compute node instance can't access other instance [closed]

asked 2013-12-07 21:49:58 -0500

updated 2013-12-07 21:52:49 -0500

i have installed havana with neutron as the network service. (openvswich+gre). i have installed two compute node and a controller node. One is work fine but other is not.

i can create instance at the compute node but the instance can't access to outsite . It is strange that the other instance host on other compute node can access the instance. for example , instance a (with ip : host on compute node A, instance b(with ip : host on compute B. , instance a ping b is ok opposite not.

[root@host-192-168-1-6 ~]# ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=1.29 ms
64 bytes from icmp_seq=2 ttl=64 time=0.619 ms
64 bytes from icmp_seq=3 ttl=64 time=0.747 ms

[root@host-192-168-1-24 ~]# ping
From icmp_seq=2 Destination Host Unreachable
From icmp_seq=3 Destination Host Unreachable
From icmp_seq=4 Destination Host Unreachable
From icmp_seq=6 Destination Host Unreachable

i have some clue about the this . it's should be related iptables rule or firewall. so i add below iptables rule at node B munually .it's work fine now.

#iptables -t filter -I FORWARD -i qbr+ -o qbr+ -j ACCEPT

but once the firewall refreshed after a new instance create or delete. the network still can't work again. so what's happan? it's seem that the iptables rule clear and roolback after iptables refresh.

here is my deployment environment:

vi /etc/nova/nova.conf


vi /etc/neutron/plugin.ini

tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
local_ip =

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
