Ask Your Question
0

Can't ping between instances with router on the middle (using VLAN)

asked 2015-04-17 15:54:02 -0500

leafar gravatar image

Hi,

I have an instance that is working as a router (CSR1Kv) and I have two instances connected to the router (CSR1Kv) on different VLANs.

instance1 <vlan113> router-CSR1Kv <vlan198> instance2

The instance1 is having the subnet 192.168.113.2/24 that is able to ping router-CSR1Kv with IP 192.168.113.1/24 on VLAN-113 The instance2 is having the subnet 192.168.198.2/24 that is able to ping router-CSR1Kv with IP 192.168.198.1/24 on VLAN-198

I created the static route on instance1 of network 192.168.198.0/24 pointing to the gateway router-CSR1Kv. I created the static route on instance2 of network 192.168.113.0/24 pointing to the gateway router-CSR1Kv.

In theory, I should be able to ping between the VMs because the router is able to route the packets of both subnets but I can't even ping from instance1 the IP of the connected interface of router-CSR1Kv towards instance2.

That means that somehow I'm having a security or blocking point issue that is not allowing me to ping between two subnets that doesn't belong to the same network/netmask. In this case the CSR1Kv is an instance that is in the middle to provide the L3 communication of both instances BUT is not working.

Can somebody explain me how to solve this issue?, what can be the cause of this issue?

Thanks!

edit retag flag offensive close merge delete

Comments

have you checked the Security Groups of the instances. Ping needs to be enabled in the SG .

rahulrajvn gravatar imagerahulrajvn ( 2015-04-20 09:33:35 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-04-23 13:35:42 -0500

leafar gravatar image

Yes, i checked the security groups. Everything looks good. That is not the problem. The problem is related to a security applied in OpenStack with mac-spoofing... If I remove the iptables config I can ping without any problem from one instance to another passing through the router. That means that my IPTables rules is blocking the source mac-address to toward the destination. Does anybody have a solution to this issue?

edit flag offensive delete link more

Comments

can you please make this:

ip netns

get the q-router then

ip netns exec q-router-Xxxxxxxxxx iptables -S

And edit you post. Tks

GLaupre gravatar imageGLaupre ( 2015-04-23 16:17:18 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-04-17 15:54:02 -0500

Seen: 473 times

Last updated: Apr 23 '15