Revision history [back]

click to hide/show revision 1
initial version

Neutron: cannot connect to instance in Icehouse

Hello. I'm trying to configure OpenStack Icehouse on Ubuntu 14.04 following the official documentation and everything looks perfect until I have to configure networking. Let me advance that I'm far from being an expert in network configuration.

First, let me describe my scenario:

I want to deploy OpenStack in one node, which will act as controller, network and compute node. In the future I'd like to add further compute nodes, but I'm not into that so far.

In my enterprise, I have both public IP addresses and private IP addresses. Let's say they are as follows:

  • Public segment: XXX.YYY.174.128/27
  • Private segment:

So I would like to configure networking such that:

  1. All instances will have at the very least one private IP. This would enable communication between different machines and between instances and the host.
  2. Instances could be assigned a public IP, maybe through floating IPs. This way, only instances that required to be accessed from outside are assigned public IPs, which are more limited.

To be completely sincere, I'm not 100% sure about how to configure /etc/network/interfaces. In a first attempt, I configured it so that interface em1 had a public IP for the host (XXX.YYY.174.138) and interface em2 had a private IP ( The problem with this approach is that, later, if I add a port to br-ex using the command ovs-vsctl add-port br-ex em1 the host ends up loosing connectivity (so I cannot connect using SSH to the server). So finally, I ended up by setting up both em1 and em2 with public IPs (to say, XXX.YYY.174.138 and XXX.YYY.174.139). That way, I don't loose connectivity.

So as a result, I can create instances and actually, if I set them to have the first virtual NIC with the private network (what the documentation calls "tenant network"), then they can successfully connect to the Internet (for instance, ping will success). However, I have no means to connect to the instance, neither from the host nor from any other machine, and neither by pinging the private nor the public IP.

These are the steps I have followed:

I'd be grateful if you could help me to understand what's going on, as I'm not really familiar to concepts such as GRE tunneling and not figuring out how all this is working actually.

Thanks a lot.