Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

L3 Neutron Router Issue

Im running icehouse devstack and trying to connect to an instance. Theres an external/internal network L3 router on the external network A floating IP is assigned to the instance.

Ingress - However if I SSH in i do not connect to the instance, even though ive set up a ssh key its asks for a username and password. For kicks if I use the creds for the host devstack is running on it connects to the host. Egress - If I ping out from the instance I can hit the L3 router but do not get a ping response from 8.8.8.8. if I do a tcpdump I can see the icmp traffic leaving the host but not snat`d.

Heres the output,

root@openstack-lab:~# neutron floatingip-show d7a902fd-f914-42d4-814a-11e2f5a52bfd
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| fixed_ip_address    | 172.16.1.2                           |
| floating_ip_address | 162.13.14.41                        |
| floating_network_id | 71d986c9-32a2-4779-bb03-94ed2fc0f1de |
| id                  | d7a902fd-f914-42d4-814a-11e2f5a52bfd |
| port_id             | d5145b06-4672-41b6-b48f-2d199edc9cdc |
| router_id           | 5f5f5abd-f2fa-4424-9819-ebd86db770b7 |
| status              | ACTIVE                               |
| tenant_id           | b2162649b18840efb18314255e958990     |
+---------------------+--------------------------------------+

root@openstack-lab:~# nova list
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+
| ID                                   | Name     | Status | Task State | Power State | Networks                          |
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+
| d307519e-f95c-4956-b471-24f3bd7ea6f8 | server-1 | ACTIVE | -          | Running     | private=172.16.1.2, 162.13.14.41 |
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+

root@openstack-lab:~# neutron port-show d5145b06-4672-41b6-b48f-2d199edc9cdc
+-----------------------+-----------------------------------------------------------------------------------+
| Field                 | Value                                                                             |
+-----------------------+-----------------------------------------------------------------------------------+
| admin_state_up        | True                                                                              |
| allowed_address_pairs |                                                                                   |
| binding:host_id       | openstack-lab                                                                     |
| binding:profile       | {}                                                                                |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                    |
| binding:vif_type      | ovs                                                                               |
| binding:vnic_type     | normal                                                                            |
| device_id             | d307519e-f95c-4956-b471-24f3bd7ea6f8                                              |
| device_owner          | compute:nova                                                                      |
| extra_dhcp_opts       |                                                                                   |
| fixed_ips             | {"subnet_id": "d67908c1-9573-4494-97eb-cf214fcb6d82", "ip_address": "172.16.1.2"} |
| id                    | d5145b06-4672-41b6-b48f-2d199edc9cdc                                              |
| mac_address           | fa:16:3e:ef:99:e3                                                                 |
| name                  |                                                                                   |
| network_id            | 59037cf2-25fa-4eec-8d67-a737d850aa9b                                              |
| security_groups       | e5caad09-1d97-47f2-9886-8c2f53e5c2be                                              |
| status                | ACTIVE                                                                            |
| tenant_id             | b2162649b18840efb18314255e958990                                                  |
+-----------------------+-----------------------------------------------------------------------------------+

Everything looks ok. But not really sure why this is failing. The odd thing is I see the router port for the internal network as DOWN. Though i cant find this via the neutron command.

Thanks,

L3 Neutron Router Issue

Im running icehouse devstack and trying to connect to an instance. Theres an external/internal network L3 router on the external network A floating IP is assigned to the instance.

Ingress - However if I SSH in i do not connect to the instance, even though ive set up a ssh key its asks for a username and password. For kicks if I use the creds for the host devstack is running on it connects to the host. host.

Egress - If I ping out from the instance I can hit the L3 router but do not get a ping response from 8.8.8.8. if I do a tcpdump I can see the icmp traffic leaving the host but not snat`d.

Heres the output,

root@openstack-lab:~# neutron floatingip-show d7a902fd-f914-42d4-814a-11e2f5a52bfd
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| fixed_ip_address    | 172.16.1.2                           |
| floating_ip_address | 162.13.14.41                        |
| floating_network_id | 71d986c9-32a2-4779-bb03-94ed2fc0f1de |
| id                  | d7a902fd-f914-42d4-814a-11e2f5a52bfd |
| port_id             | d5145b06-4672-41b6-b48f-2d199edc9cdc |
| router_id           | 5f5f5abd-f2fa-4424-9819-ebd86db770b7 |
| status              | ACTIVE                               |
| tenant_id           | b2162649b18840efb18314255e958990     |
+---------------------+--------------------------------------+

root@openstack-lab:~# nova list
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+
| ID                                   | Name     | Status | Task State | Power State | Networks                          |
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+
| d307519e-f95c-4956-b471-24f3bd7ea6f8 | server-1 | ACTIVE | -          | Running     | private=172.16.1.2, 162.13.14.41 |
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+

root@openstack-lab:~# neutron port-show d5145b06-4672-41b6-b48f-2d199edc9cdc
+-----------------------+-----------------------------------------------------------------------------------+
| Field                 | Value                                                                             |
+-----------------------+-----------------------------------------------------------------------------------+
| admin_state_up        | True                                                                              |
| allowed_address_pairs |                                                                                   |
| binding:host_id       | openstack-lab                                                                     |
| binding:profile       | {}                                                                                |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                    |
| binding:vif_type      | ovs                                                                               |
| binding:vnic_type     | normal                                                                            |
| device_id             | d307519e-f95c-4956-b471-24f3bd7ea6f8                                              |
| device_owner          | compute:nova                                                                      |
| extra_dhcp_opts       |                                                                                   |
| fixed_ips             | {"subnet_id": "d67908c1-9573-4494-97eb-cf214fcb6d82", "ip_address": "172.16.1.2"} |
| id                    | d5145b06-4672-41b6-b48f-2d199edc9cdc                                              |
| mac_address           | fa:16:3e:ef:99:e3                                                                 |
| name                  |                                                                                   |
| network_id            | 59037cf2-25fa-4eec-8d67-a737d850aa9b                                              |
| security_groups       | e5caad09-1d97-47f2-9886-8c2f53e5c2be                                              |
| status                | ACTIVE                                                                            |
| tenant_id             | b2162649b18840efb18314255e958990                                                  |
+-----------------------+-----------------------------------------------------------------------------------+

Everything looks ok. But not really sure why this is failing. The odd thing is I see the router port for the internal network as DOWN. Though i cant find this via the neutron command.

Thanks,

L3 Neutron Router Issue

Im running icehouse devstack and trying to connect to an instance. Theres an external/internal network L3 router on the external network A floating IP is assigned to the instance.

Ingress - However if I SSH in i do not connect to the instance, even though ive set up a ssh key its asks for a username and password. For kicks if I use the creds for the host devstack is running on it connects to the host.

Egress - If I ping out from the instance I can hit the L3 router but do not get a ping response from 8.8.8.8. if I do a tcpdump I can see the icmp traffic leaving the host but not snat`d.

Heres the output,

root@openstack-lab:~# neutron floatingip-show d7a902fd-f914-42d4-814a-11e2f5a52bfd
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| fixed_ip_address    | 172.16.1.2                           |
| floating_ip_address | 162.13.14.41                        |
| floating_network_id | 71d986c9-32a2-4779-bb03-94ed2fc0f1de |
| id                  | d7a902fd-f914-42d4-814a-11e2f5a52bfd |
| port_id             | d5145b06-4672-41b6-b48f-2d199edc9cdc |
| router_id           | 5f5f5abd-f2fa-4424-9819-ebd86db770b7 |
| status              | ACTIVE                               |
| tenant_id           | b2162649b18840efb18314255e958990     |
+---------------------+--------------------------------------+

root@openstack-lab:~# nova list
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+
| ID                                   | Name     | Status | Task State | Power State | Networks                          |
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+
| d307519e-f95c-4956-b471-24f3bd7ea6f8 | server-1 | ACTIVE | -          | Running     | private=172.16.1.2, 162.13.14.41 |
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+

root@openstack-lab:~# neutron port-show d5145b06-4672-41b6-b48f-2d199edc9cdc
+-----------------------+-----------------------------------------------------------------------------------+
| Field                 | Value                                                                             |
+-----------------------+-----------------------------------------------------------------------------------+
| admin_state_up        | True                                                                              |
| allowed_address_pairs |                                                                                   |
| binding:host_id       | openstack-lab                                                                     |
| binding:profile       | {}                                                                                |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                    |
| binding:vif_type      | ovs                                                                               |
| binding:vnic_type     | normal                                                                            |
| device_id             | d307519e-f95c-4956-b471-24f3bd7ea6f8                                              |
| device_owner          | compute:nova                                                                      |
| extra_dhcp_opts       |                                                                                   |
| fixed_ips             | {"subnet_id": "d67908c1-9573-4494-97eb-cf214fcb6d82", "ip_address": "172.16.1.2"} |
| id                    | d5145b06-4672-41b6-b48f-2d199edc9cdc                                              |
| mac_address           | fa:16:3e:ef:99:e3                                                                 |
| name                  |                                                                                   |
| network_id            | 59037cf2-25fa-4eec-8d67-a737d850aa9b                                              |
| security_groups       | e5caad09-1d97-47f2-9886-8c2f53e5c2be                                              |
| status                | ACTIVE                                                                            |
| tenant_id             | b2162649b18840efb18314255e958990                                                  |
+-----------------------+-----------------------------------------------------------------------------------+

Everything looks ok. But not really sure why this is failing. The odd thing is I see the router port for the internal network as DOWN. Though i cant find this via the neutron command.

EDIT :

root@openstack-lab:~# ip netns exec qrouter-5f5f5abd-f2fa-4424-9819-ebd86db770b7 iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-postrouting-bottom
-N neutron-vpn-agen-OUTPUT
-N neutron-vpn-agen-POSTROUTING
-N neutron-vpn-agen-PREROUTING
-N neutron-vpn-agen-float-snat
-N neutron-vpn-agen-snat
-A PREROUTING -j neutron-vpn-agen-PREROUTING
-A OUTPUT -j neutron-vpn-agen-OUTPUT
-A POSTROUTING -j neutron-vpn-agen-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-postrouting-bottom -j neutron-vpn-agen-snat
-A neutron-vpn-agen-OUTPUT -d 162.13.154.41/32 -j DNAT --to-destination 172.16.1.2
-A neutron-vpn-agen-POSTROUTING ! -i qg-db90f9db-b8 ! -o qg-db90f9db-b8 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-vpn-agen-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-vpn-agen-PREROUTING -d 162.13.154.41/32 -j DNAT --to-destination 172.16.1.2
-A neutron-vpn-agen-float-snat -s 172.16.1.2/32 -j SNAT --to-source 162.13.154.41
-A neutron-vpn-agen-snat -j neutron-vpn-agen-float-snat
-A neutron-vpn-agen-snat -s 172.16.1.0/24 -j SNAT --to-source 162.13.154.40

Thanks,

L3 Neutron Router Issue

Im running icehouse devstack and trying to connect to an instance. Theres an external/internal network L3 router on the external network A floating IP is assigned to the instance.

Ingress - However if I SSH in i do not connect to the instance, even though ive set up a ssh key its asks for a username and password. For kicks if I use the creds for the host devstack is running on it connects to the host.

Egress - If I ping out from the instance I can hit the L3 router but do not get a ping response from 8.8.8.8. if I do a tcpdump I can see the icmp traffic leaving the host but not snat`d.

Heres the output,

root@openstack-lab:~# neutron floatingip-show d7a902fd-f914-42d4-814a-11e2f5a52bfd
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| fixed_ip_address    | 172.16.1.2                           |
| floating_ip_address | 162.13.14.41                        |
| floating_network_id | 71d986c9-32a2-4779-bb03-94ed2fc0f1de |
| id                  | d7a902fd-f914-42d4-814a-11e2f5a52bfd |
| port_id             | d5145b06-4672-41b6-b48f-2d199edc9cdc |
| router_id           | 5f5f5abd-f2fa-4424-9819-ebd86db770b7 |
| status              | ACTIVE                               |
| tenant_id           | b2162649b18840efb18314255e958990     |
+---------------------+--------------------------------------+

root@openstack-lab:~# nova list
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+
| ID                                   | Name     | Status | Task State | Power State | Networks                          |
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+
| d307519e-f95c-4956-b471-24f3bd7ea6f8 | server-1 | ACTIVE | -          | Running     | private=172.16.1.2, 162.13.14.41 |
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+

root@openstack-lab:~# neutron port-show d5145b06-4672-41b6-b48f-2d199edc9cdc
+-----------------------+-----------------------------------------------------------------------------------+
| Field                 | Value                                                                             |
+-----------------------+-----------------------------------------------------------------------------------+
| admin_state_up        | True                                                                              |
| allowed_address_pairs |                                                                                   |
| binding:host_id       | openstack-lab                                                                     |
| binding:profile       | {}                                                                                |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                    |
| binding:vif_type      | ovs                                                                               |
| binding:vnic_type     | normal                                                                            |
| device_id             | d307519e-f95c-4956-b471-24f3bd7ea6f8                                              |
| device_owner          | compute:nova                                                                      |
| extra_dhcp_opts       |                                                                                   |
| fixed_ips             | {"subnet_id": "d67908c1-9573-4494-97eb-cf214fcb6d82", "ip_address": "172.16.1.2"} |
| id                    | d5145b06-4672-41b6-b48f-2d199edc9cdc                                              |
| mac_address           | fa:16:3e:ef:99:e3                                                                 |
| name                  |                                                                                   |
| network_id            | 59037cf2-25fa-4eec-8d67-a737d850aa9b                                              |
| security_groups       | e5caad09-1d97-47f2-9886-8c2f53e5c2be                                              |
| status                | ACTIVE                                                                            |
| tenant_id             | b2162649b18840efb18314255e958990                                                  |
+-----------------------+-----------------------------------------------------------------------------------+

Everything looks ok. But not really sure why this is failing. The odd thing is I see the router port for the internal network as DOWN. Though i cant find this via the neutron command.

EDIT :

root@openstack-lab:~# ip netns exec qrouter-5f5f5abd-f2fa-4424-9819-ebd86db770b7 iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-postrouting-bottom
-N neutron-vpn-agen-OUTPUT
-N neutron-vpn-agen-POSTROUTING
-N neutron-vpn-agen-PREROUTING
-N neutron-vpn-agen-float-snat
-N neutron-vpn-agen-snat
-A PREROUTING -j neutron-vpn-agen-PREROUTING
-A OUTPUT -j neutron-vpn-agen-OUTPUT
-A POSTROUTING -j neutron-vpn-agen-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-postrouting-bottom -j neutron-vpn-agen-snat
-A neutron-vpn-agen-OUTPUT -d 162.13.154.41/32 -j DNAT --to-destination 172.16.1.2
-A neutron-vpn-agen-POSTROUTING ! -i qg-db90f9db-b8 ! -o qg-db90f9db-b8 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-vpn-agen-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-vpn-agen-PREROUTING -d 162.13.154.41/32 162.13.14.41/32 -j DNAT --to-destination 172.16.1.2
-A neutron-vpn-agen-float-snat -s 172.16.1.2/32 -j SNAT --to-source 162.13.154.41
162.13.14.41
-A neutron-vpn-agen-snat -j neutron-vpn-agen-float-snat
-A neutron-vpn-agen-snat -s 172.16.1.0/24 -j SNAT --to-source 162.13.154.40
162.13.14.40

Thanks,

L3 Neutron Router Issue

Im running icehouse devstack and trying to connect to an instance. Theres an external/internal network L3 router on the external network A floating IP is assigned to the instance.

Ingress - However if I SSH in i do not connect to the instance, even though ive set up a ssh key its asks for a username and password. For kicks if I use the creds for the host devstack is running on it connects to the host.

Egress - If I ping out from the instance I can hit the L3 router but do not get a ping response from 8.8.8.8. if I do a tcpdump I can see the icmp traffic leaving the host but not snat`d.

Heres the output,

root@openstack-lab:~# neutron floatingip-show d7a902fd-f914-42d4-814a-11e2f5a52bfd
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| fixed_ip_address    | 172.16.1.2                           |
| floating_ip_address | 162.13.14.41                        |
| floating_network_id | 71d986c9-32a2-4779-bb03-94ed2fc0f1de |
| id                  | d7a902fd-f914-42d4-814a-11e2f5a52bfd |
| port_id             | d5145b06-4672-41b6-b48f-2d199edc9cdc |
| router_id           | 5f5f5abd-f2fa-4424-9819-ebd86db770b7 |
| status              | ACTIVE                               |
| tenant_id           | b2162649b18840efb18314255e958990     |
+---------------------+--------------------------------------+

root@openstack-lab:~# nova list
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+
| ID                                   | Name     | Status | Task State | Power State | Networks                          |
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+
| d307519e-f95c-4956-b471-24f3bd7ea6f8 | server-1 | ACTIVE | -          | Running     | private=172.16.1.2, 162.13.14.41 |
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+

root@openstack-lab:~# neutron port-show d5145b06-4672-41b6-b48f-2d199edc9cdc
+-----------------------+-----------------------------------------------------------------------------------+
| Field                 | Value                                                                             |
+-----------------------+-----------------------------------------------------------------------------------+
| admin_state_up        | True                                                                              |
| allowed_address_pairs |                                                                                   |
| binding:host_id       | openstack-lab                                                                     |
| binding:profile       | {}                                                                                |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                    |
| binding:vif_type      | ovs                                                                               |
| binding:vnic_type     | normal                                                                            |
| device_id             | d307519e-f95c-4956-b471-24f3bd7ea6f8                                              |
| device_owner          | compute:nova                                                                      |
| extra_dhcp_opts       |                                                                                   |
| fixed_ips             | {"subnet_id": "d67908c1-9573-4494-97eb-cf214fcb6d82", "ip_address": "172.16.1.2"} |
| id                    | d5145b06-4672-41b6-b48f-2d199edc9cdc                                              |
| mac_address           | fa:16:3e:ef:99:e3                                                                 |
| name                  |                                                                                   |
| network_id            | 59037cf2-25fa-4eec-8d67-a737d850aa9b                                              |
| security_groups       | e5caad09-1d97-47f2-9886-8c2f53e5c2be                                              |
| status                | ACTIVE                                                                            |
| tenant_id             | b2162649b18840efb18314255e958990                                                  |
+-----------------------+-----------------------------------------------------------------------------------+

Everything looks ok. But not really sure why this is failing. The odd thing is I see the router port for the internal network as DOWN. Though i cant find this via the neutron command.

EDIT :

root@openstack-lab:~# ip netns exec qrouter-5f5f5abd-f2fa-4424-9819-ebd86db770b7 iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-postrouting-bottom
-N neutron-vpn-agen-OUTPUT
-N neutron-vpn-agen-POSTROUTING
-N neutron-vpn-agen-PREROUTING
-N neutron-vpn-agen-float-snat
-N neutron-vpn-agen-snat
-A PREROUTING -j neutron-vpn-agen-PREROUTING
-A OUTPUT -j neutron-vpn-agen-OUTPUT
-A POSTROUTING -j neutron-vpn-agen-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-postrouting-bottom -j neutron-vpn-agen-snat
-A neutron-vpn-agen-OUTPUT -d 162.13.154.41/32 162.13.1[Screen Shot 2015-09-11 at 20.57.52.png](/upfiles/14420017675170635.png)4.41/32 -j DNAT --to-destination 172.16.1.2
-A neutron-vpn-agen-POSTROUTING ! -i qg-db90f9db-b8 ! -o qg-db90f9db-b8 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-vpn-agen-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-vpn-agen-PREROUTING -d 162.13.14.41/32 -j DNAT --to-destination 172.16.1.2
-A neutron-vpn-agen-float-snat -s 172.16.1.2/32 -j SNAT --to-source 162.13.14.41
-A neutron-vpn-agen-snat -j neutron-vpn-agen-float-snat
-A neutron-vpn-agen-snat -s 172.16.1.0/24 -j SNAT --to-source 162.13.14.40

Thanks,

L3 Neutron Router Issue

Im running icehouse devstack and trying to connect to an instance. Theres an external/internal network L3 router on the external network A floating IP is assigned to the instance.

Ingress - However if I SSH in i do not connect to the instance, even though ive set up a ssh key its asks for a username and password. For kicks if I use the creds for the host devstack is running on it connects to the host.

Egress - If I ping out from the instance I can hit the L3 router but do not get a ping response from 8.8.8.8. if I do a tcpdump I can see the icmp traffic leaving the host but not snat`d.

Heres the output,

root@openstack-lab:~# neutron floatingip-show d7a902fd-f914-42d4-814a-11e2f5a52bfd
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| fixed_ip_address    | 172.16.1.2                           |
| floating_ip_address | 162.13.14.41                        |
| floating_network_id | 71d986c9-32a2-4779-bb03-94ed2fc0f1de |
| id                  | d7a902fd-f914-42d4-814a-11e2f5a52bfd |
| port_id             | d5145b06-4672-41b6-b48f-2d199edc9cdc |
| router_id           | 5f5f5abd-f2fa-4424-9819-ebd86db770b7 |
| status              | ACTIVE                               |
| tenant_id           | b2162649b18840efb18314255e958990     |
+---------------------+--------------------------------------+

root@openstack-lab:~# nova list
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+
| ID                                   | Name     | Status | Task State | Power State | Networks                          |
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+
| d307519e-f95c-4956-b471-24f3bd7ea6f8 | server-1 | ACTIVE | -          | Running     | private=172.16.1.2, 162.13.14.41 |
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+

root@openstack-lab:~# neutron port-show d5145b06-4672-41b6-b48f-2d199edc9cdc
+-----------------------+-----------------------------------------------------------------------------------+
| Field                 | Value                                                                             |
+-----------------------+-----------------------------------------------------------------------------------+
| admin_state_up        | True                                                                              |
| allowed_address_pairs |                                                                                   |
| binding:host_id       | openstack-lab                                                                     |
| binding:profile       | {}                                                                                |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                    |
| binding:vif_type      | ovs                                                                               |
| binding:vnic_type     | normal                                                                            |
| device_id             | d307519e-f95c-4956-b471-24f3bd7ea6f8                                              |
| device_owner          | compute:nova                                                                      |
| extra_dhcp_opts       |                                                                                   |
| fixed_ips             | {"subnet_id": "d67908c1-9573-4494-97eb-cf214fcb6d82", "ip_address": "172.16.1.2"} |
| id                    | d5145b06-4672-41b6-b48f-2d199edc9cdc                                              |
| mac_address           | fa:16:3e:ef:99:e3                                                                 |
| name                  |                                                                                   |
| network_id            | 59037cf2-25fa-4eec-8d67-a737d850aa9b                                              |
| security_groups       | e5caad09-1d97-47f2-9886-8c2f53e5c2be                                              |
| status                | ACTIVE                                                                            |
| tenant_id             | b2162649b18840efb18314255e958990                                                  |
+-----------------------+-----------------------------------------------------------------------------------+

Everything looks ok. But not really sure why this is failing. The odd thing is I see the router port for the internal network as DOWN. Though i cant find this via the neutron command.

EDIT :

root@openstack-lab:~# ip netns exec qrouter-5f5f5abd-f2fa-4424-9819-ebd86db770b7 iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-postrouting-bottom
-N neutron-vpn-agen-OUTPUT
-N neutron-vpn-agen-POSTROUTING
-N neutron-vpn-agen-PREROUTING
-N neutron-vpn-agen-float-snat
-N neutron-vpn-agen-snat
-A PREROUTING -j neutron-vpn-agen-PREROUTING
-A OUTPUT -j neutron-vpn-agen-OUTPUT
-A POSTROUTING -j neutron-vpn-agen-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-postrouting-bottom -j neutron-vpn-agen-snat
-A neutron-vpn-agen-OUTPUT -d 162.13.1[Screen Shot 2015-09-11 at 20.57.52.png](/upfiles/14420017675170635.png)4.41/32 -j DNAT --to-destination 172.16.1.2
-A neutron-vpn-agen-POSTROUTING ! -i qg-db90f9db-b8 ! -o qg-db90f9db-b8 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-vpn-agen-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-vpn-agen-PREROUTING -d 162.13.14.41/32 -j DNAT --to-destination 172.16.1.2
-A neutron-vpn-agen-float-snat -s 172.16.1.2/32 -j SNAT --to-source 162.13.14.41
-A neutron-vpn-agen-snat -j neutron-vpn-agen-float-snat
-A neutron-vpn-agen-snat -s 172.16.1.0/24 -j SNAT --to-source 162.13.14.40

image description

Thanks,

L3 Neutron Router Issue

Im running icehouse devstack and trying to connect to an instance. Theres an external/internal network L3 router on the external network A floating IP is assigned to the instance.

Ingress - However if I SSH in i do not connect to the instance, even though ive set up a ssh key its asks for a username and password. For kicks if I use the creds for the host devstack is running on it connects to the host.

Egress - If I ping out from the instance I can hit the L3 router but do not get a ping response from 8.8.8.8. if I do a tcpdump I can see the icmp traffic leaving the host but not snat`d.

Heres the output,

root@openstack-lab:~# neutron floatingip-show d7a902fd-f914-42d4-814a-11e2f5a52bfd
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| fixed_ip_address    | 172.16.1.2                           |
| floating_ip_address | 162.13.14.41                        |
| floating_network_id | 71d986c9-32a2-4779-bb03-94ed2fc0f1de |
| id                  | d7a902fd-f914-42d4-814a-11e2f5a52bfd |
| port_id             | d5145b06-4672-41b6-b48f-2d199edc9cdc |
| router_id           | 5f5f5abd-f2fa-4424-9819-ebd86db770b7 |
| status              | ACTIVE                               |
| tenant_id           | b2162649b18840efb18314255e958990     |
+---------------------+--------------------------------------+

root@openstack-lab:~# nova list
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+
| ID                                   | Name     | Status | Task State | Power State | Networks                          |
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+
| d307519e-f95c-4956-b471-24f3bd7ea6f8 | server-1 | ACTIVE | -          | Running     | private=172.16.1.2, 162.13.14.41 |
+--------------------------------------+----------+--------+------------+-------------+-----------------------------------+

root@openstack-lab:~# neutron port-show d5145b06-4672-41b6-b48f-2d199edc9cdc
+-----------------------+-----------------------------------------------------------------------------------+
| Field                 | Value                                                                             |
+-----------------------+-----------------------------------------------------------------------------------+
| admin_state_up        | True                                                                              |
| allowed_address_pairs |                                                                                   |
| binding:host_id       | openstack-lab                                                                     |
| binding:profile       | {}                                                                                |
| binding:vif_details   | {"port_filter": true, "ovs_hybrid_plug": true}                                    |
| binding:vif_type      | ovs                                                                               |
| binding:vnic_type     | normal                                                                            |
| device_id             | d307519e-f95c-4956-b471-24f3bd7ea6f8                                              |
| device_owner          | compute:nova                                                                      |
| extra_dhcp_opts       |                                                                                   |
| fixed_ips             | {"subnet_id": "d67908c1-9573-4494-97eb-cf214fcb6d82", "ip_address": "172.16.1.2"} |
| id                    | d5145b06-4672-41b6-b48f-2d199edc9cdc                                              |
| mac_address           | fa:16:3e:ef:99:e3                                                                 |
| name                  |                                                                                   |
| network_id            | 59037cf2-25fa-4eec-8d67-a737d850aa9b                                              |
| security_groups       | e5caad09-1d97-47f2-9886-8c2f53e5c2be                                              |
| status                | ACTIVE                                                                            |
| tenant_id             | b2162649b18840efb18314255e958990                                                  |
+-----------------------+-----------------------------------------------------------------------------------+

Everything looks ok. But not really sure why this is failing. The odd thing is I see the router port for the internal network as DOWN. Though i cant find this via the neutron command.

EDIT :

root@openstack-lab:~# ip netns exec qrouter-5f5f5abd-f2fa-4424-9819-ebd86db770b7 iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-postrouting-bottom
-N neutron-vpn-agen-OUTPUT
-N neutron-vpn-agen-POSTROUTING
-N neutron-vpn-agen-PREROUTING
-N neutron-vpn-agen-float-snat
-N neutron-vpn-agen-snat
-A PREROUTING -j neutron-vpn-agen-PREROUTING
-A OUTPUT -j neutron-vpn-agen-OUTPUT
-A POSTROUTING -j neutron-vpn-agen-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-postrouting-bottom -j neutron-vpn-agen-snat
-A neutron-vpn-agen-OUTPUT -d 162.13.1[Screen Shot 2015-09-11 at 20.57.52.png](/upfiles/14420017675170635.png)4.41/32 -j DNAT --to-destination 172.16.1.2
-A neutron-vpn-agen-POSTROUTING ! -i qg-db90f9db-b8 ! -o qg-db90f9db-b8 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-vpn-agen-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-vpn-agen-PREROUTING -d 162.13.14.41/32 -j DNAT --to-destination 172.16.1.2
-A neutron-vpn-agen-float-snat -s 172.16.1.2/32 -j SNAT --to-source 162.13.14.41
-A neutron-vpn-agen-snat -j neutron-vpn-agen-float-snat
-A neutron-vpn-agen-snat -s 172.16.1.0/24 -j SNAT --to-source 162.13.14.40

image description

Thanks,EDIT 2 :

From looking at the port I can see it is unbound.

+-----------------------+--------------------------------------------------------------------------------------+
| Field                 | Value                                                                                |
+-----------------------+--------------------------------------------------------------------------------------+
| admin_state_up        | True                                                                                 |
| allowed_address_pairs |                                                                                      |
| binding:host_id       |                                                                                      |
| binding:profile       | {}                                                                                   |
| binding:vif_details   | {}                                                                                   |
| binding:vif_type      | unbound                                                                              |
| binding:vnic_type     | normal                                                                               |
| device_id             | d7a902fd-f914-42d4-814a-11e2f5a52bfd                                                 |
| device_owner          | network:floatingip                                                                   |
| extra_dhcp_opts       |                                                                                      |
| fixed_ips             | {"subnet_id": "6e8c36e4-030e-4142-9429-40097efcc3aa", "ip_address": "162.13.154.41"} |
| id                    | e2a703da-530b-41b4-8655-24b92766741f                                                 |
| mac_address           | fa:16:3e:84:ac:08                                                                    |
| name                  |                                                                                      |
| network_id            | 71d986c9-32a2-4779-bb03-94ed2fc0f1de                                                 |
| security_groups       |                                                                                      |
| status                | DOWN                                                                                 |
| tenant_id             |                                                                                      |
+-----------------------+--------------------------------------------------------------------------------------+

Thanks