can't access instance floating IP

asked 2015-10-18 11:53:50 -0600

michaelp gravatar image

I installed Kilo Openstack/devstack with everything on a single node on ubuntu 14.04. I created an instance, I can see it got both internal and external IPs assigned IP Addresses

Public172.24.4.5, 2001:db8::6 Private10.0.0.4, fd6d:9a49:de06:0:f816:3eff:feb5:1609

I added it to the default security group and edited the security group enabling icmp and ssh (port 22) ingress rules. Now can ping and ssh the instance internal IP

However, I cannot ping or SSH the instance floating IP from the compute node or any other machine on the network.
I can ping public network default gateway IP and router external IP However, ping to instance floating IP does not work.

Looking at both public and private networks I see that both status is Active. All router interfaces are shown as Active as well.

Here is the output of commands from the compute node $ neutron router-list $ ip netns | grep router_id ( $ ip netns exec qrouter-router_id iptables -S -t nat $ ip netns exec qrouter-router_id ip a $ ip netns exec qrouter-router_id ifconfig

neutron router-list ea089823-0b25-42c8-ac30-d56ffa1ff2ac | router1 | {"network_id": "2863985b-f319-435e-8d0b-8f6647008711", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "a2bd8b63-7be5-43b5-9534-bd5e04a59734", "ip_address": ""}, {"subnet_id": "c26dd6ba-6573-4c06-936e-00fe5c1d67bb", "ip_address": "2001:db8::3"}]} | False | False |

ip netns | grep ea089823-0b25-42c8-ac30-d56ffa1ff2ac qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac

sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac iptables -S -t nat

-P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -N neutron-l3-agent-OUTPUT -N neutron-l3-agent-POSTROUTING -N neutron-l3-agent-PREROUTING -N neutron-l3-agent-float-snat -N neutron-l3-agent-snat -N neutron-postrouting-bottom -A PREROUTING -j neutron-l3-agent-PREROUTING -A OUTPUT -j neutron-l3-agent-OUTPUT -A POSTROUTING -j neutron-l3-agent-POSTROUTING -A POSTROUTING -j neutron-postrouting-bottom -A neutron-l3-agent-POSTROUTING ! -i qg-43b82233-b7 ! -o qg-43b82233-b7 -m conntrack ! --ctstate DNAT -j ACCEPT -A neutron-l3-agent-PREROUTING -d -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697 -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat -A neutron-l3-agent-snat -o qg-43b82233-b7 -j SNAT --to-source -A neutron-l3-agent-snat -m mark ! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source -A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat

sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac ip a

1: lo: <loopback,up,lower_up> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 9: qr-db44c430-bc: <broadcast,up,lower_up> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:90:1b:f8 brd ff:ff:ff:ff:ff:ff inet brd scope global qr-db44c430-bc valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe90:1bf8/64 scope link valid_lft forever preferred_lft forever 10: qg-43b82233-b7: <broadcast,up,lower_up> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:3e:bb:08 brd ff:ff:ff:ff:ff ... (more)

edit retag flag offensive close merge delete