Ask Your Question
1

Not able to ping the VM Instance and tenant router gateway [closed]

asked 2015-01-21 18:06:07 -0600

Dickson gravatar image

Hi:

I am trying to install the Openstack Icehouse release on Ubuntu 12.04 following the Openstack document http://docs.openstack.org/icehouse/install-guide/install/apt/content/ (http://docs.openstack.org/icehouse/in...) but I can not able to ping the VM Instance and tenant router gateway. The following is my environment setting:

controller

10.89.116.5 http://rcdn6-opcntrl1.cisco.com rcdn6-opcntrl1

network

10.89.116.6 http://rcdn6-opnetwk1.cisco.com rcdn6-opnetwk1

compute1

10.89.116.7 http://rcdn6-opcompu1.cisco.com rcdn6-opcompu1

management interface: 10.89.116.0/28

tunnels interface: 10.89.116.16/28

external interface: 10.89.116.32/28

On Network node /etc/network/interfaces:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth4
iface eth4 inet static
        address 10.89.116.6
        netmask 255.255.255.240
        network 10.89.116.0
        broadcast 10.89.116.15
        gateway 10.89.116.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 72.163.47.11
        dns-search cisco.com

auto eth5
iface eth5 inet static
        address 10.89.116.21
        netmask 255.255.255.240
        network 10.89.116.16
        broadcast 10.89.116.31
        gateway 10.89.116.17
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 72.163.47.11
        dns-search cisco.com

auto eth0
iface eth0 inet manual
        up ip link set dev $IFACE up
        down ip link set dev $IFACE down

On Compute node /etc/network/interfaces:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth4
iface eth4 inet static
        address 10.89.116.7
        netmask 255.255.255.240
        network 10.89.116.0
        broadcast 10.89.116.15
        gateway 10.89.116.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 72.163.47.11
        dns-search cisco.com

auto eth5
iface eth5 inet static
        address 10.89.116.22
        netmask 255.255.255.240
        network 10.89.116.16
        broadcast 10.89.116.31
        gateway 10.89.116.17
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 72.163.47.11
        dns-search cisco.com

On Network Node:

openstackadmin@rcdn6-opnetwk1:/etc/network$ ifconfig -a
br-ex     Link encap:Ethernet  HWaddr 00:10:18:68:bd:70  
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:900 (900.0 B)  TX bytes:0 (0.0 B)

br-int    Link encap:Ethernet  HWaddr 82:06:68:a6:b4:4c  
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:26 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2506 (2.5 KB)  TX bytes:0 (0.0 B)

br-tun    Link encap:Ethernet  HWaddr 62:6d:e6:ec:20:4c  
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX ...
(more)
edit retag flag offensive reopen merge delete

Closed for the following reason question is not relevant or outdated by Dickson
close date 2015-01-23 09:03:08.408479

Comments

Maybe it is a typo but you can not use management interface: 10.89.116.0/28.

GLaupre gravatar imageGLaupre ( 2015-01-21 20:11:26 -0600 )edit

I am not really understand why I cannot use 10.89.116.0/28 for management interface. Can you explain? The Contoller node actually is using 10.89.116.5, Network node is using 10.89.116.6 and Compute Node is using 10.89.116.7 for management.

Dickson gravatar imageDickson ( 2015-01-22 10:55:50 -0600 )edit

Sorry, OFC you can use the address range 10.89.116.0/28. I though you used explicitly the address 0 for an interface :)

GLaupre gravatar imageGLaupre ( 2015-01-22 11:47:38 -0600 )edit
add a comment

3 answers

Sort by ยป oldest newest most voted
0

answered 2015-01-22 09:43:27 -0600

Dickson gravatar image

updated 2015-01-22 17:36:09 -0600

Hi Richard:

Yes. I did modify the default security group rules to allow ICMP and ssh by doing the following: nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

Hi Glaupre:

On compute node, when I do ip netns, it has nothing return. On network node, when I do ip netns. it show the following:

openstackadmin@rcdn6-opnetwk1:~$ ip netns
qrouter-2f675dba-de52-4e36-a977-14b595371e2c
qdhcp-74879e95-1826-4ab4-b71e-642720df9ca5

and then I can ping the floating IP address, using the following:

openstackadmin@rcdn6-opnetwk1:~$ sudo ip netns exec qrouter-2f675dba-de52-4e36-a977-14b595371e2c ping 10.89.116.37
[sudo] password for openstackadmin: 
PING 10.89.116.37 (10.89.116.37) 56(84) bytes of data.
64 bytes from 10.89.116.37: icmp_req=1 ttl=64 time=5.50 ms
64 bytes from 10.89.116.37: icmp_req=2 ttl=64 time=0.830 ms
64 bytes from 10.89.116.37: icmp_req=3 ttl=64 time=0.450 ms

On controller node:

openstackadmin@rcdn6-opcntrl1:~$ neutron router-show demo-router
+-----------------------+-----------------------------------------------------------------------------+
| Field                 | Value                                                                       |
+-----------------------+-----------------------------------------------------------------------------+
| admin_state_up        | True                                                                        |
| external_gateway_info | {"network_id": "c1a55215-d69f-4e05-8615-f3d426ba5ff8", "enable_snat": true} |
| id                    | 2f675dba-de52-4e36-a977-14b595371e2c                                        |
| name                  | demo-router                                                                 |
| routes                |                                                                             |
| status                | ACTIVE                                                                      |
| tenant_id             | 2d2206f03dd54a61958f9e937bfcdb02                                            |
+-----------------------+-----------------------------------------------------------------------------+

Thanks Dickson

On Control node with source of demo-openrc.sh:

openstackadmin@rcdn6-opcntrl1:~$ neutron router-port-list demo-router
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                          |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
| 5e33ee5e-1dc7-486a-8452-bb0b874d0b1e |      | fa:16:3e:cf:3b:32 | {"subnet_id": "b965a986-cb08-4845-bdc7-36b069da2dba", "ip_address": "192.168.1.1"} |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+

With source admin-openrc.sh:

openstackadmin@rcdn6-opcntrl1:~$ neutron router-port-list demo-router
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                           |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
| 1885b4ae-1589-453e-9a34-6a950be34704 |      | fa:16:3e:24:c3:63 | {"subnet_id": "dee4acf8-f042-4510-860d-2cc5ca24fbf4", "ip_address": "10.89.116.36"} |
| 5e33ee5e-1dc7-486a-8452-bb0b874d0b1e |      | fa:16:3e:cf:3b:32 | {"subnet_id": "b965a986-cb08-4845-bdc7-36b069da2dba", "ip_address": "192.168.1.1"}  |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+

openstackadmin@rcdn6-opcntrl1:~$ source admin-openrc.sh 
openstackadmin@rcdn6-opcntrl1:~$ nova list
+----+------+--------+------------+-------------+----------+
| ID | Name | Status | Task State | Power State | Networks |
+----+------+--------+------------+-------------+----------+
+----+------+--------+------------+-------------+----------+

openstackadmin@rcdn6-opcntrl1:~$ source demo-openrc.sh 
openstackadmin@rcdn6-opcntrl1:~$ nova list
+--------------------------------------+----------------+--------+------------+-------------+------------------------------------+
| ID                                   | Name           | Status | Task State | Power State | Networks                           |
+--------------------------------------+----------------+--------+------------+-------------+------------------------------------+
| fa58026c-0a4f-499b-9621-6bf03d69ef0e | demo-instance1 | ACTIVE | -          | Running     | demo-net=192.168.1.3, 10.89.116.37 |
+--------------------------------------+----------------+--------+------------+-------------+------------------------------------+

root@rcdn6-opnetwk1:/var/log# ovs-vsctl show
43c8a070-69d7-42ca-b219-dbbdeeb9256c
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "eth3"
            Interface "eth3"
        Port "qg-1885b4ae-15"
            Interface "qg-1885b4ae-15"
                type: internal
    Bridge br-int
        fail_mode: secure
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
        Port "tapd9725222-b3"
            tag: 1
            Interface "tapd9725222-b3"
                type: internal
        Port "qr-5e33ee5e-1d"
            tag: 1
            Interface "qr-5e33ee5e-1d"
                type: internal
    ovs_version: "2.0.2"
edit flag offensive delete link more

Comments

So you can ping your instance from your router, which is good. What do you want to do now? Ping your instance from outside? This is only possible if you attach a floating IP in the pool of IPof your external network to your instance. The instances are isolated in their tenant networks.

GLaupre gravatar imageGLaupre ( 2015-01-22 11:18:56 -0600 )edit

Can you show me your

neutron router-port-list demo-router
GLaupre gravatar imageGLaupre ( 2015-01-22 11:31:59 -0600 )edit

Yes, I want to ping the instance from outside and I have attached the floating IP to the instance (10.89.116.37). I have exceed the characters limit again. Please see the neutron command output from my previous answer session again.

Dickson gravatar imageDickson ( 2015-01-22 12:13:16 -0600 )edit
1

First of all, you should determine on what project your instance is : demo or admin? I see that you source with both, so just tell me on what project you see your instance, try

source openrc admin admin
nova list
source openrc demo demo
nova list

On which do you see your instance

GLaupre gravatar imageGLaupre ( 2015-01-22 12:55:15 -0600 )edit

The instance is for demo project. Please see command output from my previous answer session.

Dickson gravatar imageDickson ( 2015-01-22 13:54:40 -0600 )edit
see more comments
0

answered 2015-01-22 00:58:01 -0600

Richard gravatar image

There was one time that I could not ping my vms, but it works after I add the security group rules to allow ICMP ingress and egress. I suggest you try the security group setting.

edit flag offensive delete link more
add a comment
0

answered 2015-01-21 20:23:54 -0600

GLaupre gravatar image

updated 2015-01-22 18:40:08 -0600

Your instance is isolated in your tenant network and you can't ping it from "outside". What you can do is to ping it from your router.

For that you have to find the namespace of your router attached in the same subnet using ip netns in your network node. You will see the qdhcp and the qrouter with their ID.

after that try to 

ip netns exec qrouter-"id" ping "ip of your instance"

I am just wondering if your router has an interface attached with your subnet, the same your instance you want to ping is in. Can you please execute neutron router-show "ID or name of router to look up" and edit your post?

Edit 1

Your instance is on the demo project

fa58026c-0a4f-499b-9621-6bf03d69ef0e | demo-instance1 | ACTIVE | -          | Running     | demo-net=192.168.1.3, 10.89.116.37

but your demo-router has only interface on your internal network for the demo project:

5e33ee5e-1dc7-486a-8452-bb0b874d0b1e |      | fa:16:3e:cf:3b:32 | {"subnet_id": "b965a986-cb08-4845-bdc7-36b069da2dba", "ip_address": "192.168.1.1"

Your floating IP as

| 1885b4ae-1589-453e-9a34-6a950be34704 |      | fa:16:3e:24:c3:63 | {"subnet_id": "dee4acf8-f042-4510-860d-2cc5ca24fbf4", "ip_address": "10.89.116.36"} |
| 5e33ee5e-1dc7-486a-8452-bb0b874d0b1e |      | fa:16:3e:cf:3b:32 | {"subnet_id": "b965a986-cb08-4845-bdc7-36b069da2dba", "ip_address": "192.168.1.1"}  |

Is attached to the admin project. Your demo-router has no port on the external subnet, he has only 192.168.1.1. You should add an interface on your demo-router on the subnet external network 10.89.116.32/28 for the demo project though,

edit flag offensive delete link more

Comments

On compute node, when I do ip netns, it has nothing return. On network node, when I do ip netns. it show the following:

root@rcdn6-opnetwk1:~# ip netns qrouter-2f675dba-de52-4e36-a977-14b595371e2c qdhcp-74879e95-1826-4ab4-b71e-642720df9ca5

Dickson gravatar imageDickson ( 2015-01-22 10:35:39 -0600 )edit

root@rcdn6-opnetwk1:~# ip netns qrouter-2f675dba-de52-4e36-a977-14b595371e2c qdhcp-74879e95-1826-4ab4-b71e-642720df9ca5

Dickson gravatar imageDickson ( 2015-01-22 10:37:33 -0600 )edit

root@rcdn6-opnetwk1:~# ip netns exec qrouter-2f675dba-de52-4e36-a977-14b595371e2c ping 10.89.116.37 PING 10.89.116.37 (10.89.116.37) 56(84) bytes of data. 64 bytes from 10.89.116.37: icmp_req=1 ttl=64 time=1.35 ms

Dickson gravatar imageDickson ( 2015-01-22 10:38:38 -0600 )edit

I have reached the limit of characters. The neutron router-show output please look at the above answer session.

Dickson gravatar imageDickson ( 2015-01-22 10:41:56 -0600 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

subscribe to rss feed

Stats

Asked: 2015-01-21 18:06:07 -0600

Seen: 3,167 times

Last updated: Jan 22 '15