Ask Your Question
0

Fail to ping google, from L3 router

asked 2013-11-30 22:00:40 -0500

DennyZhang gravatar image

updated 2013-12-01 08:53:06 -0500

My main problem is that I fail to ping google(74.125.227.210), from the L3 router's linux network namespace.

The environment is quite normal, with only one exception: floatingip of router's external network are not routable.

The L3 router has 3 network interface: lo, qr-be2f5603-d9(private network) and qg-8b087025-bb(External network). qg-8b087025-bb is bind to br-ex(external openvSwitch bridge). And previously eth0 has a routable floatingip, I added eth0 to br-ex.

I try "ip netns exec qrouter-f9447cdc-5151-4623-9ea3-8dce84cb4c52 ping 74.125.227.210", but tcpdump tells me the icmp is sent from lo interface. This is quite strange to me.

Further more router_gateway port of external network is down, and some qpid errors are found in neutron log: http://paste.openstack.org/show/54240/

Detail environment information can be found: http://paste.openstack.org/show/54224/

Previously, I thought it would be:

  1. When we ping google from the router's namespace, it will go through the default gateway(172.24.4.225)
  2. Thus, the traffic will go from interface qg-8b087025-bb
  3. Then qg-8b087025-bb will go to the trunk port of br-ex, which should be eth1
  4. eth1 has a floatingip, thus the icmp package can be routed correctly to google
  5. Then the icmp response can return back correctly to qg-8b087025-bb

Is there anything wrong of my judgement?

Many thanks for the comments. I have been fighting against this kind of neutron problems for two weeks!!

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2013-12-03 03:36:30 -0500

darragh-oreilly gravatar image

The neutron router kicks out packets to its default route. In your case you have choosen something that has IP address 172.24.4.225. What is this device with 172.24.4.225 ?

Is it a real physical router? If so, then the nic that corresponds to eth0 needs to be on the same link. Eth0 should not have an ip. Then the bridge br-ex bridges the qg-xxxxxx-xx device to that link via eth0.

Or maybe instead you have put 172.24.4.225 on the interface br-ex, and intend to use the host root IP namespace as the next hop router? This is ok for small test/development/poc setups. In this case you will need to enable ip forwarding in host namespace - see here. You should also remove eth0 from bridge br-ex. And upstream routers will need to have routes so they will know how to return packets in the floating ip range to this host. If you only need outward access from the instances, you could add an iptables masquerade rule - then you will not need to configure those routes on the upstream routers.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-11-30 22:00:40 -0500

Seen: 242 times

Last updated: Dec 03 '13