Ask Your Question
0

How to convert Instance as a virtual router

asked 2014-11-13 06:12:35 -0600

sudharsan gravatar image

updated 2014-11-13 07:24:27 -0600

dbaxps gravatar image

Hi,

Scenario what we are trying is ;

PC1 --------------- Router1 ------------------- Router 2 -----------------PC2

We have launched 3 instances (Router1 & Router 2) with vyatta cloud images, PC1 with ubuntu precise image. Topo Diaghram looks as;

Ext-Net  |-----Eth1 -- Router1 --Eth2-----|Demo_Net |-------Eth1--Router2--Eth2---------|sample_Net|---PC1
172.27.10.0/24        [Instance 1]          192.168.1.0/24             [Instance2]                   10.0.0.0/24      10.0.0.2

Eth1 of Router 1 is configured as 172.27.10.203 Eth2 of Router 1 is configured as 192.168.1.9

Eth1 of Router 2 is configured as 192.168.1.16 Eth2 of Router 2 is configured as 10.0.0.5

I have to communicate from 172.27.10.27 (which is my compute) to 10.0.0.2 (PC1) with the vyatta cloud image loaded in instance 1 & 2. We created the interfaces using nova interface-attach API. I tried to ping 192.168.1.16 from Instance 1 [received Destination host unreachable]. I'm not able to ping though they are back to back connected. Can anyone help me out here. What should I configure for the link (back to back connection) to be created ? Do we really require q router between 2 networks to solve this issue ?

Need help !

edit retag flag offensive close merge delete

Comments

did you do anything about the anti-spoof firewall rule that prevents an instance from sending a packet with a source ip address that is different than what was allocated to it's port? cause that is what the vyatta instance will need to do when it routes packets.

darragh-oreilly gravatar imagedarragh-oreilly ( 2014-11-15 02:10:56 -0600 )edit
add a comment

2 answers

Sort by ยป oldest newest most voted
0

answered 2014-11-14 00:28:40 -0600

sudharsan gravatar image

Apologies! its not 172.27.10.27 but its 172.27.10.7. 172.27.10.7 is my compute which has 3 instances. Here are the details :

172.27.10.7 [Compute] route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.27.10.1 0.0.0.0 UG 0 0 0 br-ex 172.27.10.0 0.0.0.0 255.255.255.0 U 0 0 0 br-ex 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0

I did a ping from R1 to 192.168.1.19. Captured in wireshark.

captured in tap interface, qbrxxx,qvbxxx, br-int [received ARP Braodcast]. Didn't receive any arp broadcast after that ie [qvbxxx, qbrxxx, tap interface of of eth1 of R2].

Do we need to have any configuration in openvswitch ?

Nova netlist :

nova net-list +--------------------------------------+------------+------+ | ID | Label | CIDR | +--------------------------------------+------------+------+ | 8784b135-6bd7-4ef3-b3b5-b60232cae081 | ext-net | - | | 8e058f9b-bc8c-49e4-bd4d-c86c318618cf | demo-net | - | | 902e2edd-4e77-43f7-a2d9-c6a9728f37b5 | sample-net | - | +--------------------------------------+------------+------+

edit flag offensive delete link more

Comments

Could you ,please, format your text . It's unreadable.

DanIzack gravatar imageDanIzack ( 2014-11-23 00:50:22 -0600 )edit
add a comment
0

answered 2014-11-13 09:19:50 -0600

Charles Benon gravatar image

updated 2014-11-20 04:53:27 -0600

For what i see in the routing table, network 10.0.0.0/24 is not here. So, it means the packet will be send to your default gateway (172.27.10.1).

As a solution, I would suggest to create a Floating IP which is going to be your entrance to the Openstack virtual network.

I'm not sure if you need to go through your 2 routers, do you ? If no, just bind sample_Net to a router and associate a floating IP to PC1: neutron router-interface-add sample_Net-router sample_Net-subnet

If yes, create a floating IP (for example, 172.27.10.50) to Instance1 for ext_net.

After, create a NAT rule on Instance1 (from Vyatta), for example:
DST:172.27.10.50 NAT to DST:192.168.1.50

Do the same on Instance2 (from Vyatta):
DST:192.168.1.50 NAT to DST:10.0.0.2

You can help yourself with the Brocade documentation: http://www.brocade.com/downloads/docu...

edit flag offensive delete link more

Comments

Did you have a chance to try it ? (or was it an issue with the anti spoofing) ? I edited my response directly as my text was too long to be added as comment (I don't know if you saw it).

Charles Benon gravatar imageCharles Benon ( 2014-11-20 05:31:52 -0600 )edit

Sorry for the late response. Scenario worked well. we modified the network type in ml2 configuration file from GRE to VLAN. After modifying it worked.

sudharsan gravatar imagesudharsan ( 2014-12-29 04:55:11 -0600 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2014-11-13 06:12:35 -0600

Seen: 360 times

Last updated: Nov 20 '14