cannot ping vm from outside network

asked 2014-12-09 10:47:51 -0500

anna_g gravatar image

Hello, I have a multinode setup with openstack juno and i have troubles connecting my vm to the outside world. I am able to ping the vm from inside the qdhcp namespace but not from the qrouter. It is also unreacheable from the host machine. I have a public network 10.24.100.0/24 and a private one 10.0.0.0/24.Some configuration details: the qrouter namespace configuration:

ip netns exec qrouter-cb225d1b-266e-4df9-8ba2-29e735eea83c ip route
default via 10.24.100.1 dev qg-19c3af60-3a
10.0.0.0/24 dev qr-38afb10a-35  proto kernel  scope link  src 10.0.0.1
10.24.100.0/24 dev qg-19c3af60-3a  proto kernel  scope link  src 10.24.100.2



ip netns exec qrouter-cb225d1b-266e-4df9-8ba2-29e735eea83c ip a
13: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
14: qr-38afb10a-35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether fa:16:3e:88:06:8c brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-38afb10a-35
    inet6 fe80::f816:3eff:fe88:68c/64 scope link
       valid_lft forever preferred_lft forever
15: qg-19c3af60-3a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether fa:16:3e:46:00:25 brd ff:ff:ff:ff:ff:ff
    inet 10.24.100.2/24 brd 10.24.100.255 scope global qg-19c3af60-3a
    inet6 fe80::f816:3eff:fe46:25/64 scope link
       valid_lft forever preferred_lft forever
ip netns exec qrouter-cb225d1b-266e-4df9-8ba2-29e735eea83c route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.24.100.1     0.0.0.0         UG    0      0        0 qg-19c3af60-3a
10.0.0.0        *               255.255.255.0   U     0      0        0 qr-38afb10a-35
10.24.100.0     *               255.255.255.0   U     0      0        0 qg-19c3af60-3a

and finally the ip tables:

ip netns exec qrouter-cb225d1b-266e-4df9-8ba2-29e735eea83c iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-19c3af60-3a ! -o qg-19c3af60-3a -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -s 10.0.0.0/24 -j SNAT --to-source 10.24.100.2
-A neutron-postrouting-bottom -j neutron-l3-agent-snat

c2e3f581-5694-4204-b5fe-1445f3c10290
    Bridge br-ex
        Port "qg-19c3af60-3a"
            Interface "qg-19c3af60-3a"
                type: internal
        Port "eth1"
            Interface "eth1"
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        fail_mode: secure
        Port "tap8c02fa6a-14"
            tag: 1
            Interface "tap8c02fa6a-14"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qr-38afb10a-35"
            tag: 1
            Interface "qr-38afb10a-35"
                type: internal
        Port br-int
            Interface br-int
                type: internal
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch ...
(more)
edit retag flag offensive close merge delete

Comments

Have you enabled Security rules for ICMP && TCP SSH 22 ?

dbaxps gravatar imagedbaxps ( 2014-12-09 14:48:24 -0500 )edit

Yes I have added both rules for icmp and ssh.

anna_g gravatar imageanna_g ( 2014-12-09 15:06:19 -0500 )edit

I want to say that there are plenty of threads about that. Try to look at other threads and if you have more questions afterwards, edit your question.

GLaupre gravatar imageGLaupre ( 2014-12-09 16:16:26 -0500 )edit

After login to CirrOS VM :

ifconfig
curl http://169.254.169.254/latest/meta-data
dbaxps gravatar imagedbaxps ( 2014-12-10 00:28:42 -0500 )edit

i tried to do the curl but the vm cant connect to the host. i edited the routing table inside the vm adding the default via 10.24.100.1 but still no result

enter code here
anna_g gravatar imageanna_g ( 2014-12-10 04:16:37 -0500 )edit