Ask Your Question
1

Can't ping from VM to Controller Node Ubuntu/Havana/nova-networking

asked 2013-12-22 22:45:51 -0500

ajaya gravatar image

updated 2013-12-22 22:49:20 -0500

Hello

I have followed the documentation for the Havana installation on Ubuntu. I have a simple two node setup with two NICs on each. and I have followed the documentation to every bit of detail. Everything is working fine except TWO items. One is my VMs can't seem to reach the 169.254.169.254 for metadata and Second: I can't seem to ping from the cirros VM to the controller node and to the world. I can ping/SSH from the controller node into the VM. but I can't ping out from the VM. The VM can ping to the compute node it's running on.

I have done tcpdump and looks like a request goes out but won't come back. Output on Controller Node

root@ace:~# tcpdump -i any -n -v 'icmp[icmptype] = icmp-echoreply or icmp[icmptype] = icmp-echo'
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes

20:43:31.983713 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.2 > 192.168.0.20: ICMP echo request, id 50689, seq 0, length 64
20:43:32.983782 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.2 > 192.168.0.20: ICMP echo request, id 50689, seq 1, length 64

Output on Compute Node

root@danny:~# tcpdump -i any -n -v 'icmp[icmptype] = icmp-echoreply or icmp[icmptype] = icmp-echo'
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes

20:43:31.982867 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.2 > 192.168.0.20: ICMP echo request, id 50689, seq 0, length 64
20:43:31.982867 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.2 > 192.168.0.20: ICMP echo request, id 50689, seq 0, length 64
20:43:31.982914 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.2 > 192.168.0.20: ICMP echo request, id 50689, seq 0, length 64
20:43:32.982956 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.2 > 192.168.0.20: ICMP echo request, id 50689, seq 1, length 64
20:43:32.982956 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.2 > 192.168.0.20: ICMP echo request, id 50689, seq 1, length 64
20:43:32.982989 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    10.0.0.2 > 192.168.0.20: ICMP echo request, id 50689, seq 1, length 64

Output on VM

$ ping 192.168.0.20
PING 192.168.0.20 (192.168.0.20): 56 ...
(more)
edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
1

answered 2013-12-23 00:45:34 -0500

jtopjian gravatar image

Make sure your compute node is configured to NAT / masquerade traffic on behalf of the instance. I would think this is automatically done by nova-network, but maybe I'm wrong.

Something as simple as this might work:

iptables -A POSTROUTING -t nat --src 10.0.0.0/24 -j MASQUERADE
edit flag offensive delete link more

Comments

Awesome. That did it. I will look at the default setup and open a bug if this was somehow missed. But the ping issue is resolved. I still have the not being to able to reach the metadata server issue though. root@danny:~# curl http://169.254.169.254 curl: (7) couldn't connect to host

ajaya gravatar imageajaya ( 2013-12-23 10:04:07 -0500 )edit

Glad it helped! Good luck with the metadata issue. There are a few others running into similar issues but I haven't been able to pin down the solution.

jtopjian gravatar imagejtopjian ( 2013-12-23 10:19:16 -0500 )edit

I fixed the metadata service issue also. Looks like we have to install the nova-api on the compute node also. Metadata service documentation says that but install document didn't mention it. See my answer at https://ask.openstack.org/en/question/8581/no-connection-to-metadata-service-nova-network/%3C/p%3E (https://ask.openstack.org/en/question/8581/no-connection-to-metadata-service-nova-network/)

ajaya gravatar imageajaya ( 2013-12-23 13:14:45 -0500 )edit
1

answered 2014-07-09 00:25:42 -0500

Venu Murthy gravatar image

This is for posterity and for those who have struggled on and on and have stumbled across this page.

In our case IPTables was the one blocking the packets and hence changes to IPtables on the compute node on which nova-network was running helped the packets originating from the VM heading towards the internet see the light of the day! and remember to read about IPtables and if you are on a test machine it should be safe to run the below and save the iptables

iptables -I FORWARD -i <interface> -j ACCEPT
iptables -I FORWARD -o <interface> -j ACCEPT

hope this helps!

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2013-12-22 22:45:51 -0500

Seen: 2,013 times

Last updated: Jul 09 '14