Ask Your Question
0

Instances not reachable from outside

asked 2015-11-26 11:27:32 -0600

oCyber gravatar image

Hey,

I've closely followed this guide to set up neutron after the installation with packstack: https://www.rdoproject.org/networking/neutron-with-existing-external-network/ (Neutron with existing external network)

When I look at my network topology, everything seems to look fine, yet I failed to reach my Instances from my external network so far. Here is my configuration:

$cat /etc/sysconfig/network-scripts/ifcfg-em4
NAME="em4"
DEVICE="em4"
HWADDR=44:44:42:55:66:77
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
ONBOOT="yes"

-

$ cat /etc/sysconfig/network-scripts/ifcfg-br-ex 
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR=10.0.0.250  
NETMASK=255.255.255.0  # your netmask
GATEWAY=10.0.0.138  # your gateway
DNS1=8.8.8.8     # your nameserver
ONBOOT=yes

-

sudo openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings extnet:br-ex
sudo openstack-config --set /etc/neutron/plugin.ini ml2 type_drivers vxlan,flat,vlan

-

neutron net-create external_network --provider:network_type flat --provider:physical_network extnet  --router:external --shared
neutron subnet-create --name public_subnet --dns-nameservers list=true 8.8.8.8 8.8.4.4 --enable_dhcp=False --allocation-pool=start=10.0.0.200,end=10.0.0.249 --gateway=10.0.0.138 external_network 10.0.0.0/24
neutron net-create private_network
neutron subnet-create --name private_subnet --dns-nameservers list=true 8.8.8.8 8.8.4.4 private_network 192.168.100.0/24
neutron router-create router1
neutron router-interface-add router1 private_subnet
neutron router-gateway-set router1 external_network

-

$ovs-vsctl show
    Bridge br-int
        fail_mode: secure
        Port "tap2fd8b0ff-f4"
            tag: 1
            Interface "tap2fd8b0ff-f4"
                type: internal
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port "em4"
            Interface "em4"
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    ovs_version: "2.4.0"

Any ideas? :)

edit retag flag offensive close merge delete

Comments

Hi, Please try by updating file vim /etc/sysconfig/network-scripts/ifcfg-br-ex,

TYPE=OVSIntPort 
OVS_BRIDGE=br-ex
Praveen N gravatar imagePraveen N ( 2015-11-30 07:55:19 -0600 )edit

What is the difference to OVSPort?

oCyber gravatar imageoCyber ( 2015-12-03 08:57:41 -0600 )edit

2 answers

Sort by ยป oldest newest most voted
1

answered 2015-11-30 03:14:35 -0600

Hi,

try to run below commands and see if you can ping or ssh from external network

neutron security-group-rule-create default --direction ingress --ethertype IPv4 --protocol icmp --remote-ip-prefix 0.0.0.0/0

neutron security-group-rule-create default --direction ingress --ethertype IPv4 --protocol tcp --port-range-min 22 --port-range-max 22 --remote-ip-prefix 0.0.0.0/0
edit flag offensive delete link more

Comments

Yes the icmp rule was missing, which added to my confusion. Basically I misunderstood how Openstack Floating IPs work and connected VMs to the br-ex network, then wondered why they didn't get an IP :)

oCyber gravatar imageoCyber ( 2015-12-03 08:59:33 -0600 )edit
1

answered 2015-11-28 22:01:23 -0600

Bipin gravatar image

updated 2015-11-28 22:01:39 -0600

Hello,

Did you create security group rules for your tenant ? ICMP for ping ?

nova secgroup-list
nova secgroup-list-rules <your secgroup name>

Regards

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-11-26 11:27:32 -0600

Seen: 801 times

Last updated: Nov 30 '15