No connection between the physical interface and qg-
Good day! I use RHEL 7.2 and Openstack Liberty.
I can not solve a problem with access to the external network from the internal network Openstask.
The problem is that qg- interface for some reason not connected with the physical. What I mean:
# ip netns exec qrouter-87599ab1-ed12-4550-9c37-623ab7843ed9 ping 172.28.5.249
PING 172.28.5.249 (172.28.5.249) 56(84) bytes of data.
From 172.28.5.23 icmp_seq=1 Destination Host Unreachable
From 172.28.5.23 icmp_seq=2 Destination Host Unreachable
From 172.28.5.23 icmp_seq=3 Destination Host Unreachable
From 172.28.5.23 icmp_seq=4 Destination Host Unreachable
Then on network node i see:
# tcpdump -i tapf2a91744-53
tcpdump: WARNING: tapf2a91744-53: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tapf2a91744-53, link-type EN10MB (Ethernet), capture size 65535 bytes
15:20:44.043450 ARP, Request who-has 172.28.5.249 tell 172.28.5.23, length 28
15:20:44.310269 ARP, Request who-has 172.28.5.249 tell 172.28.5.23, length 28
15:20:45.045918 ARP, Request who-has 172.28.5.249 tell 172.28.5.23, length 28
And:
# ip netns exec qrouter-87599ab1-ed12-4550-9c37-623ab7843ed9 arp -a
? (172.28.5.249) at <incomplete> on qg-f2a91744-53
? (172.28.5.248) at <incomplete> on qg-f2a91744-53
? (10.0.0.6) at fa:16:3e:6e:da:36 [ether] on qr-b2e900d8-5e
? (172.28.5.247) at <incomplete> on qg-f2a91744-53
? (10.0.0.5) at fa:16:3e:45:54:58 [ether] on qr-b2e900d8-5e
? (172.28.5.240) at <incomplete> on qg-f2a91744-53
If i do ping from external network, then silence:
# tcpdump -i any -n -v \ 'icmp[icmptype] = icmp-echoreply or icmp[icmptype] =icmp-echo'
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
^C
0 packets captured
1 packet received by filter
0 packets dropped by kernel
Iptables enable:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
neutron-linuxbri-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
neutron-filter-top all -- anywhere anywhere
neutron-linuxbri-FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
neutron-filter-top all -- anywhere anywhere
neutron-linuxbri-OUTPUT all -- anywhere anywhere
Chain neutron-filter-top (2 references)
target prot opt source destination
neutron-linuxbri-local all -- anywhere anywhere
Chain neutron-linuxbri-FORWARD (1 references)
target prot opt source destination
Chain neutron-linuxbri-INPUT (1 references)
target prot opt source destination
Chain neutron-linuxbri-OUTPUT (1 references)
target prot opt source destination
Chain neutron-linuxbri-local (1 references)
target prot opt source destination
Chain neutron-linuxbri-sg-chain (0 references)
target prot opt source destination
Chain neutron-linuxbri-sg-fallback (0 references)
target prot opt source destination
DROP all -- anywhere anywhere /* Default drop rule for unmatched traffic. */
# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
neutron-linuxbri-PREROUTING all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
neutron-linuxbri-OUTPUT all -- anywhere anywhere
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
neutron-linuxbri-POSTROUTING all -- anywhere anywhere
neutron-postrouting-bottom all -- anywhere anywhere
Chain neutron-linuxbri-OUTPUT (1 ...add a comment
