Nova vlan setup problem

asked 2013-10-23 22:21:17 -0500

Claude

updated 2013-10-23 23:54:00 -0500

I have a 2 nodes Openstack Grizzly setup running under Ubuntu 12.04.

Both servers have a single nic (eth0). Each server has a public IP address. There's also a vlan (2007) available wich connects to a firewall. For example:

Node 1
public IP: on eth0
gateway IP:
private IP: on eth0.vlan2007 (assigned by Nova)

Node 2
public IP: on eth0
gateway IP:
private IP: on eth0.vlan2007 (assigned by Nova)

public IP:
private IP: on vlan 2007

I did my setup with Nova using VlanManager like this:
nova network-create public --fixed-range-v4= --vlan=2007 --bridge=br2007 --gateway=

I can create instances and they get 172.16.1.x addresses and they can ping each other so vlan networking is fine. I can also ping those instances from the router.

However, when I try to nat a public ip of the router to an instance IP, I can't ping it :
router public IP: --natted to--> instance public IP:

I did a tcpdump on the compute node and I can see the ping reaching the compute node. However the ping is not passed to the instance.

What am I missing?

Edit. I got it working by disabling the compute node firewall (firewall_driver=nova.virt.firewall.NoopFirewallDriver in nova.conf). Now the question is what's missing in the config to re-enable the fw?

1 answer

answered 2013-10-24 08:47:44 -0500

Claude

I finally managed to get it working :

I used the "dhcp_option=3,ip_of_router" (setup with dnsmasq_config_file) so the instances would have a default gateway pointing to the router instead of the compute node's nic. Second, I opened up the firewall with:

nova secgroup-add-rule default icmp -1 -1
nova secgroup-add-rule default tcp 22 22

Now I have connectivity from hosts outside of the vlan range.

Asked: 2013-10-23 22:21:17 -0500

Last updated: Oct 24 '13