can't access instance floating IP

asked 2015-10-18 11:53:50 -0500

michaelp gravatar image

I installed Kilo Openstack/devstack with everything on a single node on ubuntu 14.04. I created an instance, I can see it got both internal and external IPs assigned IP Addresses

Public172.24.4.5, 2001:db8::6 Private10.0.0.4, fd6d:9a49:de06:0:f816:3eff:feb5:1609

I added it to the default security group and edited the security group enabling icmp and ssh (port 22) ingress rules. Now can ping and ssh the instance internal IP 10.0.0.4.

However, I cannot ping or SSH the instance floating IP 172.24.4.5 from the compute node or any other machine on the network.
I can ping public network default gateway IP 172.24.4.1 and router external IP 172.24.4.2. However, ping to instance floating IP 172.24.4.5 does not work.

Looking at both public and private networks I see that both status is Active. All router interfaces are shown as Active as well.

Here is the output of commands from the compute node $ neutron router-list $ ip netns | grep router_id ( $ ip netns exec qrouter-router_id iptables -S -t nat $ ip netns exec qrouter-router_id ip a $ ip netns exec qrouter-router_id ifconfig

neutron router-list ea089823-0b25-42c8-ac30-d56ffa1ff2ac | router1 | {"network_id": "2863985b-f319-435e-8d0b-8f6647008711", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "a2bd8b63-7be5-43b5-9534-bd5e04a59734", "ip_address": "172.24.4.2"}, {"subnet_id": "c26dd6ba-6573-4c06-936e-00fe5c1d67bb", "ip_address": "2001:db8::3"}]} | False | False |

ip netns | grep ea089823-0b25-42c8-ac30-d56ffa1ff2ac qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac

sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac iptables -S -t nat

-P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -N neutron-l3-agent-OUTPUT -N neutron-l3-agent-POSTROUTING -N neutron-l3-agent-PREROUTING -N neutron-l3-agent-float-snat -N neutron-l3-agent-snat -N neutron-postrouting-bottom -A PREROUTING -j neutron-l3-agent-PREROUTING -A OUTPUT -j neutron-l3-agent-OUTPUT -A POSTROUTING -j neutron-l3-agent-POSTROUTING -A POSTROUTING -j neutron-postrouting-bottom -A neutron-l3-agent-POSTROUTING ! -i qg-43b82233-b7 ! -o qg-43b82233-b7 -m conntrack ! --ctstate DNAT -j ACCEPT -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697 -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat -A neutron-l3-agent-snat -o qg-43b82233-b7 -j SNAT --to-source 172.24.4.2 -A neutron-l3-agent-snat -m mark ! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source 172.24.4.2 -A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat

sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac ip a

1: lo: <loopback,up,lower_up> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 9: qr-db44c430-bc: <broadcast,up,lower_up> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:90:1b:f8 brd ff:ff:ff:ff:ff:ff inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-db44c430-bc valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe90:1bf8/64 scope link valid_lft forever preferred_lft forever 10: qg-43b82233-b7: <broadcast,up,lower_up> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:3e:bb:08 brd ff:ff:ff:ff:ff ... (more)

edit retag flag offensive close merge delete