instances without a floating ip address

asked 2016-05-03 18:04:19 -0500

Hi Guys,

I am unable to get my instances that do not have a floating ip address to communicate to the external network. If I assign a floating ip address then things seem to work fine. I have tried basically by sending a udp log via logger to a external logging server which should only need egress access from the instance but even that does not seem to work till I assign a floating ip address. My understanding is that you don't need to have a floating ip address to just do egress communication from your instance to the external network but I can't seem to get this to work. Any help you can provide to push me in the right direction would be greatly appreciated.

Thanks.

-- stack@gredhos-cp1-c1-m1-mgmt:~$ neutron net-list | grep -i workingnet1 | 6f50cf6e-5cd4-4409-b322-dd539c09344d | workingnet1 | ca12dc44-c626-48d5-913d-444e91223008 192.168.5.0/24 |

$ neutron net-external-list | grep -i ext | bc73a5d6-1a20-4fb9-bd9a-d08eaa56be9c | ext-net | 65539815-a4a4-402f-a819-6933436c96f8 10.36.6.0/23 |

$ neutron router-list | grep -i working | 9e849e49-ed36-4280-a53c-47d6f5afbea2 | workingrouter1 | {"network_id": "bc73a5d6-1a20-4fb9-bd9a-d08eaa56be9c", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "65539815-a4a4-402f-a819-6933436c96f8", "ip_address": "10.36.6.240"}]} | True | False |

$ ip netns | grep -i 9e849e49 snat-9e849e49-ed36-4280-a53c-47d6f5afbea2 qrouter-9e849e49-ed36-4280-a53c-47d6f5afbea2

$ sudo ip netns exec snat-9e849e49-ed36-4280-a53c-47d6f5afbea2 ip a | grep "inet" inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host inet 192.168.5.4/24 brd 192.168.5.255 scope global sg-86abc456-8d inet6 fe80::f816:3eff:fe23:7166/64 scope link inet 10.36.6.240/23 brd 10.36.7.255 scope global qg-09e400d1-28 inet6 fe80::f816:3eff:fe52:dc9a/64 scope link

$ sudo ip netns exec snat-9e849e49-ed36-4280-a53c-47d6f5afbea2 iptables-save | grep SNA -A neutron-vpn-agen-snat -o qg-09e400d1-28 -j SNAT --to-source 10.36.6.240 -A neutron-vpn-agen-snat -m mark ! --mark 0x2 -m conntrack --ctstate DNAT -j SNAT --to-source 10.36.6.240

$ sudo ip netns exec qrouter-9e849e49-ed36-4280-a53c-47d6f5afbea2 ip a | grep "inet" inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host inet 192.168.5.1/24 brd 192.168.5.255 scope global qr-2a5906ae-42 inet6 fe80::f816:3eff:fef4:a80b/64 scope link

$ sudo ip netns exec qrouter-9e849e49-ed36-4280-a53c-47d6f5afbea2 ip rule ls
0: from all lookup local 32766: from all lookup main 32767: from all lookup default 3232236801: from 192.168.5.1/24 lookup 3232236801

$ sudo ip netns exec qrouter-9e849e49-ed36-4280-a53c-47d6f5afbea2 ip route show table all default via 192.168.5.4 dev qr-2a5906ae-42 table 3232236801 192.168.5.0/24 dev qr-2a5906ae-42 proto kernel scope link src 192.168.5.1 broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 broadcast 192.168.5.0 dev qr-2a5906ae-42 table local proto kernel scope link src 192.168.5.1 local 192.168.5.1 ... (more)

edit retag flag offensive close merge delete