I am setting up replica of my real-world deployment in terms of networks within single instance of OpenStack. For that I have to create 3 networks (1 for each tier): web, middleware, db.

I have created those networks successfully then I've added the routers between respective networks, yet my web tier can't reach middleware and middleware can't reach DB using those private nets.

I have created a separate "public" network to which all those nets can be routed (so that I can access VMs directly). This one works just fine.

Most details provided in gist:

https://gist.github.com/droopy4096/00...

To simplify: this time around I've used dashboard to create network infrastructure. So procedure I've followed:

• created each network (front, mid, db, public) with according subnet.
• created routers "bridging" specific pairs of network, e.g.: gb_front_mid_router is connecting front tier (web) and mid tier (middleware).
• for each tier created secgroup with corresponding rules
• created VMs for each tier assigned to specific private network with specific secgroups applied
• checked that default secgroup seems to be allowing everything in (see gist)

pinging from systest-front to systest-mid (on 10.10/16 IPs) fails so far. Same goes for pings from mid to db etc.

what am I missing? Why traffic from one private net can't reach another? Anything needs to be added to configuration?