Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Unable to ping an instance from controller, but can ping the controller form instance

Sorry for repeating this question again, I read the existing questions in this site, but didn't find any solution fitting...

I have a Ubuntu 13.10 PC with 3 nic, use devstack to deploy openstack on it. after create the VM instance, it's possible to login the VM instance with noVNC, from the VM instance console it's possible to ping the host PC, but can from the host PC I can not ping the VM instance.

Host PC:

etho: 192.168.0.200/16
eth1: 10.103.0.200/16
eth2: 10.1.0.200/16

route -n
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.255.254 0.0.0.0         UG    0      0        0 eth0
10.0.0.0        172.24.4.2      255.255.255.0   UG    0      0        0 br-ex
10.1.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth2
10.103.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth1
172.24.4.0      0.0.0.0         255.255.255.0   U     0      0        0 br-ex
192.168.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0

The VM Instance:

10.0.0.2/24
route -n
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0           10.0.0.1         0.0.0.0             UG    0        0       0    eth0
10.0.0.0         0.0.0.0          255.255.255.0   U      0        0       0    eth0

I use following local.conf for devstack

[[local|localrc]]
GIT_BASE=${GIT_BASE:-https://git.openstack.org}
MULTI_HOST=1
LOGFILE=/opt/stack/logs/stack.sh.log
ADMIN_PASSWORD=abc1234
MYSQL_PASSWORD=abc1234
RABBIT_PASSWORD=abc1234
SERVICE_PASSWORD=abc1234
SERVICE_TOKEN=abc1234
SYSLOG=1
HOST_IP=192.168.0.200


disable_service n-net
enable_service q-svc
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-meta
enable_service neutron

ENABLE_TENANT_VLANS=True
TENANT_VLAN_RANGE=1000:1999
PHYSICAL_NETWORK=eth2
OVS_PHYSICAL_BRIDGE=br-eth2

The openvswitch settings looks like below after devstack installation.

stack@icic1-sr0-dc051:~/devstack$ sudo ovs-vsctl show
f191e17a-9ef8-4e2f-a667-368a2c2f4a26
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge "br-eth2"
        Port "eth2"
            Interface "eth2"
        Port "phy-br-eth2"
            Interface "phy-br-eth2"
        Port "br-eth2"
            Interface "br-eth2"
                type: internal
    Bridge br-ex
        Port "qg-25f732b2-c6"
            Interface "qg-25f732b2-c6"
                type: internal
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        Port br-int
            Interface br-int
                type: internal
        Port "qvo79d20e7a-ff"
            tag: 1
            Interface "qvo79d20e7a-ff"
        Port "int-br-eth2"
            Interface "int-br-eth2"
        Port "qr-6f4cbace-df"
            tag: 1
            Interface "qr-6f4cbace-df"
                type: internal
        Port "tapff7a6f4f-f2"
            tag: 1
            Interface "tapff7a6f4f-f2"
                type: internal
    ovs_version: "1.10.2"

I tried to ping the VM instance from the router namespace, but didn't see any response.

stack@icic1-sr0-dc051:~/devstack$ ip netns
qdhcp-c926ba73-bdf3-4b78-8519-5b371364d306
qrouter-53044c43-6e39-4834-987f-ae27afabf1eb

stack@icic1-sr0-dc051:~/devstack$ sudo ip netns exec qrouter-53044c43-6e39-4834-987f-ae27afabf1eb ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
^C
--- 10.0.0.2 ping statistics ---
24 packets transmitted, 0 received, 100% packet loss, time 23184ms

The secgroup rules also added in nova, for icmp ping and ssh.

stack@icic1-sr0-dc051:~/devstack$ nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

When host ping the VM instance, the icmp ping request message could be found on the qbr and qvo devices, but didn't reach tap device for the VM instance.

Host netns ping:

    stack@icic1-sr0-dc051:~/devstack$ sudo ip netns exec qrouter-53044c43-6e39-4834-987f-ae27afabf1eb ping 10.0.0.2
    PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
    ^C
    --- 10.0.0.2 ping statistics ---
    3 packets transmitted, 0 received, 100% packet loss, time 2016ms

Packets on tap device

sudo tcpdump -i tap79d20e7a-ff
tcpdump: WARNING: tap79d20e7a-ff: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap79d20e7a-ff, link-type EN10MB (Ethernet), capture size 65535 bytes
14:52:19.027372 ARP, Request who-has 10.0.0.2 tell 10.0.0.1, length 28
14:52:19.036206 ARP, Reply 10.0.0.2 is-at fa:16:3e:84:63:e9 (oui Unknown), length 28

Packets on qvo device

sudo tcpdump -i qvo79d20e7a-ff
tcpdump: WARNING: qvo79d20e7a-ff: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on qvo79d20e7a-ff, link-type EN10MB (Ethernet), capture size 65535 bytes
14:52:14.025234 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 2426, seq 1, length 64
14:52:15.033394 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 2426, seq 2, length 64
14:52:16.041377 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 2426, seq 3, length 64
14:52:19.027314 ARP, Request who-has 10.0.0.2 tell 10.0.0.1, length 28
14:52:19.036231 ARP, Reply 10.0.0.2 is-at fa:16:3e:84:63:e9 (oui Unknown), length 28

Packets on qvb device:

sudo tcpdump -i qvb79d20e7a-ff
tcpdump: WARNING: qvb79d20e7a-ff: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on qvb79d20e7a-ff, link-type EN10MB (Ethernet), capture size 65535 bytes

14:52:14.025243 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 2426, seq 1, length 64
14:52:15.033406 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 2426, seq 2, length 64
14:52:16.041384 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 2426, seq 3, length 64
14:52:19.027325 ARP, Request who-has 10.0.0.2 tell 10.0.0.1, length 28
14:52:19.036225 ARP, Reply 10.0.0.2 is-at fa:16:3e:84:63:e9 (oui Unknown), length 28

Unable to ping an instance from controller, but can ping the controller form instance

Sorry for repeating this question again, I read the existing questions in this site, but didn't find any solution fitting...

I have a Ubuntu 13.10 PC with 3 nic, use devstack to deploy openstack on it. after create the VM instance, it's possible to login the VM instance with noVNC, from the VM instance console it's possible to ping the host PC, but can from the host PC I can not ping the VM instance.

Could someone help me to check why the ping is broken here?

Host PC:

etho: 192.168.0.200/16
eth1: 10.103.0.200/16
eth2: 10.1.0.200/16

route -n
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.255.254 0.0.0.0         UG    0      0        0 eth0
10.0.0.0        172.24.4.2      255.255.255.0   UG    0      0        0 br-ex
10.1.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth2
10.103.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth1
172.24.4.0      0.0.0.0         255.255.255.0   U     0      0        0 br-ex
192.168.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0

The VM Instance:

10.0.0.2/24
route -n
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0           10.0.0.1         0.0.0.0             UG    0        0       0    eth0
10.0.0.0         0.0.0.0          255.255.255.0   U      0        0       0    eth0

I use following local.conf for devstack

[[local|localrc]]
GIT_BASE=${GIT_BASE:-https://git.openstack.org}
MULTI_HOST=1
LOGFILE=/opt/stack/logs/stack.sh.log
ADMIN_PASSWORD=abc1234
MYSQL_PASSWORD=abc1234
RABBIT_PASSWORD=abc1234
SERVICE_PASSWORD=abc1234
SERVICE_TOKEN=abc1234
SYSLOG=1
HOST_IP=192.168.0.200


disable_service n-net
enable_service q-svc
enable_service q-agt
enable_service q-dhcp
enable_service q-l3
enable_service q-meta
enable_service neutron

ENABLE_TENANT_VLANS=True
TENANT_VLAN_RANGE=1000:1999
PHYSICAL_NETWORK=eth2
OVS_PHYSICAL_BRIDGE=br-eth2

The openvswitch settings looks like below after devstack installation.

stack@icic1-sr0-dc051:~/devstack$ sudo ovs-vsctl show
f191e17a-9ef8-4e2f-a667-368a2c2f4a26
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge "br-eth2"
        Port "eth2"
            Interface "eth2"
        Port "phy-br-eth2"
            Interface "phy-br-eth2"
        Port "br-eth2"
            Interface "br-eth2"
                type: internal
    Bridge br-ex
        Port "qg-25f732b2-c6"
            Interface "qg-25f732b2-c6"
                type: internal
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        Port br-int
            Interface br-int
                type: internal
        Port "qvo79d20e7a-ff"
            tag: 1
            Interface "qvo79d20e7a-ff"
        Port "int-br-eth2"
            Interface "int-br-eth2"
        Port "qr-6f4cbace-df"
            tag: 1
            Interface "qr-6f4cbace-df"
                type: internal
        Port "tapff7a6f4f-f2"
            tag: 1
            Interface "tapff7a6f4f-f2"
                type: internal
    ovs_version: "1.10.2"

I tried to ping the VM instance from the router namespace, but didn't see any response.

stack@icic1-sr0-dc051:~/devstack$ ip netns
qdhcp-c926ba73-bdf3-4b78-8519-5b371364d306
qrouter-53044c43-6e39-4834-987f-ae27afabf1eb

stack@icic1-sr0-dc051:~/devstack$ sudo ip netns exec qrouter-53044c43-6e39-4834-987f-ae27afabf1eb ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
^C
--- 10.0.0.2 ping statistics ---
24 packets transmitted, 0 received, 100% packet loss, time 23184ms
 

The secgroup rules also added in nova, for icmp ping and ssh. stack@icic1-sr0-dc051:~/devstack$ ssh.

nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
|             |           |         |           | default      |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

When host ping the VM instance, the icmp ping request message could be found on the qbr and qvo devices, but didn't reach tap device for the VM instance.

Host netns ping:

    stack@icic1-sr0-dc051:~/devstack$ sudo ip netns exec qrouter-53044c43-6e39-4834-987f-ae27afabf1eb ping 10.0.0.2
    PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
    ^C
    --- 10.0.0.2 ping statistics ---
    3 packets transmitted, 0 received, 100% packet loss, time 2016ms

Packets on tap device

sudo tcpdump -i tap79d20e7a-ff
tcpdump: WARNING: tap79d20e7a-ff: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap79d20e7a-ff, link-type EN10MB (Ethernet), capture size 65535 bytes
14:52:19.027372 ARP, Request who-has 10.0.0.2 tell 10.0.0.1, length 28
14:52:19.036206 ARP, Reply 10.0.0.2 is-at fa:16:3e:84:63:e9 (oui Unknown), length 28

Packets on qvo device

sudo tcpdump -i qvo79d20e7a-ff
tcpdump: WARNING: qvo79d20e7a-ff: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on qvo79d20e7a-ff, link-type EN10MB (Ethernet), capture size 65535 bytes
14:52:14.025234 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 2426, seq 1, length 64
14:52:15.033394 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 2426, seq 2, length 64
14:52:16.041377 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 2426, seq 3, length 64
14:52:19.027314 ARP, Request who-has 10.0.0.2 tell 10.0.0.1, length 28
14:52:19.036231 ARP, Reply 10.0.0.2 is-at fa:16:3e:84:63:e9 (oui Unknown), length 28

Packets on qvb device:

sudo tcpdump -i qvb79d20e7a-ff
tcpdump: WARNING: qvb79d20e7a-ff: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on qvb79d20e7a-ff, link-type EN10MB (Ethernet), capture size 65535 bytes

14:52:14.025243 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 2426, seq 1, length 64
14:52:15.033406 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 2426, seq 2, length 64
14:52:16.041384 IP 10.0.0.1 > 10.0.0.2: ICMP echo request, id 2426, seq 3, length 64
14:52:19.027325 ARP, Request who-has 10.0.0.2 tell 10.0.0.1, length 28
14:52:19.036225 ARP, Reply 10.0.0.2 is-at fa:16:3e:84:63:e9 (oui Unknown), length 28