Ask Your Question
0

instance not accessible but can connect out to public network

asked 2016-01-19 12:58:58 -0500

jamesopst gravatar image

hi all,

totally newb here, and I'm worried without enough technical knowledge to understand this stuff. I'm lost with networking, with namespaces, virtual routers, and floating ips, etc

i know there are tons of threads which address similar issues to this, but everything I read has components and concepts I am not familiar with.

I've deployed openstack using Mirantis Fuel and have been able to get into Horizon dashboard and deploy a controller node and a compute node (as Fuel calls them)... maybe my questions should be to the Mirantis folks.

Also I've been able to start an instance of Cirros and an instance of a CentOS KVM image I've uploaded.

Both instances have network issues where I can't connect to them or ping them from the public network. Either by using the Net04_Ext Public address, or the floating IP address (what's the difference?), or the Net04 NeutronL3 address.

I can however ping and ssh out of the instance, from the console to the public network. The public network sees it as a connection from the ip address which is the floating IP address (which I don't even see assigned to any interface in the instance...)

wonder if anyone can step me through debugging what I've got wrong and teach me a thing or two along the way.

I don't know what's needed to start so I'll just dump a lot of ifconfig type of info, which a lot of info... I know...

=== Controller Node ====

Controller ifconfig

br-ex     Link encap:Ethernet  HWaddr 0e:ba:f6:ac:33:3b
          inet addr:10.20.244.22  Bcast:10.20.244.255  Mask:255.255.255.0
          inet6 addr: fe80::a6ba:dbff:fe09:8bd0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:174954 errors:0 dropped:0 overruns:0 frame:0
          TX packets:75583 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:11996903 (11.9 MB)  TX bytes:5366079 (5.3 MB)

br-floating Link encap:Ethernet  HWaddr be:c4:58:5d:00:48
          inet6 addr: fe80::bcc4:58ff:fe5d:48/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:117469 errors:0 dropped:1 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4944780 (4.9 MB)  TX bytes:648 (648.0 B)

br-fw-admin Link encap:Ethernet  HWaddr a4:ba:db:09:8b:cf
          inet addr:10.20.0.4  Bcast:10.20.0.255  Mask:255.255.255.0
          inet6 addr: fe80::a6ba:dbff:fe09:8bcf/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:477253 errors:0 dropped:0 overruns:0 frame:0
          TX packets:481612 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:25601240 (25.6 MB)  TX bytes:122692797 (122.6 MB)

br-mgmt   Link encap:Ethernet  HWaddr 8a:a6:d0 ...
(more)
edit retag flag offensive close merge delete

Comments

I think it would be better if I re-phrase this question. Can someone help me debug a network connectivity issue into an instance, when a connection out from this instance works OK? this is neutron networking

thanks

jamesopst gravatar imagejamesopst ( 2016-01-25 10:30:36 -0500 )edit

2 answers

Sort by ยป oldest newest most voted
0

answered 2016-01-27 09:59:31 -0500

I am facing similar issue.

edit flag offensive delete link more
0

answered 2017-07-20 15:42:28 -0500

jamesopst gravatar image

updated 2017-07-20 15:44:35 -0500

this answer ended up being that I had not created the Ingress part of my wide_open security group correctly. usually only advisable in a test environment

Horizon - Access and Security - Security Group - +Create Security Group
name it "wide_open"

once it is created "Manage Rules" for it

Add a Ingress rule to the existing Egress rules:
Change Rule to "Other Protocol"
Direction to "Ingress"
Leaving "IP Protocol" blank will mean Any Protocol
Leave Remote and CIDR fields the default values.
Click "Add" Button
This is the IPv4 Ingress wide open rule



Add a second Ingress rule:
Change Rule to "Other Protocol"
Direction to "Ingress"
Leaving "IP Protocol" blank will mean Any Protocol
Leave Remote field the default value.
Change the CIDR value to "::/0"
Click "Add" Button
This is the IPv6 Ingress wide open rule
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-01-19 12:58:58 -0500

Seen: 260 times

Last updated: Jul 20 '17