Ask Your Question
1

External network only works for routers

asked 2013-12-16 15:42:45 -0500

monitorjbl gravatar image

I've got an interesting problem with a very simple network. I followed this installation guide to get a multi-node Grizzly install going. The guide is very good and I had little trouble getting things working as directed. I was able to successfully create a VM, assign it a floating IP, and connect to it remotely through the floating IP address. However, I'm trying to do something on top of what the guide had me set up: I want to have external IPs created via DHCP rather than through floating IPs so they appear as two network interfaces inside the VM.

I figured this would be pretty straightforward, so I just enabled DHCP on the subnet of the external network. This worked insofar as my VM got an IP address, but there was no external access available. I did some deeper digging and it appears that nothing is being forwarded from the VM at all. I confirmed that I am able to ping other VMs attached to the external subnet, but none attached to the external subnet can ping outside the virtual network. This is a diagram of what my network looks like right now:

image description

The default gateway for VM_1 and VM_2 is 64.102.40.1; for VM_3 it is 192.168.200.1.

  • VM_1 can ping VM_2 only
  • VM_2 can ping both VM_1 and VM_3, as well as router_proj_one (but only on 192.168.200.1)
  • VM_3 can ping router_proj_one on both of its interfaces, as well as Host_1 and the Real Router. However, it cannot ping either VM_1 or VM_2
  • Host_1 can ping router_proj_one and the Real Router. If static routes are configured appropriately, it can also ping VM_2 and VM_3 on their 192.168.200.0/25 interfaces.

This behavior has lead me to conclude that the VMs are not actually getting external ports (taps?) assigned to them. However, I don't know what needs to be done to make this happen. It appears to happen automatically for routers viat the --router:external=True flag, but there is no similar flag for VMs.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2014-07-15 08:40:27 -0500

ciberkot gravatar image

Hi,

I have the same problem. If you look deeper at the ovsctl configuration you will see that the instance VM_1 and VM_2 which are created in "external" network are placed in the br-int bridge. Only a openstack router is placed automatically in the br-ex. there is a way to manually change the binding of the "tap" interfaces, delete them from b-int and place int br-ex: ovs-vsctl del-port br-int tap5f0258a8-85 ovs-vsctl add-port br-ex tap5f0258a8-85

but it will lead to the problem, that OpenSTack will not be able to start/stop/restart that instance and will complain about wrong interface.

for me it also looks very very strange, why OpenSTack doesn't allow to put instances directly in the external network and allow direct access. This should more or less usual requirement, which is available on all other orchestration tools for KVM, VMware XEN and so on. Everywhere there is a possibility to set up a direct instance, only OpenStack doesn't support it. Which means you can't really use it in the production environment. NATting with floating IP is not the best solution for the application like Web or FTP.

My question to you: How did you manage to ping the 192.168.200.0/24 from an external host1?

edit flag offensive delete link more

Comments

have the same issue here, would need to know how to access / ping the external hosted VMs from within. I would like to create a network that spans the outside as well as inside of openstack and is managed by an external DHCP provider (checkpoint).

fattony666 gravatar imagefattony666 ( 2018-09-05 07:23:02 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2013-12-16 15:42:45 -0500

Seen: 460 times

Last updated: Jul 15 '14