Ask Your Question
1

Can't ping external IP from within vm

asked 2015-02-02 08:17:10 -0500

jslater gravatar image

updated 2015-02-02 08:55:23 -0500

dbaxps gravatar image

Hi All,

I think I'm pretty damn close to getting openstack set up properly (via packstack) but can't cross this final hurdle. I've set up an all-in-one instance and have br-ex & ens160 tied together such that:

br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.2.158  netmask 255.255.255.0  broadcast 192.168.2.255
        inet6 fe80::250:56ff:fe98:299e  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:98:29:9e  txqueuelen 0  (Ethernet)
        RX packets 1158482  bytes 1296214372 (1.2 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 561912  bytes 60473869 (57.6 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::250:56ff:fe98:299e  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:98:29:9e  txqueuelen 1000  (Ethernet)
        RX packets 1157699  bytes 1296104465 (1.2 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 559960  bytes 60269961 (57.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Added to /etc/neutron/plugin.ini file these lines:

network_vlan_ranges = physnet1
bridge_mappings = physnet1:br-ex

I created my public & private networks with:

neutron router-create router
neutron net-create private
neutron subnet-create private 10.0.0.0/24 --name private_subnet
neutron router-interface-add router private_subnet
neutron subnet-create public 192.168.2.0/24 --name public_subnet --enable_dhcp=False --allocation-pool start=192.168.2.190,end=192.168.2.199 --gateway=192.168.2.1
neutron router-gateway-set router public

and then created ICMP & SSH security rules. I can then ssh from the node only (i.e. from 192.168.2.158) to any instance i've created and assigned a floating IP to.

My public gateway to the outside world is 192.168.2.1 so, from within the VM, I can ping 192.168.2.158 but no further.

No doubt it's a routing problem but I can't for the life of me figure out where to look next, even after reading a ton of other threads around the same issue.

# ovs-vsctl show
f2f47d44-34c6-48ff-850c-0eaf999219e6
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-int
        fail_mode: secure
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
        Port "qvoe67e1d22-09"
            tag: 2
            Interface "qvoe67e1d22-09"
        Port "qr-0cc088b4-ab"
            tag: 2
            Interface "qr-0cc088b4-ab"
                type: internal
        Port "qvo354874af-f5"
            tag: 2
            Interface "qvo354874af-f5"
        Port "tap1eee9b20-ea"
            tag: 1
            Interface "tap1eee9b20-ea"
                type: internal
        Port "qvo8d8559df-6d"
            tag: 2
            Interface "qvo8d8559df-6d"
        Port "qvo90ab2347-7d"
            tag: 2
            Interface "qvo90ab2347-7d"
        Port "tapedc79d02-88"
            tag: 2
            Interface "tapedc79d02-88"
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "ens160"
            Interface "ens160"
        Port "qg-c25c44b7-92"
            Interface "qg-c25c44b7-92"
                type: internal
    ovs_version: "2.1.3"

# neutron router-show router
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                                                                                                                     |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                                                                                                                      |
| distributed           | False                                                                                                                                                                                     |
| external_gateway_info | {"network_id": "f4dbf780-54dd-4754-8e30-3749d2e397ae", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "b54397d9-1ff1-48f7-987f-cee58299d3ed", "ip_address": "192.168.2.190"}]} |
| ha                    | False                                                                                                                                                                                     |
| id                    | 8b4c1e42-8bc3-4eb2-89c6-c48e633d977a                                                                                                                                                      |
| name                  | router                                                                                                                                                                                    |
| routes                |                                                                                                                                                                                           |
| status                | ACTIVE                                                                                                                                                                                    |
| tenant_id             | f33f2addf53842419a24dac26200b39f                                                                                                                                                          |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

neutron net-list
+--------------------------------------+---------+-----------------------------------------------------+
| id                                   | name ...
(more)
edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
3

answered 2015-02-02 14:18:47 -0500

jslater gravatar image

ESX vSwitch needed promiscuous mode turned on:

http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=1004099 (http://kb.vmware.com/selfservice/sear...)

edit flag offensive delete link more
1

answered 2015-02-02 09:08:18 -0500

dbaxps gravatar image

updated 2015-02-02 14:26:46 -0500

So, we done :-
VMWARE bridge (no idea how it is called) should be in promiscuous mode

If you performed Juno AIO RDO setup via packstack , it does ML2&OVS&VXLAN by default.

1. Don't touch ml2_plugin.ini keep as it has been created
2 Create following files under /etc/sysconfig/network-scripts ( with your IPs of course )
# cat ifcfg-br-ex
DEVICE="br-ex"
BOOTPROTO="static"
IPADDR="192.168.1.127"
NETMASK="255.255.255.0"
DNS1="83.221.202.254"
BROADCAST="192.168.1.255"
GATEWAY="192.168.1.1"
NM_CONTROLLED="no"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="yes"
IPV6INIT=no
ONBOOT="yes"
TYPE="OVSIntPort"
OVS_BRIDGE=br-ex
DEVICETYPE="ovs"

# cat ifcfg-ens160
DEVICE="ens160"
# HWADDR=00:22:15:63:E4:E2
ONBOOT="yes"
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE=br-ex
NM_CONTROLLED=no
IPV6INIT=no

Then

 [root@junoDocker1 ~(keystone_admin)]# neutron net-list
+--------------------------------------+----------------+-----------------------------------------------------+
| id                                   | name           | subnets                                             |
+--------------------------------------+----------------+-----------------------------------------------------+
| ab14c8d0-a426-457d-9b8e-1614b2a82589 | demo_network   | 361c5f38-7c0c-44fb-886a-db21a04ebc87 50.0.0.0/24    |
| d8eacd71-7eb4-469c-aefc-d3308326abaa | public         | 20c71f70-1c30-48ed-9ee5-36ca0700f90a 192.168.1.0/24 |
+--------------------------------------+----------------+-----------------------------------------------------+
[root@junoDocker1 ~(keystone_admin)]# ip netns | grep ab14c8d0-a426-457d-9b8e-1614b2a82589
qdhcp-ab14c8d0-a426-457d-9b8e-1614b2a82589

Next

[root@junoDocker1 ~(keystone_admin)]# ip netns exec qdhcp-ab14c8d0-a426-457d-9b8e-1614b2a82589 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         50.0.0.1        0.0.0.0         UG    0      0        0 tap98400980-7f
50.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 tap98400980-7f

Next

[root@junoDocker1 ~(keystone_admin)]# neutron  router-list
+--------------------------------------+--------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| id                                   | name         | external_gateway_info                                                                                                                                                                     | distributed | ha    |
+--------------------------------------+--------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
| 6d11aff3-6be2-4e10-83c0-52b34d2c2983 | routerDemo   | {"network_id": "d8eacd71-7eb4-469c-aefc-d3308326abaa", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "20c71f70-1c30-48ed-9ee5-36ca0700f90a", "ip_address": "192.168.1.150"}]} | False       | False |
+--------------------------------------+--------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+

[root@junoDocker1 ~(keystone_admin)]# ip netns | grep 6d11aff3-6be2-4e10-83c0-52b34d2c2983
qrouter-6d11aff3-6be2-4e10-83c0-52b34d2c2983

[root@junoDocker1 ~(keystone_admin)]# ip netns exec qrouter-6d11aff3-6be2-4e10-83c0-52b34d2c2983 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 qg-c98669e5-d3
50.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 qr-7fc6092f-06
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-c98669e5-d3
edit flag offensive delete link more

Comments

Thanks for the reply. So I took out the two lines above from plugin.ini, changed br-ex & ens160 to match the above/my subnetting and made sure that NetworkManager is disabled. Rebooted and still the same problem :(

jslater gravatar imagejslater ( 2015-02-02 09:26:09 -0500 )edit

br-ex file:

DEVICE=br-ex DEVICETYPE=ovs BOOTPROTO=static IPADDR=192.168.2.158 NETMASK=255.255.255.0 GATEWAY=192.168.2.1 DNS1=192.168.2.1 NM_CONTROLLED="no" DEFROUTE="yes" OVS_BRIDGE=br-ex TYPE="OVSIntPort" IPV4_FAILURE_FATAL="yes" IPV6INIT=no

jslater gravatar imagejslater ( 2015-02-02 09:26:25 -0500 )edit

and ens160:


DEVICE=ens160 HWADDR=00:50:56:98:29:9e TYPE=OVSPort DEVICETYPE=ovs OVS_BRIDGE=br-ex ONBOOT=yes NM_CONTROLLED=no IPV6INIT=no

jslater gravatar imagejslater ( 2015-02-02 09:26:53 -0500 )edit

What I do see is the router status marked as down:

neutron port-show c25c44b7-9295-4770-8b3a-2cedb066a564 ..... | status | DOWN | ...

jslater gravatar imagejslater ( 2015-02-02 09:31:18 -0500 )edit

Verify your plugin.ini, I have updated answer. External port of router is down it's normal

dbaxps gravatar imagedbaxps ( 2015-02-02 09:34:02 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-02-02 08:17:10 -0500

Seen: 1,854 times

Last updated: Feb 02 '15