ifconfig -a
br-int    Link encap:Ethernet  HWaddr 62:24:cd:25:d5:49  
          inet6 addr: fe80::2053:aeff:fef8:6818/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:27 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2452 (2.4 KB)  TX bytes:648 (648.0 B)

br-tun    Link encap:Ethernet  HWaddr 5a:46:37:45:69:48  
          inet6 addr: fe80::64f6:5fff:febf:9726/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr 00:0c:29:ea:f0:64  
          inet addr:10.126.243.4  Bcast:10.126.243.31  Mask:255.255.255.224
          inet6 addr: fe80::20c:29ff:feea:f064/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:70815 errors:0 dropped:0 overruns:0 frame:0
          TX packets:97205 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:16576671 (16.5 MB)  TX bytes:26884983 (26.8 MB)

eth1      Link encap:Ethernet  HWaddr 00:0c:29:ea:f0:6e  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX ...
(more)
edit retag flag offensive close merge delete

Comments

Did you allow ingress ICMP in security group? did you add floating ip?

T u l gravatar imageT u l ( 2014-09-10 15:04:14 -0500 )edit

Yes. I have added the ICMP security group and Floating IP. 

 9bf26a37-eb87-4e72-9144-f535c3ac18dc | DemoInstance | ACTIVE | -          | Running     | Demo-net=192.168.1.3, 10.126.243.19

After attaching the router to the external network i am not able to ping the gateway IP (10.126.243.10)

C Sasi Kanth gravatar imageC Sasi Kanth ( 2014-09-11 02:06:50 -0500 )edit
add a comment

3 answers

Sort by ยป oldest newest most voted
2

answered 2014-09-11 01:52:11 -0500

SGPJ gravatar image

In Horizon dashboard, goto security groups, click on default security and then add All ICMP rule & SSH rule. Then try to ping floating IP from openstack controller node.

edit flag offensive delete link more

Comments

I have added both the security group rules. Could you please clarify that after create the router and attached interfaces(both external gw and internal interface) to the router, i am not able to reach the router external gw ip. What could be the reason for not reaching the router external gw ip ?

C Sasi Kanth gravatar imageC Sasi Kanth ( 2014-09-11 04:26:52 -0500 )edit

i can ping the ip through the below command

osnetwork# ip netns exec qrouter-26075d1b-19a8-491c-b532-ca43ba65ef58 ping 10.126.243.10 PING 10.126.243.10 (10.126.243.10) 56(84) bytes of data. 64 bytes from 10.126.243.10: icmp_seq=1 ttl=64 time=0.638 ms 64 bytes from 10.126.243.10: icmp_seq=2 ttl=64

C Sasi Kanth gravatar imageC Sasi Kanth ( 2014-09-11 04:44:46 -0500 )edit
add a comment
1

answered 2014-09-18 08:47:10 -0500

C Sasi Kanth gravatar image

Problem got resolved. Issue was that management network and external network are same... due to that when new VM spawned the floating IP are assigned from same network of management network. i.e, two ips from same subnet is assigned to eth0 of network node and qrouter external interface. After creating separate subnet for management and external network VM pingable from external network.

ARP problem in linux if you same subnet in linux: http://serverfault.com/questions/3360...

Thanks to gagarinq9 who was guiding the initial troubleshooting.

edit flag offensive delete link more
add a comment
0

answered 2014-09-12 03:54:44 -0500

gagarinq9 gravatar image

Hello, please check are you able ping betwen VM's in same tenant. If you don't posible the GRE tunels are not up. Try to restart all of neutron services, very posible so of them is down.

edit flag offensive delete link more

Comments

Hi, I am able to ping between Vms in the same network

C Sasi Kanth gravatar imageC Sasi Kanth ( 2014-09-14 10:56:01 -0500 )edit

One different in the setup was that i am not using separate instance tunnel interface. Instead i was using the Compute and Network node management interface as tunnel interface as well...Will this cause any issue ?

C Sasi Kanth gravatar imageC Sasi Kanth ( 2014-09-14 11:11:23 -0500 )edit

I think this is not a problem. Try inspect traffic with tcpdump. Ping virtual machine and watch what is going on in eth0 of it. And try ping from Vm some physical interface and inspect traffic.

gagarinq9 gravatar imagegagarinq9 ( 2014-09-15 03:37:09 -0500 )edit

Also try check services for up\down state Try reboot them: with command like: for i in $(initctl list | grep '^neutron' | awk '{print $1}'); do service $i restart; done

gagarinq9 gravatar imagegagarinq9 ( 2014-09-15 03:39:11 -0500 )edit

Hi, I have inspected traffic from compute to network node on each interfaces. using the tcpdump commands...ping packet reaches the qrouter...But i can see only ARP broadcast packet at "qg..." in the qrouter...Please see the below comments

C Sasi Kanth gravatar imageC Sasi Kanth ( 2014-09-15 16:10:21 -0500 )edit
see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-09-10 14:09:35 -0500

Seen: 1,661 times

Last updated: Sep 18 '14

Related questions

how to conf the quantum of f3

Openstack network error - RTNETLINK answers: File exists

Neutron-ovs-cleanup delete interfaces

neutron public subnet wrong IP

Create a Network Toplogy via Dashboard

Neutron Interface issue.

Hyper-V 2012 R2 and openstack

Problem connecting external host to vxlan

Using AWS Elastic IPs with Openstack

Unable to create instances icehouse due to rabbit mq timeout