Ask Your Question
0

Accessing the VM from internet

asked 2015-05-08 19:06:33 -0600

Vivek gravatar image

Hello All,

In my single node setup (Openstack JUNO on CENTOS 6.5 running with neutron-ovs for networking) which is functional, I am able to reach the internet from the virtual-machine using floating-ip and everything seems to be working fine.

But I want to access the VM from the outside network and I tried testing that by pinging the floating-ip and I see that the reachability is not there. So what I would like to know is

  1. Is this a expected behaviour and do I need to turn on something else ?
  2. Am I missing something , in which case what are the common things I can look for ?

Regards, Vivek

edit retag flag offensive close merge delete

Comments

Please post ifconfig && ovsvsctl show and description or create statement for your external network

dbaxps gravatar imagedbaxps ( 2015-05-09 00:34:10 -0600 )edit

Make sure your default security group allows inbound traffic.

Tobias Urdin gravatar imageTobias Urdin ( 2015-05-10 15:09:08 -0600 )edit
add a comment

3 answers

Sort by ยป oldest newest most voted
0

answered 2015-05-09 14:32:45 -0600

YanivZadka2 gravatar image

Try opening ports on your default security group (or any other security group this instance assigned to): nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

edit flag offensive delete link more
add a comment
0

answered 2015-05-10 06:23:06 -0600

Vivek gravatar image

First of all thanks for both the replies.

@ sunnyarora : I have already enabled forwarding in linux kernel and everything else (other traffic flows like inter-vm, vm to internet ) are working fine.

@ YanivZadka2: Does adding a nova sec group rule gonna make any difference here ? Since I am using JUNO with neutron does having a nova network (this sec rule for instance) configuration has any effect ?

edit flag offensive delete link more

Comments

The config guide have a section about pinging the floating IP default GW: "the tenant router gateway should occupy the lowest IP address in the floating IP address range" if you can't ping it there's an issue you need to solve first. If not open the ports in the sec group - it is applied by default

YanivZadka2 gravatar imageYanivZadka2 ( 2015-05-10 17:07:35 -0600 )edit
add a comment
0

answered 2015-05-08 19:59:03 -0600

sunnyarora gravatar image

updated 2015-05-11 02:13:03 -0600

Yes this can be the expected behaviour in case your Iptables on compute nodes are not properly set so that the IP should get the correct response. Can you please check is ip forwarding enabled on the compute node ? also run below command on the compute node.This worked in my case. sysctl -p

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2015-05-08 19:06:33 -0600

Seen: 280 times

Last updated: May 11 '15

Related questions

cant ping instance(local and floating) but router does fine

VMs not accessable using Floating-ip(Stderr: 'ovs-ofctl: -1: negative values not supported for in_port\n')

neutron error

floating ip not pinging from other nodes?

neutron and external network access

Neutron floating IPs bounded to specific hosts

Limit floating ip [closed]

How do I create a floating IP pool

Error in the association floating ip with 2 networks.

Floating IPs stopped working [closed]