Pinging VM from external network

asked 2013-09-09 18:17:06 -0600

Amit gravatar image

Hi,

Current running Grizzly in a multi node setup on Ubuntu 12.04. Nova network is running in multi host mode.

Controller Node + Network Node

auto eth0 ## External Network
iface eth0 inet dhcp # 10.11.105.10

iface eth7 inet manual
  up ifconfig $IFACE 0.0.0.0 up
  up ifconfig $IFACE promisc

auto br100
iface br100 inet manual # 10.11.55.1

Compute Node + Network Node

auto eth0 ## External Network
iface eth0 inet dhcp # 10.11.105.20

auto eth2
iface eth2 inet manual
  up ifconfig $IFACE 0.0.0.0 up
  up ifconfig $IFACE promisc

auto br100
iface br100 inet manual # 10.11.55.2

I have a test instance running on my compute node which has the IP 10.11.55.5

I can ping the following successfully

  • Controller -> VM
  • Compute -> VM
  • VM -> Compute
  • VM -> Controller
  • VM -> 10.11.105.1(External Gateway)
  • VM -> 8.8.8.8 (Via External Gateway)
  • External Gateway -> Controller
  • External Gateway -> Compute

However I cannot ping from the External Gateway -> VM.

I have set a static route on the 10.11.105.1 router to forward 10.11.55.0 packets onto the controller node. tcpdump shows me the packets are getting to the controller node and then being forwarded onto the compute node but no response after this.

Would appreciate any help with this issue.

Thanks

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
1

answered 2013-09-10 07:47:06 -0600

bishoy gravatar image

adding dns is a must add dns to the bridge br-ex and make this bridge conf static the same as the interface was which you converted to manual, the br-ex gives int access to vms. the same dns must be used in br-ex aslo in external and internal dns make sure it's the same.

edit flag offensive delete link more

Comments

no - it is not a requirment to configured br-ex with dns.

darragh-oreilly gravatar imagedarragh-oreilly ( 2013-09-13 06:14:35 -0600 )edit
0

answered 2013-09-10 08:45:56 -0600

dathomir gravatar image

Cloudpipe claims to exist to satisfy just this use case. http://docs.openstack.org/trunk/openstack-compute/admin/content/cloudpipe-per-project-vpns.html

edit flag offensive delete link more
0

answered 2013-09-10 13:38:50 -0600

Amit gravatar image

Turns out it was an issue with iptables dropping packets not originating from 10.11.55.0/24.

I disabled security groups as it is not needed in my use case and that solved the issue. For future readers the offending iptable rule was nova-compute-sg-fallback

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2013-09-09 18:17:06 -0600

Seen: 723 times

Last updated: Sep 10 '13