Liberty 4 nodes juju deployment can ping floating ip but not internal

asked 2016-05-11 05:31:38 -0600

jbheren gravatar image

updated 2016-05-11 10:25:43 -0600

I have a 4 Physical nodes deployment based on hastexo's post (

From any openstack node, I can ping the external router interface, access my instances from floating IPs but cannot ping the internal router interface or internal IPs from any node. Is it the normal behaviour ?

On the VMs itself, after ssh using floating ip, i can ping both internal and external + Internet access is OK.

I did no manual post-configuration except network creation as described in the Liberty for Ubuntu documentation : (

Here is how I created Networks

#create external network and subnet
neutron net-create external --shared --router:external=True \
  --provider:physical_network external --provider:network_type flat
neutron subnet-create external --name ext-subnet \
  --allocation-pool start=,end= \
  --disable-dhcp \

#create tenant network and subnet
neutron net-create internal --provider:network_type vxlan
neutron subnet-create internal --name internal-subnet \

# add router
neutron router-create ext-router
neutron router-interface-add ext-router internal-subnet
neutron router-gateway-set ext-router external

# create floating ip neutron floatingip-create external

here is the ovs-vsctl show output

sudo: unable to resolve host compute-i5
    Bridge br-int
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port "qvo716db988-23"
            tag: 3
            Interface "qvo716db988-23"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-data
            Interface int-br-data
                type: patch
                options: {peer=phy-br-data}
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-data
        Port phy-br-data
            Interface phy-br-data
                type: patch
                options: {peer=int-br-data}
        Port br-data
            Interface br-data
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-0a00000b"
            Interface "vxlan-0a00000b"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="", out_key=flow, remote_ip=""}
    ovs_version: "2.4.0"

Here are the routes I see on the compute node (strange that no br is used?) :

ubuntu@compute-i5:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         UG    0      0        0 juju-br0   U     0      0        0 juju-br0   U     0      0        0 virbr0

And the juju config i used for install

#  openstack-origin: 'cloud:trusty-liberty'
  openstack-origin: 'cloud:trusty-liberty'
  admin-password: 'my very secret password'
  ha-bindinterface: eth1
  openstack-origin: 'cloud:trusty-liberty'
  network-manager: Neutron
  openstack-origin: 'cloud:trusty-liberty'
  ha-bindinterface: eth1
  ext-port: eth2
  bridge-mappings: 'external:br-ex'
  instance-mtu: 1400
  openstack-origin: 'cloud:trusty-liberty'
  ha-bindinterface: eth1
  network-device-mtu: 1400
  # Always make sure you enable security groups
  neutron-security-groups: true
  overlay-network-type: vxlan
  ha-bindinterface: eth1
# Cinder is deployed in two parts: one for the API and scheduler
# (which ...
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2016-05-11 11:18:54 -0600

jbheren gravatar image

Finally, I got the answer from @FlorianHaas

Yes, you're not supposed to be able to ping private IPs that live within your VXLAN-tunneled private networks, except from other VMs in that same network.

Then my openstack & neutron work as expected.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2016-05-11 05:31:38 -0600

Seen: 468 times

Last updated: May 11 '16