Ask Your Question

External network only works for routers

asked 2013-12-16 15:42:45 -0500

monitorjbl gravatar image

I've got an interesting problem with a very simple network. I followed this installation guide to get a multi-node Grizzly install going. The guide is very good and I had little trouble getting things working as directed. I was able to successfully create a VM, assign it a floating IP, and connect to it remotely through the floating IP address. However, I'm trying to do something on top of what the guide had me set up: I want to have external IPs created via DHCP rather than through floating IPs so they appear as two network interfaces inside the VM.

I figured this would be pretty straightforward, so I just enabled DHCP on the subnet of the external network. This worked insofar as my VM got an IP address, but there was no external access available. I did some deeper digging and it appears that nothing is being forwarded from the VM at all. I confirmed that I am able to ping other VMs attached to the external subnet, but none attached to the external subnet can ping outside the virtual network. This is a diagram of what my network looks like right now:

image description

The default gateway for VM_1 and VM_2 is; for VM_3 it is

  • VM_1 can ping VM_2 only
  • VM_2 can ping both VM_1 and VM_3, as well as router_proj_one (but only on
  • VM_3 can ping router_proj_one on both of its interfaces, as well as Host_1 and the Real Router. However, it cannot ping either VM_1 or VM_2
  • Host_1 can ping router_proj_one and the Real Router. If static routes are configured appropriately, it can also ping VM_2 and VM_3 on their interfaces.

This behavior has lead me to conclude that the VMs are not actually getting external ports (taps?) assigned to them. However, I don't know what needs to be done to make this happen. It appears to happen automatically for routers viat the --router:external=True flag, but there is no similar flag for VMs.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2014-07-15 08:40:27 -0500

ciberkot gravatar image


I have the same problem. If you look deeper at the ovsctl configuration you will see that the instance VM_1 and VM_2 which are created in "external" network are placed in the br-int bridge. Only a openstack router is placed automatically in the br-ex. there is a way to manually change the binding of the "tap" interfaces, delete them from b-int and place int br-ex: ovs-vsctl del-port br-int tap5f0258a8-85 ovs-vsctl add-port br-ex tap5f0258a8-85

but it will lead to the problem, that OpenSTack will not be able to start/stop/restart that instance and will complain about wrong interface.

for me it also looks very very strange, why OpenSTack doesn't allow to put instances directly in the external network and allow direct access. This should more or less usual requirement, which is available on all other orchestration tools for KVM, VMware XEN and so on. Everywhere there is a possibility to set up a direct instance, only OpenStack doesn't support it. Which means you can't really use it in the production environment. NATting with floating IP is not the best solution for the application like Web or FTP.

My question to you: How did you manage to ping the from an external host1?

edit flag offensive delete link more


have the same issue here, would need to know how to access / ping the external hosted VMs from within. I would like to create a network that spans the outside as well as inside of openstack and is managed by an external DHCP provider (checkpoint).

fattony666 gravatar imagefattony666 ( 2018-09-05 07:23:02 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2013-12-16 15:42:45 -0500

Seen: 572 times

Last updated: Jul 15 '14