admin prohibited in ping from instance

asked 2015-01-01 09:10:00 -0500

fresher gravatar image

updated 2015-01-01 22:23:54 -0500

I am doing a openstack juno setup on centos using packstack. (1 node controller+neutron and another node as compute).My VM is unable to get a IP address. I have manually assigned an address to it and tracing the tcpdump I found these logs in the controller and compute nodes VLAN interfaces. 192.168.0.127 is my neutron node VLAN IP. 192.168.0.137 is my compute node VLAN IP. 192.168.1.1 is my gateway IP and 192.168.1.13 is my manually assigned VM IP.

18:18:44.554867 IP 192.168.0.137.37741 > 192.168.0.127.4789: VXLAN, flags [I] (0x08), vni 1002
ARP, Request who-has 192.168.1.1 tell 192.168.1.13, length 28
18:18:44.554873 IP 192.168.0.137.37741 > 192.168.0.147.4789: VXLAN, flags [I] (0x08), vni 1002
ARP, Request who-has 192.168.1.1 tell 192.168.1.13, length 28
18:18:44.555063 IP 192.168.0.147 > 192.168.0.137: ICMP host 192.168.0.147 unreachable - admin prohibited, length 86
18:18:44.555079 IP 192.168.0.127 > 192.168.0.137: ICMP host 192.168.0.127 unreachable - admin prohibited, length 86
18:18:44.555408 IP6 fe80::3800:14d9:428b:9934.55254 > ff02::1:3.5355: UDP, length 25
18:18:44.555529 IP 10.129.151.23.5120.63 > 224.0.252.5355: UDP, length 25

All VLAN interfaces can ping each other though. Please help me in this regard.Thanks.

ps -ef | grep dnsmasq
root      14929  14798  0 09:49 pts/0    00:00:00 grep --color=auto dnsmasq
nobody    36609      1  0  2014 ?        00:00:00 dnsmasq --no-hosts --no-resolv --strict-order --bind-interfaces --interface=tap0014fb03-a6 --except-interface=lo --pid-file=/var/lib/neutron/dhcp/ddf39213-0637-444f-8052-d798711be8c2/pid --dhcp-hostsfile=/var/lib/neutron/dhcp/ddf39213-0637-444f-8052-d798711be8c2/host --addn-hosts=/var/lib/neutron/dhcp/ddf39213-0637-444f-8052-d798711be8c2/addn_hosts --dhcp-optsfile=/var/lib/neutron/dhcp/ddf39213-0637-444f-8052-d798711be8c2/opts --leasefile-ro --dhcp-range=set:tag0,192.168.1.0,static,86400s --dhcp-lease-max=256 --conf-file=/etc/neutron/dnsmasq-neutron.conf --domain=openstacklocal

Controller+neutron node(ovs-vsctl show)

f36f97d6-8a65-474c-a6d7-4d6f073c69d7
    Bridge br-tun
        Port br-tun
            Interface br-tun
                type: internal
        Port "vxlan-c0a80093"
            Interface "vxlan-c0a80093"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.168.0.127", out_key=flow, remote_ip="192.168.0.147"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-c0a80089"
            Interface "vxlan-c0a80089"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.168.0.127", out_key=flow, remote_ip="192.168.0.137"}
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "qg-1762d2da-5d"
            Interface "qg-1762d2da-5d"
                type: internal
        Port "enp7s0f0"
            Interface "enp7s0f0"
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
    Bridge br-int
        fail_mode: secure
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port "qr-f5177e35-49"
            tag: 1
            Interface "qr-f5177e35-49"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "tap0014fb03-a6"
            tag: 1
            Interface "tap0014fb03-a6"
                type: internal
    ovs_version: "2.1.3"

compute node ovs-vsctl show

d9681430-b19e-41f9-946f-13f8541e7f6a
    Bridge br-int
        fail_mode: secure
        Port patch-tun
            Interface ...
(more)
edit retag flag offensive close merge delete

Comments

You said "My VM is unable to get a IP address.", could you check why it unable to get IP. I don't have a solution but I suggest you check the iptables and stop the Iptables services in both controller and compute nodes.

rjiao gravatar imagerjiao ( 2015-01-01 09:44:08 -0500 )edit

what did the ovs-vsctl show say? Besides is the dnsmasq process running or not check it by

ps -ef | grep dnsmasq
9lives gravatar image9lives ( 2015-01-01 09:53:32 -0500 )edit

Ya dnsmasq is running. I ahve updated the question. thanks

fresher gravatar imagefresher ( 2015-01-01 22:24:47 -0500 )edit

disabling iptables allowed the ping. Can I put some rules in iptables to allow access instead of disabling altogether.

fresher gravatar imagefresher ( 2015-01-01 22:55:49 -0500 )edit

1 answer

Sort by » oldest newest most voted
0

answered 2015-01-02 00:04:24 -0500

9lives gravatar image

force to use the answer field for comments character limitation

if the dnsmasq is running the instance should get ip address, you can check the ip allocation in

/var/lib/neutron/dhcp/ddf39213-0637-444f-8052-d798711be8c2/host by the way, check the /var/log/syslog if there is another dhcp server is running or not, we have met two dhcp server running and caused our openstack instance cannot get ip address from the right dhcp server.

Hope that helps!

Vic

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-01-01 09:10:00 -0500

Seen: 2,422 times

Last updated: Jan 02 '15