Ask Your Question
0

ping floating-ip , is it need to reach network node for tanslation to private ip

asked 2015-11-23 06:20:16 -0500

Basivireddy gravatar image

updated 2015-11-24 00:42:12 -0500

My environment details, JUNO,OpenvSwitch,neutron server on controller node,external network on network node.

ping floating-ip

Can you explain how ping to floating-ip from follwing place's: ping from compute node: ping from network node: ping from controller node:

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
2

answered 2015-11-23 09:43:16 -0500

In general, only Network Node should have interface on external network.
Controller and Compute may have or have not interface on external network.
It's completely up to you.

edit flag offensive delete link more

Comments

External network on network node.My point is how ping will happen

Basivireddy gravatar imageBasivireddy ( 2015-11-24 00:43:39 -0500 )edit

Please, elaborate "My point is how ping will happen".
In general, via ARP broadcast request. What do you mean ?

dbaxps gravatar imagedbaxps ( 2015-11-24 01:44:41 -0500 )edit

my question where is translation happen from floating to private ip ?

Basivireddy gravatar imageBasivireddy ( 2015-11-24 06:36:30 -0500 )edit
1

answered 2015-11-24 06:50:18 -0500

dbaxps gravatar image

updated 2015-11-24 07:04:05 -0500

My question where is translation happen from floating to private ip ?
Addressing updated question
Neutron router , having interface to tenant's nertwork and gateway to external performs DNAT/SNAT IPTables rules conversion

[root@hacontroller1 ~(keystone_admin)]# ip netns exec qrouter-c926b966-1b84-45bc-9744-00808424304d   iptables-save -t nat | grep "^-A"|grep l3-agent
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A neutron-l3-agent-OUTPUT -d 10.10.10.110/32 -j DNAT --to-destination 50.0.0.12
-A neutron-l3-agent-OUTPUT -d 10.10.10.107/32 -j DNAT --to-destination 50.0.0.8
-A neutron-l3-agent-POSTROUTING ! -i qg-34893aa0-17 ! -o qg-34893aa0-17 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 10.10.10.110/32 -j DNAT --to-destination 50.0.0.12
-A neutron-l3-agent-PREROUTING -d 10.10.10.107/32 -j DNAT --to-destination 50.0.0.8
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-float-snat -s 50.0.0.12/32 -j SNAT --to-source 10.10.10.110
-A neutron-l3-agent-float-snat -s 50.0.0.8/32 -j SNAT --to-source 10.10.10.107
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -o qg-34893aa0-17 -j SNAT --to-source 10.10.10.105
-A neutron-l3-agent-snat -m mark ! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source 10.10.10.105
-A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat

Networks list ( HA Neutron Router in my environment due to 3 Node Controllers Cluster )

[root@hacontroller1 ~(keystone_admin)]# neutron net-list
+--------------------------------------+----------------------------------------------------+-------------------------------------------------------+
| id                                   | name                                               | subnets                                               |
+--------------------------------------+----------------------------------------------------+-------------------------------------------------------+
| 296efc23-3485-4fb9-a84f-5e4b3ea590cc | public                                             | 3672a65c-dec5-44f3-b917-5ad197e1b04f 10.10.10.0/24    |
| 88e949ee-290a-49c3-8b6b-95810286eb0b | HA network tenant 7db0aa013d60434996585c4ee359f512 | 9885ed13-68cc-44b5-9f8f-378c02c22a61 169.254.192.0/18 |
| 1870d5a1-8f9e-48b1-8b68-cc2e3f7606be | private                                            | 4623f8c0-54df-41b9-ac30-10079bc9ce2f 50.0.0.0/24      |
+--------------------------------------+----------------------------------------------------+-------------------------------------------------------+

Next

[root@hacontroller1 ~(keystone_admin)]# neutron router-port-list RouterDMS
+--------------------------------------+-------------------------------------------------+-------------------+--------------------------------------------------------------------------------------+
| id                                   | name                                            | mac_address       | fixed_ips                                                                            |
+--------------------------------------+-------------------------------------------------+-------------------+--------------------------------------------------------------------------------------+
| 34893aa0-17b7-4fdf-a8ca-4c086584ed90 |                                                 | fa:16:3e:ca:53:4f | {"subnet_id": "3672a65c-dec5-44f3-b917-5ad197e1b04f", "ip_address": "10.10.10.105"}  |
| 4b54e64e-6133-4e40-9f7a-9ae74ee714d4 | HA port tenant 7db0aa013d60434996585c4ee359f512 | fa:16:3e:b2:30:a2 | {"subnet_id": "9885ed13-68cc-44b5-9f8f-378c02c22a61", "ip_address": "169.254.192.6"} |
| 8f5b3f4a-4545-44e1-bd1b-274b1a9a5058 |                                                 | fa:16:3e:1e:4b:da | {"subnet_id": "4623f8c0-54df-41b9-ac30-10079bc9ce2f", "ip_address": "50.0.0.1"}      |
| c456226a-09dd-41c7-8858-960820634254 | HA port tenant 7db0aa013d60434996585c4ee359f512 | fa:16:3e:b8:af:5a | {"subnet_id": "9885ed13-68cc-44b5-9f8f-378c02c22a61", "ip_address": "169.254.192.5"} |
+--------------------------------------+-------------------------------------------------+-------------------+--------------------------------------------------------------------------------------+
edit flag offensive delete link more

Comments

Thank you I got it.

ip netns exec qrouter-259ba02b-814a-443f-95f0-3797824c26a4 iptables-save -t nat | grep "^-A"|grep l3-agent -A neutron-l3-agent-PREROUTING -d 172.21.207.151/32 -j DNAT --to-destination 10.10.10.6 -A neutron-l3-agent-float-snat -s 10.10.10.6/32 -j SNAT --to-source 172.21.207.151

Basivireddy gravatar imageBasivireddy ( 2015-11-24 10:10:03 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-11-23 06:20:16 -0500

Seen: 123 times

Last updated: Nov 24 '15