No internet access from VM

asked 2014-09-26 16:14:07 -0600

AmitA gravatar image

updated 2014-10-07 16:14:28 -0600

Hi all,

So I cant seem to access the internet from my VMs. I can access the floating IPs from anywhere in our network and from all nodes now (controller/network/compute) just fine (but strangely I cannot access the private ips, the tenant network from any of the nodes?!) but cant seem to get out to internet. I can ping our gateway/dns just fine but for some reason nothing resolves. I can also from the qrouter ping the internet just fine as well. I think my iptables are fine, i pretty much just allowed everything for now. Any ideas would be appreciated thanks

ADDING ip netns:

[root@network ~]# ip netns qrouter-8a29f0cf-34ef-42bb-a16f-d849402b386f qdhcp-a94024e7-6749-481b-a8e6-511c95fb22e6

[root@network ~]# ip netns exec qrouter-8a29f0cf-34ef-42bb-a16f-d849402b386f ifconfig -a lo: flags=73<up,loopback,running> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

qg-bf438c7c-d8: flags=67<up,broadcast,running> mtu 1500 inet 10.7.7.101 netmask 255.255.0.0 broadcast 10.7.255.255 inet6 fe80::f816:3eff:fedd:eaa6 prefixlen 64 scopeid 0x20<link> ether fa:16:3e:dd:ea:a6 txqueuelen 0 (Ethernet) RX packets 9574 bytes 1110222 (1.0 MiB) RX errors 0 dropped 1740 overruns 0 frame 0 TX packets 384 bytes 51476 (50.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

qr-f77d4953-1a: flags=67<up,broadcast,running> mtu 1500 inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::f816:3eff:feca:d275 prefixlen 64 scopeid 0x20<link> ether fa:16:3e:ca:d2:75 txqueuelen 0 (Ethernet) RX packets 372 bytes 50788 (49.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 425 bytes 40830 (39.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

UPDATE:

Noticed this line in my NAT table in the ip netns namespace, not sure what if there is an error here?

Chain neutron-l3-agent-POSTROUTING (1 references) pkts bytes target prot opt in out source destination

1    84 ACCEPT     all  --  !qg-bf438c7c-d8 !qg-bf438c7c-d8  0.0.0.0/0            0.0.0.0/0            ! ctstate DNAT

Full table below:

ip netns exec qrouter-8a29f0cf-34ef-42bb-a16f-d849402b386f iptables -t nat -nvL

Chain PREROUTING (policy ACCEPT 68886 packets, 9676K bytes) pkts bytes target prot opt in out source destination

68911 9677K neutron-l3-agent-PREROUTING all -- * * 0.0.0.0/0 0.0.0.0/0

Chain INPUT (policy ACCEPT 30149 packets, 3151K bytes) pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 2 packets, 144 bytes) pkts bytes target prot opt in out source destination

2   144 neutron-l3-agent-OUTPUT  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 10 packets, 836 bytes) pkts ... (more)

edit retag flag offensive close merge delete

Comments

Forgot to add I can access internet from controller, compute and network just fine. Only the VMs cant

AmitA gravatar imageAmitA ( 2014-09-26 16:20:53 -0600 )edit

Post ovs-vsctl show on network node.

dbaxps gravatar imagedbaxps ( 2014-09-26 23:31:44 -0600 )edit

could you ping from vm to controller or networknode? and post **ip netns**

leethaoqn gravatar imageleethaoqn ( 2014-10-01 23:50:48 -0600 )edit

Yes I can ping controller/network/compute node from VM. The openstack node IP range is 10.7.5.x and the VM floating IP is 10.7.7.102. The private IP of VM is 192.168.1.11.

AmitA gravatar imageAmitA ( 2014-10-06 11:30:08 -0600 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-10-01 17:34:19 -0600

AmitA gravatar image

[root@network ~]# ovs-vsctl show

4942d9b6-0406-4d87-80f7-a7de63d6ac85

Bridge br-tun

    Port patch-int

        Interface patch-int

            type: patch

            options: {peer=patch-tun}

    Port br-tun

        Interface br-tun

            type: internal

    Port "gre-0a07061f"

        Interface "gre-0a07061f"

            type: gre

            options: {in_key=flow, local_ip="10.7.6.21", out_key=flow, remote_ip="10.7.6.31"}

Bridge br-int

    fail_mode: secure

    Port "tap596ffb99-96"

        tag: 1

        Interface "tap596ffb99-96"

            type: internal

    Port patch-tun

        Interface patch-tun

            type: patch

            options: {peer=patch-int}

    Port br-int

        Interface br-int

            type: internal

    Port "qr-f77d4953-1a"

        tag: 1

        Interface "qr-f77d4953-1a"

            type: internal

Bridge br-ex

    Port "qg-bf438c7c-d8"

        Interface "qg-bf438c7c-d8"

            type: internal

    Port br-ex

        Interface br-ex

            type: internal

    Port "enp0s20u4"

        Interface "enp0s20u4"

ovs_version: "2.0.0"
edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-09-26 16:14:07 -0600

Seen: 370 times

Last updated: Oct 07 '14