Ask Your Question

Three nodes setup with neutron, cannot ping VMs either internal or External IP

asked 2016-04-14 12:52:15 -0500

jbheren gravatar image

updated 2016-04-15 09:07:25 -0500

HI, I installed openstack Liberty using juju on Ubuntu 14.04 on three nodes using maas & juju.

The maas controller machine has two interfaces, eth0 with ip and eth1 192.168.29 as gateway to the external network.

Nodes used for openstack have one physical interface named eth0 connected to the maas managed network, except the neutron-gateway node that has an eth1 interface connected to the external network 192.168.0.

Here is my juju deployment config :

  admin-password: openstack
  debug: 'true'
  log-level: DEBUG
  network-manager: Neutron
  flat-interface: 'eth0'
  enable-live-migration: 'True'
  migration-auth-type: "none"
  virt-type: kvm
  enable-resize: 'True'
  ext-port: 'eth1'
  bridge-mappings: 'external:br-ex'
  instance-mtu: 1400
  webroot: "/"

The deployment script

juju deploy --to 0 juju-gui
juju deploy --to lxc:0 mysql
juju deploy --config config.yaml --to lxc:0 keystone
juju deploy --config config.yaml --to lxc:0 nova-cloud-controller
juju deploy --config config.yaml --to lxc:0 glance
juju deploy --to lxc:0 rabbitmq-server
juju deploy --config config.yaml --to lxc:0 openstack-dashboard
juju deploy --config config.yaml --to lxc:0 cinder
juju deploy --config config.yaml nova-compute --constraints "tags=compute"
juju deploy --config config.yaml neutron-gateway --constraints "tags=neutron"
juju add-relation mysql keystone
juju add-relation nova-cloud-controller mysql
juju add-relation nova-cloud-controller rabbitmq-server
juju add-relation nova-cloud-controller glance
juju add-relation nova-cloud-controller keystone
juju add-relation nova-compute nova-cloud-controller
juju add-relation nova-compute mysql
juju add-relation nova-compute rabbitmq-server:amqp
juju add-relation nova-compute glance
juju add-relation glance mysql
juju add-relation glance keystone
juju add-relation glance cinder
juju add-relation mysql cinder
juju add-relation cinder rabbitmq-server
juju add-relation cinder nova-cloud-controller
juju add-relation cinder keystone
juju add-relation openstack-dashboard keystone
juju add-relation neutron-gateway mysql
juju add-relation neutron-gateway:amqp rabbitmq-server:amqp
juju add-relation neutron-gateway nova-cloud-controller
juju set keystone admin-password="openstack"
# display status
juju stat --format=tabular
# Download image
glance add name="Trusty x86_64" is_public=true container_format=ovf disk_format=qcow2 < trusty-server-cloudimg-amd64-disk1.img
# set default security group
nova secgroup-add-rule default icmp -1 -1
nova secgroup-add-rule default tcp 22 22
# add keypair
nova keypair-add --pub-key ~/.ssh/ id_rsa
nova image-list

After initial setup, I followed (the documentation) up to "Verify connectivity" and setup neutron networks as follows :

#create external network and subnet
neutron net-create ext-net --shared --router:external=True
neutron subnet-create ext-net --name ext-subnet \
  --allocation-pool start=,end= \
  --disable-dhcp --gateway

#create tenant network and subnet
neutron net-create demo-net
neutron subnet-create demo-net --name demo-subnet \

# add router
neutron router-create demo-router
neutron router-interface-add demo-router demo-subnet
neutron router-gateway-set demo-router ext-net

The neutron-gateway node has two physical network interfaces :

  • eth0 connected to the juju network
  • eth1 connected to the external network

When created, the router should get the first address ... (more)

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted

answered 2017-09-12 01:46:08 -0500

PeterX gravatar image

1) If you are using openvswitch then it should create tunnel between compute node and neutron node to get connectivity between vms. => ovs-vsctl show | grep remote ( run this command on both compute node and neutron node, if it doesn't appear then restart the openvswitch services on both the nodes OR restart both the server ) 2) default security group blocks ICMP so need to allow that 3) Sometimes you need to set MTU value to 1400 . => cat /etc/neutron/dnsmasq-neutron.conf dhcp-option-force=26,1400

all the best man :)

edit flag offensive delete link more

answered 2017-09-09 22:46:52 -0500

itlinux gravatar image

did you try to go into the router namespace and see if the router does have an IP address? Can you ping from there? ip netns exec qrouter-xxxxxx ip a ip netns exec qrouter-xxxxxx route -n ip netns exec qrouter-xxxxx ping -I qr-xxxxxx default gw IP address.

edit flag offensive delete link more


One more thing.. Security Groups by default do not allow pinging.

itlinux gravatar imageitlinux ( 2017-09-09 23:01:50 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-04-14 12:52:15 -0500

Seen: 749 times

Last updated: Sep 12