Can not ssh to openstack instance using floating Ip address?

asked 2015-06-22 00:29:15 -0600

Ravi_52 gravatar image

I've setup openstack using http://docs.openstack.org/developer/devstack/guides/single-machine.html (http://docs.openstack.org/developer/d...) machine has single Ethernet Port Eth0 With ip address 192.168.1.22 and i've created instance which has ipaddress 10.11.12.2 i can ssh to instance from openstack machine using ssh cirros@10.11.12.2 but when i try to ssh instance using ssh cirros@192.168.1.161 can't connect to instance.

$ cat /proc/sys/net/ipv4/ip_forward
1

Below is the output of "ip a"

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet 169.254.169.254/32 scope link lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br100 state UP group default qlen 1000
    link/ether 90:2b:34:72:f5:1c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::922b:34ff:fe72:f51c/64 scope link 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 26:e5:1c:64:c3:fe brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
      valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 56:84:7a:fe:97:99 brd ff:ff:ff:ff:ff:ff
    inet 172.17.42.1/16 scope global docker0
       valid_lft forever preferred_lft forever
5: br100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 90:2b:34:72:f5:1c brd ff:ff:ff:ff:ff:ff
    inet 10.11.12.1/24 brd 10.11.12.255 scope global br100
       valid_lft forever preferred_lft forever
    inet 192.168.1.22/24 brd 192.168.1.255 scope global br100
       valid_lft forever preferred_lft forever
    inet 192.168.1.161/32 scope global br100
       valid_lft forever preferred_lft forever
    inet6 fe80::10a6:76ff:fed9:3ccc/64 scope link 
       valid_lft forever preferred_lft forever
6: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br100 state UNKNOWN group default qlen 500
    link/ether fe:16:3e:87:4e:90 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc16:3eff:fe87:4e90/64 scope link 
       valid_lft forever preferred_lft forever

Routing table:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 br100
10.11.12.0      0.0.0.0         255.255.255.0   U     0      0        0 br100
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     0.0.0 ...
(more)
edit retag flag offensive close merge delete

Comments

To access an instance via floating IP address, OpenStack uses DNAT in the router. If you use Openvswitch, the default in devstack AFAIK, the router is implemented via iptables in its own network namespace. You have to check there. See the NW troubleshooting section in the Operations guide.

Bernd Bausch gravatar imageBernd Bausch ( 2015-06-24 06:21:25 -0600 )edit