HTTPS not working to Instance using FloatingIP
I actually have two networking problems, but the more pressing one first: From an outside node, or the Controller node for that matter, I cannot access any HTTPS ports on my instances.
Configuration: 3-node (Controller, Network, Compute) Ubuntu Juno OpenStack. This was installed using the default, manual install with Neutron networking as documented on the docs.openstack.org website. No errors in logs, Cirros instance launches with full SSH access. CentOS7 instance launches with SSH working until I try a "large" output (ls -al of a big directory hangs about 20 lines in [IE> the second network problem]). F5 Networks BIG-IP VE instance launches with SSH working until I try a "large" output. Both the CentOS7 and the BIGIP keep running, and I have full console access at all times. No errors reported in either instance log files. All nodes get all their DHCP assigned IPs. 'Default' security group setup like so:
# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| | | | | default |
| tcp | 22 | 22 | 0.0.0.0/0 | |
| tcp | 443 | 443 | 0.0.0.0/0 | |
| | | | | default |
| icmp | -1 | -1 | 0.0.0.0/0 | |
| tcp | 80 | 80 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
When I do an tcpdump from the BIGIP node, I can see the HTTPS packets coming in, and a response going out. If I create a mirror port on the 'br-int' bridge on the compute node, I just see the responses going out to my client, but no requests coming in?!? That doesn't seem right!
11:25:38.966302 IP6 fe80::bc29:bff:fe04:e7d5 > ip6-allrouters: ICMP6, router solicitation, length 16<br>
11:25:39.231659 IP 10.10.10.10.ssh > 10.147.95.128.57127: Flags [P.], seq 2501911056:2501911092, ack 4236512516, win 241, options [nop,nop,TS val 81901769 ecr 275729760], length 36<br>
11:25:42.974288 IP6 fe80::bc29:bff:fe04:e7d5 > ip6-allrouters: ICMP6, router solicitation, length 16<br>
11:25:49.236382 IP 10.10.10.10.ssh > 10.147.95.128.57127: Flags [P.], seq 36:72, ack 53, win 241, options [nop,nop,TS val 81911774 ecr 275739723], length 36<br>
11:25:51.810641 IP 10.10.10.8.https > 10.147.95.128.63978: Flags [S.], seq 1016497018, ack 1398343447, win 14480, options [mss 1460,sackOK,TS val 242030834 ecr 275742177,nop,wscale 7], length 0<br>
11:25:51.813968 IP 10.10.10.8.https > 10.147.95.128.63978: Flags [.], ack 211, win 122, options [nop,nop,TS val 242030838 ecr 275742190], length 0<br>
11:25:51.832698 IP 10.10.10.8.https > 10.147.95.128.63978: Flags [.], seq 1:1449, ack 211, win 122, options [nop,nop,TS val 242030857 ecr 275742190], length 1448<br>
11:25:51.832743 IP 10.10.10.8.https > 10.147.95.128.63978: Flags [P.], seq 1449:1654, ack 211, win 122, options [nop,nop,TS val 242030857 ecr 275742190], length 205<br>
11:25:52 ...