Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

cannot ping vm from outside network

Hello, I have a multinode setup with openstack juno and i have troubles connecting my vm to the outside world. I am able to ping the vm from inside the qdhcp namespace but not from the qrouter. It is also unreacheable from the host machine. I have a public network 10.24.100.0/24 and a private one 10.0.0.0/24.Some configuration details: the qrouter namespace configuration:

ip netns exec qrouter-cb225d1b-266e-4df9-8ba2-29e735eea83c ip route
default via 10.24.100.1 dev qg-19c3af60-3a
10.0.0.0/24 dev qr-38afb10a-35  proto kernel  scope link  src 10.0.0.1
10.24.100.0/24 dev qg-19c3af60-3a  proto kernel  scope link  src 10.24.100.2



ip netns exec qrouter-cb225d1b-266e-4df9-8ba2-29e735eea83c ip a
13: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
14: qr-38afb10a-35: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether fa:16:3e:88:06:8c brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-38afb10a-35
    inet6 fe80::f816:3eff:fe88:68c/64 scope link
       valid_lft forever preferred_lft forever
15: qg-19c3af60-3a: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
    link/ether fa:16:3e:46:00:25 brd ff:ff:ff:ff:ff:ff
    inet 10.24.100.2/24 brd 10.24.100.255 scope global qg-19c3af60-3a
    inet6 fe80::f816:3eff:fe46:25/64 scope link
       valid_lft forever preferred_lft forever
ip netns exec qrouter-cb225d1b-266e-4df9-8ba2-29e735eea83c route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.24.100.1     0.0.0.0         UG    0      0        0 qg-19c3af60-3a
10.0.0.0        *               255.255.255.0   U     0      0        0 qr-38afb10a-35
10.24.100.0     *               255.255.255.0   U     0      0        0 qg-19c3af60-3a

and finally the ip tables:

ip netns exec qrouter-cb225d1b-266e-4df9-8ba2-29e735eea83c iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-19c3af60-3a ! -o qg-19c3af60-3a -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -s 10.0.0.0/24 -j SNAT --to-source 10.24.100.2
-A neutron-postrouting-bottom -j neutron-l3-agent-snat

c2e3f581-5694-4204-b5fe-1445f3c10290
    Bridge br-ex
        Port "qg-19c3af60-3a"
            Interface "qg-19c3af60-3a"
                type: internal
        Port "eth1"
            Interface "eth1"
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-int
        fail_mode: secure
        Port "tap8c02fa6a-14"
            tag: 1
            Interface "tap8c02fa6a-14"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qr-38afb10a-35"
            tag: 1
            Interface "qr-38afb10a-35"
                type: internal
        Port br-int
            Interface br-int
                type: internal
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "gre-0a188409"
            Interface "gre-0a188409"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="10.24.132.8", out_key=flow, remote_ip="10.24.132.9"}
        Port br-tun
            Interface br-tun
                type: internal
        Port "gre-0a188420"
            Interface "gre-0a188420"
                type: gre
                options: {df_default="true", in_key=flow, local_ip="10.24.132.8", out_key=flow, remote_ip="10.24.132.32"}

a little troubleshooting with tcpdump:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br-ex, link-type EN10MB (Ethernet), capture size 65535 bytes
17:42:18.948457 ARP, Request who-has 10.24.100.5 tell 10.24.100.1, length 28
17:42:19.947115 ARP, Request who-has 10.24.100.5 tell 10.24.100.1, length 28
17:42:20.947111 ARP, Request who-has 10.24.100.5 tell 10.24.100.1, length 28
17:42:21.964511 ARP, Request who-has 10.24.100.5 tell 10.24.100.1, length 28

and finally the rooting table of the host:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.24.191.254   0.0.0.0         UG    0      0        0 br-ex
10.0.0.0        10.24.100.2     255.255.255.0   UG    0      0        0 br-ex
10.24.100.0     10.24.100.1     255.255.255.0   UG    0      0        0 br-ex
10.24.128.0     *               255.255.192.0   U     0      0        0 br-ex
192.168.122.0   *               255.255.255.0   U     0      0        0 virbr0

i would like to ask how this issue could be resolved. Could it be something with the translation from internal network addresses to external ones? ALso i am able to ping the router interface from the vm but not anything outside the private network. thank you in advance for any help