Ask Your Question
0

Can't ping instance from controller or any other external hosts but can ping from compute node

asked 2016-10-05 03:41:35 -0600

tenk224 gravatar image

updated 2016-10-05 03:42:15 -0600

I'm deploying mitaka on 2 nodes which is controller and compute. the problem is I can't ping instance from controller or any external host except for compute node where I can ping the instance well. from the instance I can ping the gw and even the controller or other host but not the other way around I used tcpdump when ping from instance to controller and everything is ok. when ping form controller to instance, instance reply its mac-add to controller but did not reply icmp packet from controller. I also added rules for icmp in openstack but it didn't work. figured out there is something blocking the instance from replying the icmp packet. I also looked for iptables and that's not much help either.

anyone has any suggestion ? I will appreciate that been struggling with this for weeks.

I will post any output if you need

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by ยป oldest newest most voted
0

answered 2016-10-05 17:02:15 -0600

VSR gravatar image

updated 2016-10-05 17:03:17 -0600

HI, You have not mentioned a few things.

1.) is instance content to private network?
2.) have you associated a floating IP to instance to be reachable from
outside?
3.) are u pinging the private address from the controller? if yes.
are you using the right namespace on
the (Network) controller to ping the
instance?
4.) Try updating the security group to allow Any IP traffic inbound.
5.) can u do TCP dump on the instance itself to see what packets
are going through?
6.) Check the ARP table on the instance.
7.) You can do a TCPdump on the TAP interface on the compute node to
watch packets going through.

Hop that helps drill down. -VJ.

edit flag offensive delete link more

Comments

I will sort things up compute, controller and instance are on the same subnet

  • from compute: ping instance okay
  • from controller: can not ping instance
  • from instance: can ping controller, compute, gw and can access internet

1.yes 2.no 3.no 4. already did 5. it is cirros

tenk224 gravatar imagetenk224 ( 2016-10-06 01:42:45 -0600 )edit
add a comment
0

answered 2016-10-06 02:30:21 -0600

tenk224 gravatar image

updated 2016-10-06 02:52:47 -0600

I solved the problem myself. The issue is in the iptables so I decided to switch it off by doing the following

in /etc/neutron/plugins/ml2/linuxbridge_agent.ini of both controller and compute node

[securitygroup]
...
enable_security_group = False
firewall_driver = neutron.agent.firewall.NoopFirewallDriver

for anyone out there has this plz try it, it worked for me, fear no more, no sleepless night wondering why. Cheers ref https://gist.github.com/djoreilly/db9c2d32a473c6643551 (https://gist.github.com/djoreilly/db9...)

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-10-05 03:41:35 -0600

Seen: 1,609 times

Last updated: Oct 06 '16

Related questions

Can't ping or ssh vms from anywhere

Networking in Openstack (Beginner)

Cannot ping VM in internal network

Network configuration help required [closed]

Network unreachable on Fedora VM

how to configure isolated mode to routed mode for network interface in virsh

instance can't ping itself

Can't acess network from docker container in nova-docker

Multiple networks communication in Openstack

private network can not ping (only ping add no and even no)