Cannot ping from external network to floating IP of tenant router gateway
I have followed the Icehouse doc "OpenStack Installation Guide(three-node)". My environment is same as the doc except IP and nodes that are builded as VM using libvirt in CentOS 6.5
http://docs.openstack.org/icehouse/in...
In accordance with the doc.
- Neutron server is running on controller-node
- NIC(eth1) for external network on network-node is configured without IP (PROMISC="yes" because the node is VM)
The problem
- On network node, I can ping to external network but can not ping the floating IP from external network in this stage -> http://docs.openstack.org/icehouse/in...
The strange things
- The tap and qr ports are always DOWN (on network-node) - you can check it in "the detail info"
- The port of the router_gateway is DOWN (on controller-node) - you can check it in "the detail info"
- There are some errors(ConnectionError, HeartbeatTimeout) in log files. - you can check it at the bottom of writing please click (more) button at the bottom of this writing to show all info
- I assigned external IP to br-ex on network-node for test and pinged, then I can capture incoming packets by using "tcpdump -i eth1" on network-node, but there are no 'IP' packets, only 'ARP' packet in captured packets and source host(external node) receives no response
The detail info of my environment:
1) IP addresses and CIDR
-controller-node : 10.0.0.11 (management network)
-network-node : 10.0.0.21 (management network)
10.0.1.21 (data network)
-compute-node : 10.0.0.31 (management network)
10.0.1.31 (data network)
-external network gateway : 192.168.125.254
-the floating IP of tenant router gateway : 192.168.125.150
-external network CIDR : 192.168.125.0/24
-demo network CIDR : 172.30.1.0/24
2) network node
[root@network-node ~]# ovs-vsctl show
23804a8f-7c89-4422-9b9f-67bf26a34c51
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port "qr-98c762ea-d7"
tag: 1
Interface "qr-98c762ea-d7"
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port "tapf5eec840-e6"
tag: 1
Interface "tapf5eec840-e6"
type: internal
Bridge br-ex
Port "eth1"
Interface "eth1"
Port br-ex
Interface br-ex
type: internal
Port "qg-9810105a-ed"
Interface "qg-9810105a-ed"
type: internal
Bridge br-tun
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port "gre-0a00011f"
Interface "gre-0a00011f"
type: gre
options: {in_key=flow, local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.31"}
Port br-tun
Interface br-tun
type: internal
ovs_version: "1.11.0"
[root@network-node ~]#
[root@network-node ~]# ip a
.
.
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:f6:31:07 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.21/24 brd 10.0.0.255 scope global eth0
inet6 fe80::5054:ff:fef6:3107/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:d3:92:e2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::5054:ff:fed3:92e2/64 scope link
valid_lft forever preferred_lft forever
4 ...
can you let us know that you have enabled security group rules?
Hi SGPJ. Thank you for your attention. I updated my security-group-rules. My problem is that I can not ping from external network to floating IP of virtual tenant router (Not VM).
I have the same problem as you.. :(
do you have neutron-l3-agent service running? Anything strange in its log (/var/log/neutron/l3-agent.log) ?
I really thank you for your attention. Now, I check some errors in log files. but, I don't understand, because I'm just getting my feet wet. I updated the logs in my writing, please check it