Ask Your Question
0

no communication through floating IP (but can connect from compute node)

asked 2014-10-31 09:52:17 -0500

luca.uburti gravatar image

updated 2014-11-03 05:09:49 -0500

hello I am a beginner to the Openstack world I'm using RDO Icehouse and I am trying to understand why I can't communicate to my VMs over the floating IPs.

I installed the allinone RDO Icehouse on a Centos 6.5 following the Quickstart specific for Neutron over an existing network, this is the link https://openstack.redhat.com/Neutron_with_existing_external_network (https://openstack.redhat.com/Neutron_...)

I think I followed exactly the instructions to the letter. I have assigned a floating IP belonging to my local network but from the Cirros test image I can't ping anything on my LAN and I can't ping or ssh into it either from my computer. I can however ping and ssh directly from the compute node to the VM through the floating IP.

A traceroute dies on the second hop: traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 46 byte packets 1 host-10-0-0-1.openstacklocal (10.0.0.1) 1.035 ms 0.529 ms 0.086 ms 2 172.168.50.83 (172.168.50.83) 3002.228 ms !H 3003.031 ms !H 3003.905 ms !H

10.0.0.1 is router1's internal interface on the private_subnet 172.168.50.83 is the floating IP I assigned to the VM

Any help is greatly appreciated thanks

This is my ovs-vsctl show:

[root@openstack ~]# ovs-vsctl show
9d526c8f-6758-4f2d-82e6-115bc5d3f17f
    Bridge br-tun
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    Bridge br-ex
        Port "eth0"
            Interface "eth0"
        Port "qg-17ba68e8-ed"
            Interface "qg-17ba68e8-ed"
                type: internal
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        fail_mode: secure
        Port "qr-01def25a-3d"
            tag: 1
            Interface "qr-01def25a-3d"
                type: internal
        Port "qvo8035cbfa-08"
            tag: 1
            Interface "qvo8035cbfa-08"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
        Port "tap5dff70cc-c9"
            tag: 1
            Interface "tap5dff70cc-c9"
                type: internal
    ovs_version: "2.1.3"

and my ifconfig

br-ex     Link encap:Ethernet  HWaddr 00:50:56:88:2D:39
          inet addr:172.168.50.60  Bcast:172.168.50.255  Mask:255.255.255.0
          inet6 addr: fe80::842:68ff:fe1d:fa6f/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:179420 errors:0 dropped:0 overruns:0 frame:0
          TX packets:73894 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:252556344 (240.8 MiB)  TX bytes:12644546 (12.0 MiB)

br-int    Link encap:Ethernet  HWaddr 2A:1C:2E:AC:6B:46
          inet6 addr: fe80::346a:4dff:feae:958b/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:135 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:9224 (9.0 KiB)  TX bytes:468 (468.0 b)

br-tun    Link encap:Ethernet  HWaddr 12:F8:B2:4E:66:4C
          inet6 addr: fe80::7c43:19ff:fe27:e86f/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 ...
(more)
edit retag flag offensive close merge delete

Comments

Post ovs-vsctl show and ifconfig on your host

dbaxps gravatar imagedbaxps ( 2014-10-31 10:14:01 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
0

answered 2014-10-31 10:12:31 -0500

mpetason gravatar image

You may still need to modify the security group : default. If you are using the default security group then you'll need to edit it so that you can get through TCP/UDP/ICMP traffic.

http://docs.openstack.org/user-guide/...

edit flag offensive delete link more

Comments

I added ICMP TCP and UDP both ingress and egress, both on admin project and demo project, still no luck

luca.uburti gravatar imageluca.uburti ( 2014-10-31 10:53:02 -0500 )edit

Please, run:-
source keystonerc_admin
nova secgroup-list-rules default
on AIO host

dbaxps gravatar imagedbaxps ( 2014-10-31 11:00:30 -0500 )edit

From within CirrOS VM run :-
$ ifconfig
$ curl http://169.254.169.254/latest/meta-data

dbaxps gravatar imagedbaxps ( 2014-10-31 11:11:16 -0500 )edit
0

answered 2014-11-14 07:31:12 -0500

TimB gravatar image

I recently had a similar problem. Pings are fine from machines on the same network as the openstack external network but not from beyond that.

The problem turned out to be the arp-cache on the switch upstream from the openstack network.

Clear the arp cache on the switch and see if this resolves the problem. If it does reduce the arp timeout on the switch interface that the openstack network is on

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2014-10-31 09:49:01 -0500

Seen: 251 times

Last updated: Nov 14 '14