Ask Your Question
0

Instance cannot ping router or external

asked 2015-02-26 08:06:50 -0500

Foxhound gravatar image

Hello,

I'm new on openstack and as some peoples I have a problem (and I'm sure that's a stupid mistake). I'm able to make ping/ssh to my instance from compute/network and controller node with floating IP but my instance cannot ping qrouter/other instance or external network. Qrouter can ping external/internal interface and instance

My configuration:

  • OS: ubuntu 14.04 LTS
  • openstack Juno
  • controller node: 2 NIC (external/Management)
  • network node: 3 NIC (external/management/instance)
  • compute node: 2 NIC (management/instance)

My network

  • management: 10.0.0.0/24
  • instance network 10.0.1.0/24
  • external 192.168.1.0/24
  • Qrouter external IP: 192.168.1.100, internal: 172.16.0.1
  • instance ip 172.16.0.7, floating 192.168.1.111

For information I make my network with Neutron (GRE Tunneling). All agents are UP, I don't see any ERROR in logs... I thing that iptables is correctly configured.

There is any configuration for resolved it (ML2 or L3 configuration?) ? Any idea ?

edit retag flag offensive close merge delete

Comments

For corresponding qdhcp-namespace && qrouter-namespace I need

ip netns exec qdhcp-namespace  route -n
ip netns exec qrouter-namespace  route -n

Same commands with ifconfig

dbaxps gravatar imagedbaxps ( 2015-02-26 13:44:41 -0500 )edit

I also need ovs-vsctl show && ifconfig && iptables-save > log on Network Node.

dbaxps gravatar imagedbaxps ( 2015-02-26 13:47:24 -0500 )edit

3 answers

Sort by » oldest newest most voted
0

answered 2016-03-02 10:08:28 -0500

abualy gravatar image

check the external subnet , i had the same problem, and in my case the "Gateway IP" of external subnet was not set right.

edit flag offensive delete link more

Comments

Hi....How did u set the gateway IP of external network.....and where did u set it....?

surabhi gravatar imagesurabhi ( 2017-03-30 01:07:46 -0500 )edit
0

answered 2015-02-27 02:42:37 -0500

Foxhound gravatar image

updated 2015-02-27 02:45:49 -0500

Hello,

Here all informations that you need:

root@network:/home/administrateur# ip netns exec qrouter-8c48b24e-9140-49ac-bbe3-805fcd871338 route -n
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 qg-1109f6e1-10
172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0 qr-c7e09571-d2
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 qg-1109f6e1-10

root@network:/home/administrateur# ip netns exec qdhcp-7621ae9d-ddba-4adf-9b06-aec93c940dbf route -n
Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
0.0.0.0         172.16.0.1      0.0.0.0         UG    0      0        0 tapbd58913f-43
172.16.0.0      0.0.0.0         255.255.255.0   U     0      0        0 tapbd58913f-43

root@network:/home/administrateur# ovs-vsctl show
aeeb9504-7b38-4996-9d74-e7006beb6b43
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port "qg-1109f6e1-10"
            Interface "qg-1109f6e1-10"
                type: internal
        Port "eth2"
            Interface "eth2"
    Bridge br-int
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port "qr-c7e09571-d2"
            tag: 1
            Interface "qr-c7e09571-d2"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "tapbd58913f-43"
            tag: 1
            Interface "tapbd58913f-43"
                type: internal
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-tun
        Port "gre-0a00011f"
            Interface "gre-0a00011f"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.31"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    ovs_version: "2.0.2"


root@network:/home/administrateur# ifconfig
br-ex     Link encap:Ethernet  HWaddr 6a:87:31:24:9d:42  
          inet adr:192.168.1.30  Bcast:192.168.1.255  Masque:255.255.255.0
          adr inet6: fe80::4040:a8ff:fe3a:7b50/64 Scope:Lien
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          Packets reçus:14699 erreurs:0 :0 overruns:0 frame:0
          TX packets:1443 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0 
          Octets reçus:4332906 (4.3 MB) Octets transmis:123840 (123.8 KB)

br-int    Link encap:Ethernet  HWaddr a6:11:e9:bf:a7:4d  
          adr inet6: fe80::f40e:8ff:fe94:3087/64 Scope:Lien
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          Packets reçus:149 erreurs:0 :0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0 
          Octets reçus:14584 (14.5 KB) Octets transmis:508 (508.0 B)

br-tun    Link encap:Ethernet  HWaddr 56:8d:3c:c0:26:41  
          adr inet6: fe80::2046:58ff:fed1:5592/64 Scope:Lien
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          Packets reçus:0 erreurs:0 :0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 lg file transmission:0 
          Octets reçus:0 (0.0 B) Octets transmis:648 (648.0 B)

eth0      Link encap:Ethernet  HWaddr de:c7:76:88:78:cb  
          inet adr:10.0.0 ...
(more)
edit flag offensive delete link more
0

answered 2015-02-27 02:57:52 -0500

madhank gravatar image

updated 2015-02-27 03:03:33 -0500

Have you did this on dashboard

click Access & Security

select Security Groups

click on manage rules

add rules for ping

all icmp

ingress

CIDR

0.0.0.0/0

add rules for ssh

Custom Tcp rule

ingress

port

22

CIDR

0.0.0.0/0

check now you can ping and ssh

have you edited this on /etc/neutron/plugins/ml2/ml2_conf.ini

[securitygroup]

enable_security_group = True

enable_ipset = True

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ovs]

local_ip = x.x.x.x

enable_tunneling = True

[agent]

tunnel_types = gre

bridge_mappings = external:br-ex

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

Stats

Asked: 2015-02-26 08:06:50 -0500

Seen: 5,568 times

Last updated: Feb 27 '15