Ask Your Question
0

Liberty 4 nodes juju deployment can ping floating ip but not internal

asked 2016-05-11 05:31:38 -0500

jbheren gravatar image

updated 2016-05-11 10:25:43 -0500

I have a 4 Physical nodes deployment based on hastexo's post https://www.hastexo.com/resources/hints-and-kinks/ubuntu-openstack-juju-4-nodes/ (https://www.hastexo.com/resources/hin...)

From any openstack node, I can ping the external router interface, access my instances from floating IPs but cannot ping the internal router interface or internal IPs from any node. Is it the normal behaviour ?

On the VMs itself, after ssh using floating ip, i can ping both internal and external + Internet access is OK.

I did no manual post-configuration except network creation as described in the Liberty for Ubuntu documentation : http://docs.openstack.org/liberty/networking-guide/scenario-classic-ovs.html#verify-service-operation (http://docs.openstack.org/liberty/net...)

Here is how I created Networks

#create external network and subnet
neutron net-create external --shared --router:external=True \
  --provider:physical_network external --provider:network_type flat
neutron subnet-create external --name ext-subnet \
  --allocation-pool start=192.168.1.230,end=192.168.1.250 \
  --disable-dhcp \
  --gateway 192.168.1.1 192.168.1.0/24

#create tenant network and subnet
neutron net-create internal --provider:network_type vxlan
neutron subnet-create internal --name internal-subnet \
  --gateway 10.0.1.1 10.0.1.0/24
  --dns-nameservers 8.8.4.4 8.8.8.8

# add router
neutron router-create ext-router
neutron router-interface-add ext-router internal-subnet
neutron router-gateway-set ext-router external

# create floating ip neutron floatingip-create external

here is the ovs-vsctl show output

sudo: unable to resolve host compute-i5
bb4fe11a-022e-41f3-b8ad-07cd338c1dad
    Bridge br-int
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port "qvo716db988-23"
            tag: 3
            Interface "qvo716db988-23"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-data
            Interface int-br-data
                type: patch
                options: {peer=phy-br-data}
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-data
        Port phy-br-data
            Interface phy-br-data
                type: patch
                options: {peer=int-br-data}
        Port br-data
            Interface br-data
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-0a00000b"
            Interface "vxlan-0a00000b"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="10.0.0.12", out_key=flow, remote_ip="10.0.0.11"}
    ovs_version: "2.4.0"

Here are the routes I see on the compute node (strange that no br is used?) :

ubuntu@compute-i5:~$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.1        0.0.0.0         UG    0      0        0 juju-br0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 juju-br0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

And the juju config i used for install

juju-gui:
#  openstack-origin: 'cloud:trusty-liberty'
keystone:
  openstack-origin: 'cloud:trusty-liberty'
  admin-password: 'my very secret password'
nova-cloud-controller:
  ha-bindinterface: eth1
  openstack-origin: 'cloud:trusty-liberty'
  network-manager: Neutron
neutron-gateway:
  openstack-origin: 'cloud:trusty-liberty'
  ha-bindinterface: eth1
  ext-port: eth2
  bridge-mappings: 'external:br-ex'
  os-data-network: 192.168.133.0/24
  instance-mtu: 1400
neutron-api:
  openstack-origin: 'cloud:trusty-liberty'
  ha-bindinterface: eth1
  network-device-mtu: 1400
  # Always make sure you enable security groups
  neutron-security-groups: true
  overlay-network-type: vxlan
rabbitmq-server:
  ha-bindinterface: eth1
# Cinder is deployed in two parts: one for the API and scheduler
# (which ...
(more)
edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-05-11 11:18:54 -0500

jbheren gravatar image

Finally, I got the answer from @FlorianHaas

Yes, you're not supposed to be able to ping private IPs that live within your VXLAN-tunneled private networks, except from other VMs in that same network.

Then my openstack & neutron work as expected.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-05-11 05:31:38 -0500

Seen: 295 times

Last updated: May 11 '16