Ask Your Question
0

unable to access internet from guest vm

asked 2015-02-10 23:55:35 -0500

arunsr2015 gravatar image

updated 2015-02-12 11:25:08 -0500

Hi,

I installed openstack icehouse release on my home system.

  1. Installed virtual box
  2. created two vms with fedora20 operating systems
  3. Created a NAT adaptor and bridged host adaptor network using virtualbox
  4. Using rdo i installed a multi node setup (on one node installed both controller and neutron, on the 2nd node it was the compute host)
  5. I am able to create guest instances using the cirros, fedora and ubuntu images, i am able to ssh to the instances from any of the home machines on the home network
  6. What i am not able to do is access the internet from guest virtual machines.
  7. I did a tcp dump on the compute host, i am seeing that when i ping a external ip such as www.google.com , i can see the tcpump data only upto the tap interface, does seem to get the external interface(p7p1) , however when i try to access a home computer on the network from the guest vm, i see the data going out thru the tap interface to the main interface which p7p1.

When i try to ping from qrouter i get this

[root@ops ~]# ip netns exec qrouter-11ed5207-4e85-485e-956f-03db57c55619 ping www.google.com
PING www.google.com (216.58.217.196) 56(84) bytes of data.
From unknownFA163E95B5BA (192.168.1.150) icmp_seq=1 Destination Host Unreachable
From unknownFA163E95B5BA (192.168.1.150) icmp_seq=2 Destination Host Unreachable
From unknownFA163E95B5BA (192.168.1.150) icmp_seq=3 Destination Host Unreachable
From unknownFA163E95B5BA (192.168.1.150) icmp_seq=4 Destination Host Unreacha

Can any one help

Thx in Advance

edit retag flag offensive close merge delete

Comments

  1. What is IP of router of your home network to Internet ?
  2. Statement for creating public network does have IP of real gateway or doesn't ?
dbaxps gravatar imagedbaxps ( 2015-02-11 03:09:24 -0500 )edit

Ans to question 1 I access the router via the ip 192.168.1.254 (when i enter on my browser i can get into router and check my config) gateway is 192.168.1.1

Answer 2 yes i created a public network and a subnet which has the gateway set to 192.168.1.1

arunsr2015 gravatar imagearunsr2015 ( 2015-02-11 12:52:53 -0500 )edit

Please, post route -n on Network Node.

dbaxps gravatar imagedbaxps ( 2015-02-11 13:12:14 -0500 )edit

and

ip netns exec qrouter-your-router-id route -n
ip netns exec qrouter-your-router-id  ifconfig
dbaxps gravatar imagedbaxps ( 2015-02-11 13:14:18 -0500 )edit

i also tried this on ops node ip netns exec qrouter-11ed5207-4e85-485e-956f-03db57c55619 traceroute http://www.google.com traceroute to http://www.google.com (216.58.216.36), 30 hops max, 60 byte packets 1 unknownFA163E95B5BA (192.168.1.150) 3004.096 ms !H 3003.982 ms !H 3003.943 ms !H traceroute to http://www.goog

arunsr2015 gravatar imagearunsr2015 ( 2015-02-12 00:25:07 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
0

answered 2015-02-11 14:52:24 -0500

arunsr2015 gravatar image

updated 2015-02-12 11:47:30 -0500

I am going to reply as answer, in comment it does not allow to type all what you have asked

  1. route on ops node vm(this includes controller + neutron) [root@ops ~]# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 p2p1 10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 p2p1 169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 p2p1 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 p7p1 169.254.0.0 0.0.0.0 255.255.0.0 U 1005 0 0 br-ex 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-ex [root@ops ~]#

[root@ops ~]# ip netns qdhcp-9c00b051-a9cf-4255-a12c-8ef6168739a3 qrouter-11ed5207-4e85-485e-956f-03db57c55619

[root@ops ~]# ip netns exec qrouter-11ed5207-4e85-485e-956f-03db57c55619 route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 qg-596e1e77-3a 10.1.0.0 0.0.0.0 255.255.255.0 U 0 0 0 qr-e27eeb3b-f5 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 qg-596e1e77-3a

[root@ops ~]# ip netns exec qrouter-11ed5207-4e85-485e-956f-03db57c55619 ifconfig lo: flags=73<up,loopback,running> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 0 (Local Loopback) RX packets 5 bytes 560 (560.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 5 bytes 560 (560.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

qg-596e1e77-3a: flags=4163<up,broadcast,running,multicast> mtu 1500 inet 192.168.1.150 netmask 255.255.255.0 broadcast 192.168.1.255 inet6 fe80::f816:3eff:fe95:b5ba prefixlen 64 scopeid 0x20<link> inet6 2602:306:33da:4940:f816:3eff:fe95:b5ba prefixlen 64 scopeid 0x0<global> ether fa:16:3e:95:b5:ba txqueuelen 0 (Ethernet) RX packets 272829 bytes 55204110 (52.6 MiB) RX errors 0 dropped 13 overruns 0 frame 0 TX packets 3284 bytes 235201 (229.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

qr-e27eeb3b-f5: flags=4163<up,broadcast,running,multicast> mtu 1500 inet 10.1.0.1 netmask 255.255.255.0 broadcast 10.1.0.255 inet6 fe80::f816:3eff:fe16:3be3 prefixlen 64 scopeid 0x20<link> ether fa:16:3e:16:3b:e3 txqueuelen 0 (Ethernet) RX packets 1630 bytes 192727 (188.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 1701 bytes 155693 (152.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@ops ~]# ovs-vsctl show 9d6b4fb1-347d-45f5-a3c0-8aaf18b5d3ab Bridge br-tun Port br-tun Interface br-tun type: internal Port patch-int Interface patch-int type: patch options: {peer=patch-tun} Port "vxlan-c0a8016c" Interface ... (more)

edit flag offensive delete link more

Comments

I would also ask ovs-vsctl show && ifconfig on Network Node.

dbaxps gravatar imagedbaxps ( 2015-02-12 02:22:20 -0500 )edit

I have appended this info to the asnwer above, plz see at the bottom of the answer for both. Plz note the controller and neutron are on the same node(192.168.1.107), only compute(kvm) is on different node(192.168.1.108). Thx for all your help. Also in my comments/asnwer the newline gets stripped

arunsr2015 gravatar imagearunsr2015 ( 2015-02-12 10:22:04 -0500 )edit

Please, format output :-
It's easy right here - mark all needed text and press button 101010
or Upload to some location like http://textuploader.com
See for instance http://textuploader.com/1hin

dbaxps gravatar imagedbaxps ( 2015-02-12 10:56:47 -0500 )edit
0

answered 2015-02-11 13:18:11 -0500

dbaxps gravatar image

updated 2015-02-12 12:01:00 -0500

Use as comment
I want to see analogs of this reports on your Controller&&Network Node :-

 [root@juno01vhs ~(keystone_admin)]# route -n
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 br-ex
    169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 enp2s0
    169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 enp5s1
    169.254.0.0     0.0.0.0         255.255.0.0     U     1006   0        0 br-ex
    172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
    192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 enp5s1
    192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-ex

I have converted your routing table on Network Node

    # route -n 
    Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface
    0.0.0.0      10.0.2.2   0.0.0.0       UG    0        0 0     p2p1 
    10.0.2.0     0.0.0.0   255.255.255.0  U     0        0 0     p2p1 
    169.254.0.0  0.0.0.0   255.255.0.0    U    1002      0 0     p2p1 
    169.254.0.0  0.0.0.0   255.255.0.0    U    1003      0 0    p7p1 
    169.254.0.0  0.0.0.0   255.255.0.0    U    1005      0 0    br-ex 
    192.168.1.0  0.0.0.0   255.255.255.0  U    0         0 0    br-ex

If my conversion is correct your routing table doesn't have an entry

0.0.0.0   192.168.1.1    0.0.0.0   UG    0      0     0  br-ex

Hence your gateway 192.168.1.1 doesn't route packets from Network Node outside.

Disregard this notice I meant real boxes not VMs

I discovered in your reports

ifconfig :-
br-ex: flags=4419<up,broadcast,running,promisc,multicast> mtu 1500 inet 192.168.1.107 netmask 255.255.255.0 broadcast 192.168.1.255

ovs-vsctl show:
 Port "vxlan-c0a8016c" 
Interface "vxlan-c0a8016c" type: vxlan options: {in_key=flow, local_ip="192.168.1.107", out_key=flow, remote_ip="192.168.1.108"}

br-ex is not supposed to be an endpoint of your VXLAN tunnel

edit flag offensive delete link more

Comments

I tried adding the gateway to ops/neutron node route add default gw 192.168.1.1 dev br-ex

0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br-ex 0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 p2p1 I still cannot connect from guest vm

arunsr2015 gravatar imagearunsr2015 ( 2015-02-12 10:11:57 -0500 )edit

When i add the above route , i cannot ping http://www.google from ops node either [root@ops ~]# ping http://www.google.com PING http://www.google.com (216.58.217.196) 56(84) bytes of data.

arunsr2015 gravatar imagearunsr2015 ( 2015-02-12 10:13:08 -0500 )edit

[root@ops ~]# traceroute http://www.google.com traceroute to http://www.google.com (216.58.217.196), 30 hops max, 60 byte packets 1 10.0.2.2 (10.0.2.2) 0.099 ms 0.087 ms 0.078 ms 2 * * * 3 http://99-61-164-2.lightspeed.sntcca.sbcglobal.net (99-61-164-2.lightspeed.sntcca.sbcglob...) (99.61.164.2) 32.266 ms 33.183 ms 32.127 ms

arunsr2015 gravatar imagearunsr2015 ( 2015-02-12 10:29:26 -0500 )edit

Route which you see in my Routing table was created automatically by RDO packstack during Multi node deployment on Network Node. I just get it ready. br-ex should have forward packets to gateway.

dbaxps gravatar imagedbaxps ( 2015-02-12 11:03:00 -0500 )edit

Sample of answer-file you may see here ( just Two Node RDO Juno cluster set up )
RDO Juno Set up Two Real Node (Controller+Compute) Gluster 3.5.2 Cluster ML2&OVS&VXLAN on CentOS 7 " : http://bderzhavets.blogspot.com/2014/...

dbaxps gravatar imagedbaxps ( 2015-02-12 11:06:18 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-02-10 23:55:35 -0500

Seen: 1,681 times

Last updated: Feb 12 '15