Ask Your Question
0

Can't ping instance from controller or any other external hosts but can ping from compute node

asked 2016-10-05 03:41:35 -0500

tenk224 gravatar image

updated 2016-10-05 03:42:15 -0500

I'm deploying mitaka on 2 nodes which is controller and compute. the problem is I can't ping instance from controller or any external host except for compute node where I can ping the instance well. from the instance I can ping the gw and even the controller or other host but not the other way around I used tcpdump when ping from instance to controller and everything is ok. when ping form controller to instance, instance reply its mac-add to controller but did not reply icmp packet from controller. I also added rules for icmp in openstack but it didn't work. figured out there is something blocking the instance from replying the icmp packet. I also looked for iptables and that's not much help either.

anyone has any suggestion ? I will appreciate that been struggling with this for weeks.

I will post any output if you need

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
0

answered 2016-10-05 17:02:15 -0500

VSR gravatar image

updated 2016-10-05 17:03:17 -0500

HI, You have not mentioned a few things.

1.) is instance content to private network?
2.) have you associated a floating IP to instance to be reachable from
outside?
3.) are u pinging the private address from the controller? if yes.
are you using the right namespace on
the (Network) controller to ping the
instance?
4.) Try updating the security group to allow Any IP traffic inbound.
5.) can u do TCP dump on the instance itself to see what packets
are going through?
6.) Check the ARP table on the instance.
7.) You can do a TCPdump on the TAP interface on the compute node to
watch packets going through.

Hop that helps drill down. -VJ.

edit flag offensive delete link more

Comments

I will sort things up compute, controller and instance are on the same subnet

  • from compute: ping instance okay
  • from controller: can not ping instance
  • from instance: can ping controller, compute, gw and can access internet

1.yes 2.no 3.no 4. already did 5. it is cirros

tenk224 gravatar imagetenk224 ( 2016-10-06 01:42:45 -0500 )edit
0

answered 2016-10-06 02:30:21 -0500

tenk224 gravatar image

updated 2016-10-06 02:52:47 -0500

I solved the problem myself. The issue is in the iptables so I decided to switch it off by doing the following

in /etc/neutron/plugins/ml2/linuxbridge_agent.ini of both controller and compute node

[securitygroup]
...
enable_security_group = False
firewall_driver = neutron.agent.firewall.NoopFirewallDriver

for anyone out there has this plz try it, it worked for me, fear no more, no sleepless night wondering why. Cheers ref https://gist.github.com/djoreilly/db9c2d32a473c6643551 (https://gist.github.com/djoreilly/db9...)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-10-05 03:41:35 -0500

Seen: 897 times

Last updated: Oct 06 '16