Ask Your Question
0

Unable to ping out from router on public facing lan.

asked 2016-11-28 14:06:32 -0600

jab2805 gravatar image

updated 2016-11-28 15:58:50 -0600

dbaxps gravatar image

I have a pack stack allinone install running in side a kvm virtual. 

network setup: 
10.133.152.0/24 GW 10.133.152.254

eth0 is a port on br-ex with an ip of 10.133.152.180:


   Bridge br-ex
        Port "qg-121bb6e3-4a"
            Interface "qg-121bb6e3-4a"
                type: internal
        Port br-ex
            Interface br-ex
                type: internal
        Port "qg-2991055a-c4"
            Interface "qg-2991055a-c4"
                type: internal
        Port "eth0"
            Interface "eth0"

Looking at the name spaces:

[root@openstack2-newton ~(keystone_admin)]# ip netns exec  qrouter-b7a6ff27-0c0a-4572-9c28-41ad9a3a4a6c ip a 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
22: qg-121bb6e3-4a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN 
    link/ether fa:16:3e:8a:c0:7b brd ff:ff:ff:ff:ff:ff
    inet 10.133.152.156/24 brd 10.133.152.255 scope global qg-121bb6e3-4a
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe8a:c07b/64 scope link 
       valid_lft forever preferred_lft forever

The router interface has ip 10.133.152.156. 

[root@openstack2-newton ~(keystone_admin)]# ip netns exec  qrouter-b7a6ff27-0c0a-4572-9c28-41ad9a3a4a6c ifconfig qg-121bb6e3-4a
qg-121bb6e3-4a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 10.133.152.156  netmask 255.255.255.0  broadcast 10.133.152.255
        inet6 fe80::f816:3eff:fe8a:c07b  prefixlen 64  scopeid 0x20<link>
        ether fa:16:3e:8a:c0:7b  txqueuelen 0  (Ethernet)
        RX packets 2893  bytes 182573 (178.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 770  bytes 56892 (55.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@openstack2-newton ~(keystone_admin)]# 

ping to 10.133.152.180 works  however i'm uable to ping the external default route of 10.133.152.254. This is the public network my kvm host is connected to. 




Able to ping 10.133.152.180(eth0/br-ex) from the router name space..
------

[root@openstack2-newton ~(keystone_admin)]# ip netns exec  qrouter-b7a6ff27-0c0a-4572-9c28-41ad9a3a4a6c ping -c 3 10.133.152.180
PING 10.133.152.180 (10.133.152.180) 56(84) bytes of data.
64 bytes from 10.133.152.180: icmp_seq=1 ttl=64 time=0.206 ms
64 bytes from 10.133.152.180: icmp_seq=2 ttl=64 time=0.053 ms
64 bytes from 10.133.152.180: icmp_seq=3 ttl=64 time=0.039 ms

--- 10.133.152.180 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.039/0.099/0.206/0.076 ms

======

Unable to ping the default route form the router:
------
[root@openstack2-newton ~(keystone_admin)]# ip netns exec  qrouter-b7a6ff27-0c0a-4572-9c28-41ad9a3a4a6c ping -c 3 10.133.152.254
PING 10.133.152.254 (10.133.152.254) 56(84) bytes of data.

--- 10.133.152.254 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms


=======
 Unable to ping google from router:
------------

[root@va-openstack2-newton ~(keystone_admin)]# ip netns exec ...
(more)
edit retag flag offensive close merge delete

Comments

Please, post ifconfig output, ovs-vsctl show or upload as text somewhere

$ neutron router-port-list YOUR_ROUTE_NAME
$ neutron router-show YOUR_ROUTER_ID
dbaxps gravatar imagedbaxps ( 2016-11-28 16:10:25 -0600 )edit

It's not quite clear what has IP 10.133.152.180
eth0 or OVS bridge br-ex ?

dbaxps gravatar imagedbaxps ( 2016-11-28 16:13:24 -0600 )edit

Br-ex has the 10.133.152.180 ip

jab2805 gravatar imagejab2805 ( 2016-11-28 16:29:21 -0600 )edit
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-11-28 16:27:55 -0600

jab2805 gravatar image

updated 2016-11-30 13:24:21 -0600 

[root@openstack2-newton ~]# ifconfig -a
br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.133.152.180  netmask 255.255.255.0  broadcast 10.133.152.255
        inet6 fe80::21a:4aff:fe16:188  prefixlen 64  scopeid 0x20<link>
        ether 00:1a:4a:16:01:88  txqueuelen 0  (Ethernet)
        RX packets 1041739  bytes 99342827 (94.7 MiB)
        RX errors 0  dropped 11  overruns 0  frame 0
        TX packets 670241  bytes 134080834 (127.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

br-int: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet6 fe80::80c8:39ff:fe73:eb4a  prefixlen 64  scopeid 0x20<link>
        ether 82:c8:39:73:eb:4a  txqueuelen 0  (Ethernet)
        RX packets 10  bytes 864 (864.0 B)
        RX errors 0  dropped 78  overruns 0  frame 0
        TX packets 8  bytes 648 (648.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

br-tun: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        ether fe:22:ca:f2:a0:4e  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::21a:4aff:fe16:188  prefixlen 64  scopeid 0x20<link>
        ether 00:1a:4a:16:01:88  txqueuelen 1000  (Ethernet)
        RX packets 1779521  bytes 146540823 (139.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 676678  bytes 134384981 (128.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 439996949  bytes 50342249841 (46.8 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 439996949  bytes 50342249841 (46.8 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ovs-system: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        ether 2e:43:74:f3:2b:a2  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
[root@openstack2-newton ~]# ovs-vsctl show 
1482349d-2fd9-4b08-8a20-0ec211c47e2c
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "tapf510847e-a7"
            tag: 1
            Interface "tapf510847e-a7"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "tap74964913-ed"
            tag: 2
            Interface "tap74964913-ed"
                type: internal
        Port "qr-282741ca-2d"
            tag: 2
            Interface "qr-282741ca-2d"
                type: internal
        Port br-int
            Interface br-int
                type: internal
    Bridge br-ex
        Port "qg-121bb6e3-4a"
            Interface "qg-121bb6e3-4a"
                type: internal
        Port br-ex
            Interface br-ex
                type: internal
        Port "qg-2991055a-c4"
            Interface "qg-2991055a-c4"
                type: internal
        Port "eth0"
            Interface "eth0"
    Bridge br-tun
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer ...
(more)
edit flag offensive delete link more

Comments

Was router-pub created by packstack or by yourself ? It has no interface to tenant's sub-net, but has gateway set for external network and might cause your problem. Just one neutron router is enough to handle ingress/egress traffic.

dbaxps gravatar imagedbaxps ( 2016-11-29 01:34:34 -0600 )edit

I had the same thought, but even when the router doesn't have a subnet, you can ping outside from the router's namespace (tested with Newton devstack).

Bernd Bausch gravatar imageBernd Bausch ( 2016-11-29 02:07:18 -0600 )edit

I created router-pub just to test if could ping form that router's namespace.

jab2805 gravatar imagejab2805 ( 2016-11-29 08:06:41 -0600 )edit

I would try drop all routers. Recreate private network, new router , set gateway to external network, interface to private subnet. Make sure all connections to router are active (horizon) and try to launch CirrOS VM on private network , log into CirrOS VM and ping 8.8.8.8.

dbaxps gravatar imagedbaxps ( 2016-11-29 09:25:48 -0600 )edit

Step 1 recreate the private subnet:

[root@va-openstack2-newton ~(keystone_admin)]# neutron subnet-create private 172.16.1.0/24 --name private --dns-nameserver 8.8.8.8 --gateway 10.133.152.180 Created a new subnet: +-------------------+------------------------------------------------+ | Field

jab2805 gravatar imagejab2805 ( 2016-11-30 09:42:53 -0600 )edit
see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-11-28 14:06:32 -0600

Seen: 105 times

Last updated: Nov 30 '16

Related questions

Problem on installing multi-node setup (1 controller and 2 computes)

ERROR trove Failed to create volume for instance The resource could not be found HTTP 404

Packstack rerun issue

Error during packstack installation [closed]

are hypervisors mandatory?

How to change gnocchi archive-policy for a metric

juno installation error on Cent 7

How to fix Error appeared during Puppet run: 10.0.2.15_mysql.pp Error: mysqladmin -u root password " " returned 1 instead of one of [0]

Failed to apply catalog: Found 1 dependency cycle

Why does packstack try to use the wrong mysql password?