Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

In havana-3, cannot ssh or ping to floating ips

In my test env, I cannot ping or ssh to floating IPs. There is no warning or errors on log files and the other operations are working well.

I can ssh to VMs thru ip netns exec qrouter-xxx ssh cirros@floatingip or VNC and also can ping to google.com from VMs. However In a VM, I cannot ping to VM's floating IPs assigned to VM itself or any other floating IPs
and from the server(eg. from controller node), I cannot ping or ssh to floating IPs which assigned to VMs.

my env: - host machine : mac - servers: ubuntu server 12.04 vms on vmware fusion - configuration: controller node1, compute node2, network node1

please, check my settings and test result as following:


# checking settings on controller node

root@controller:~# nova-manage version 2013.2

root@controller:~# nova-manage service list Binary Host Zone Status State Updated_At nova-cert controller internal enabled :-) 2013-12-04 19:21:45 nova-conductor controller internal enabled :-) 2013-12-04 19:21:52 nova-consoleauth controller internal enabled :-) 2013-12-04 19:21:45 nova-scheduler controller internal enabled :-) 2013-12-04 19:21:45 nova-compute compute1 nova enabled :-) 2013-12-04 19:21:52 nova-compute compute2 nova enabled :-) 2013-12-04 19:21:52

root@controller:~# neutron agent-list +--------------------------------------+--------------------+----------+-------+----------------+ | id | agent_type | host | alive | admin_state_up | +--------------------------------------+--------------------+----------+-------+----------------+ | 6ddb5b44-c085-44a7-a7a6-d910842b651a | Open vSwitch agent | compute2 | :-) | True | | 975b2e01-187e-46c7-8c7e-ab7637c7ef8f | Open vSwitch agent | network | :-) | True | | 9dec45ed-15f8-4bef-b9df-c679712e75ff | L3 agent | network | :-) | True | | ae92c0a3-5f2f-4049-80ff-84863901ee62 | Open vSwitch agent | compute1 | :-) | True | | c122a019-5fad-4376-bd73-94886007af82 | DHCP agent | network | :-) | True | +--------------------------------------+--------------------+----------+-------+----------------+

root@controller:~# nova list +--------------------------------------+------+--------+------------+------------- | ID | Name | Status | Task State | Power State | Networks
+--------------------------------------+------+--------+------------+------------- | d9ebad3e-b5dd-4979-b5de-c37427d3e7ad | vm1 | ACTIVE | None | Running | proj1-net2=10.1.2.4, 7.7.7.222 | cde6f2d9-11a3-4113-8fb4-54e48f374ce0 | vm2 | ACTIVE | None | Running | proj1-net1=10.1.1.4, 7.7.7.223 | e0d6cc74-e33f-4584-b6b8-13814bfa5b14 | vm3 | ACTIVE | None | Running | proj1-net2=10.1.2.3, 7.7.7.221 | 85ab43d9-d55a-4675-80be-30bf51f82d41 | vm4 | ACTIVE | None | Running | proj1-net1=10.1.1.5 +--------------------------------------+------+--------+------------+-------------

root@controller:~# neutron floatingip-list +--------------------------------------+------------------+---------------------+--------------------------------------+ | id | fixed_ip_address | floating_ip_address | port_id | +--------------------------------------+------------------+---------------------+--------------------------------------+ | 4128da24-8003-4b4e-aaf2-24fb93de484f | 10.1.1.4 | 7.7.7.223 | 8691d117-dd06-40dc-a562-72e2f7739001 | | 7f5eb983-1d64-43c2-a0a2-78057fe70ed0 | 10.1.2.3 | 7.7.7.221 | ac47dcf1-eea9-4d89-953c-a8595eafa520 | | 94fa8979-6d97-4fd6-8335-955f5c422454 | 10.1.2.4 | 7.7.7.222 | 26a25a42-6206-4e3d-98f3-ae2a7a75aab1 | +--------------------------------------+------------------+---------------------+--------------------------------------+

root@controller:~# source rcs/adminrc root@controller:~# neutron subnet-list +--------------------------------------+-----------------+-------------+--------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+-----------------+-------------+--------------------------------------------+ | 0e9aa126-062e-4ce7-9ca2-0185d2e89148 | proj1-subnet1 | 10.1.1.0/24 | {"start": "10.1.1.2", "end": "10.1.1.254"} | | 250762da-a9e4-4596-a306-a27bd3eb7f34 | proj1-subnet2 | 10.1.2.0/24 | {"start": "10.1.2.2", "end": "10.1.2.254"} | | 507d9c6c-1c66-4811-b53e-2fe648fe2412 | floatingip-pool | 7.7.7.0/24 | {"start": "7.7.7.220", "end": "7.7.7.240"} | +--------------------------------------+-----------------+-------------+--------------------------------------------+

check for subnet of external network, or floatingip pool

root@controller:~# neutron subnet-show floatingip-pool +------------------+--------------------------------------------+ | Field | Value | +------------------+--------------------------------------------+ | allocation_pools | {"start": "7.7.7.220", "end": "7.7.7.240"} | | cidr | 7.7.7.0/24 | | dns_nameservers | 8.8.4.4 | | | 8.8.8.8 | | enable_dhcp | False | | gateway_ip | 7.7.7.2 | | host_routes | | | id | 507d9c6c-1c66-4811-b53e-2fe648fe2412 | | ip_version | 4 | | name | floatingip-pool | | network_id | 47ecd126-df21-4b8e-9c1b-2250d30bbc5f | | tenant_id | 7c2bc4411f994795ab4ae94c594d4fba | +------------------+--------------------------------------------+

ping to external gateway from controller : OK

root@controller:~# ping -c1 7.7.7.2 PING 7.7.7.2 (7.7.7.2) 56(84) bytes of data. 64 bytes from 7.7.7.2: icmp_req=1 ttl=128 time=0.498 ms

ping to external URL from controller : OK

root@controller:~# ping -c1 www.google.com PING www.google.com (173.194.127.84) 56(84) bytes of data. 64 bytes from hkg03s11-in-f20.1e100.net (173.194.127.84): icmp_req=1 ttl=128 time=137 ms

check router-gateway port & ip address

root@controller:~# neutron port-show 58dbc3a3-78dd-4cbc-9b6b-2b9976be1b08 +-----------------------+----------------------------------------------------------------------------------+ | Field | Value | +-----------------------+----------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | binding:capabilities | {"port_filter": true} | | binding:host_id | network | | binding:vif_type | ovs | | device_id | 8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 | | device_owner | network:router_gateway | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "507d9c6c-1c66-4811-b53e-2fe648fe2412", "ip_address": "7.7.7.220"} | | id | 58dbc3a3-78dd-4cbc-9b6b-2b9976be1b08 | | mac_address | fa:16:3e:d9:c8:b2 | | name | | | network_id | 47ecd126-df21-4b8e-9c1b-2250d30bbc5f | | security_groups | | | status | DOWN | | tenant_id | | +-----------------------+----------------------------------------------------------------------------------+

ping to router-gateway from controller : OK

root@controller:~# ping -c1 7.7.7.220 PING 7.7.7.220 (7.7.7.220) 56(84) bytes of data. 64 bytes from 7.7.7.220: icmp_req=1 ttl=64 time=0.672 ms

ping to floating-ip from controller : FAIL

root@controller:~# ping -c1 7.7.7.221 PING 7.7.7.221 (7.7.7.221) 56(84) bytes of data.

--- 7.7.7.221 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms

root@controller:~# ping -c1 7.7.7.222 PING 7.7.7.222 (7.7.7.222) 56(84) bytes of data.

--- 7.7.7.222 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms

root@controller:~# ping -c1 7.7.7.223 PING 7.7.7.223 (7.7.7.223) 56(84) bytes of data.

--- 7.7.7.223 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms


# checking settings on network node

check qrouter ip address

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ip a 1: lo: <loopback,up,lower_up> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: qr-007778eb-dc: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether fa:16:3e:d0:38:7d brd ff:ff:ff:ff:ff:ff inet 10.1.2.1/24 brd 10.1.2.255 scope global qr-007778eb-dc inet6 fe80::f816:3eff:fed0:387d/64 scope link valid_lft forever preferred_lft forever 3: qr-aa8dbee1-da: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether fa:16:3e:54:8f:1d brd ff:ff:ff:ff:ff:ff inet 10.1.1.1/24 brd 10.1.1.255 scope global qr-aa8dbee1-da inet6 fe80::f816:3eff:fe54:8f1d/64 scope link valid_lft forever preferred_lft forever 4: qg-58dbc3a3-78: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether fa:16:3e:d9:c8:b2 brd ff:ff:ff:ff:ff:ff inet 7.7.7.220/24 brd 7.7.7.255 scope global qg-58dbc3a3-78 inet 7.7.7.223/32 brd 7.7.7.223 scope global qg-58dbc3a3-78 inet 7.7.7.221/32 brd 7.7.7.221 scope global qg-58dbc3a3-78 inet 7.7.7.222/32 brd 7.7.7.222 scope global qg-58dbc3a3-78 inet6 fe80::f816:3eff:fed9:c8b2/64 scope link valid_lft forever preferred_lft forever

check qrouter iptables filter table

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 iptables -t filter -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -N neutron-filter-top -N neutron-l3-agent-FORWARD -N neutron-l3-agent-INPUT -N neutron-l3-agent-OUTPUT -N neutron-l3-agent-local -A INPUT -j neutron-l3-agent-INPUT -A FORWARD -j neutron-filter-top -A FORWARD -j neutron-l3-agent-FORWARD -A OUTPUT -j neutron-filter-top -A OUTPUT -j neutron-l3-agent-OUTPUT -A neutron-filter-top -j neutron-l3-agent-local -A neutron-l3-agent-INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 9697 -j ACCEPT

check qrouter iptables nat table

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 iptables -t nat -S -P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -N neutron-l3-agent-OUTPUT -N neutron-l3-agent-POSTROUTING -N neutron-l3-agent-PREROUTING -N neutron-l3-agent-float-snat -N neutron-l3-agent-snat -N neutron-postrouting-bottom -A PREROUTING -j neutron-l3-agent-PREROUTING -A OUTPUT -j neutron-l3-agent-OUTPUT -A POSTROUTING -j neutron-l3-agent-POSTROUTING -A POSTROUTING -j neutron-postrouting-bottom -A neutron-l3-agent-OUTPUT -d 7.7.7.223/32 -j DNAT --to-destination 10.1.1.4 -A neutron-l3-agent-OUTPUT -d 7.7.7.221/32 -j DNAT --to-destination 10.1.2.3 -A neutron-l3-agent-OUTPUT -d 7.7.7.222/32 -j DNAT --to-destination 10.1.2.4 -A neutron-l3-agent-POSTROUTING ! -i qg-58dbc3a3-78 ! -o qg-58dbc3a3-78 -m conntrack ! --ctstate DNAT -j ACCEPT -A neutron-l3-agent-PREROUTING -d 7.7.7.223/32 -j DNAT --to-destination 10.1.1.4 -A neutron-l3-agent-PREROUTING -d 7.7.7.221/32 -j DNAT --to-destination 10.1.2.3 -A neutron-l3-agent-PREROUTING -d 7.7.7.222/32 -j DNAT --to-destination 10.1.2.4 -A neutron-l3-agent-float-snat -s 10.1.1.4/32 -j SNAT --to-source 7.7.7.223 -A neutron-l3-agent-float-snat -s 10.1.2.3/32 -j SNAT --to-source 7.7.7.221 -A neutron-l3-agent-float-snat -s 10.1.2.4/32 -j SNAT --to-source 7.7.7.222 -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat -A neutron-l3-agent-snat -s 10.1.2.0/24 -j SNAT --to-source 7.7.7.220 -A neutron-l3-agent-snat -s 10.1.1.0/24 -j SNAT --to-source 7.7.7.220 -A neutron-postrouting-bottom -j neutron-l3-agent-snat

ping to vm fixed ip from qrouter : OK

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 10.1.1.4 PING 10.1.1.4 (10.1.1.4) 56(84) bytes of data. 64 bytes from 10.1.1.4: icmp_req=1 ttl=64 time=3.10 ms

--- 10.1.1.4 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.109/3.109/3.109/0.000 ms root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 10.1.1.5 PING 10.1.1.5 (10.1.1.5) 56(84) bytes of data. 64 bytes from 10.1.1.5: icmp_req=1 ttl=64 time=2.55 ms

--- 10.1.1.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.558/2.558/2.558/0.000 ms root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 10.1.2.3 PING 10.1.2.3 (10.1.2.3) 56(84) bytes of data. 64 bytes from 10.1.2.3: icmp_req=1 ttl=64 time=3.11 ms

--- 10.1.2.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.115/3.115/3.115/0.000 ms root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 10.1.2.4 PING 10.1.2.4 (10.1.2.4) 56(84) bytes of data. 64 bytes from 10.1.2.4: icmp_req=1 ttl=64 time=2.35 ms

--- 10.1.2.4 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.358/2.358/2.358/0.000 ms root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 10.1.2.5 PING 10.1.2.5 (10.1.2.5) 56(84) bytes of data. 64 bytes from 10.1.2.5: icmp_req=1 ttl=64 time=2.76 ms

--- 10.1.2.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.761/2.761/2.761/0.000 ms

ping to external gateway from qrouter : OK

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 7.7.7.2 PING 7.7.7.2 (7.7.7.2) 56(84) bytes of data. 64 bytes from 7.7.7.2: icmp_req=1 ttl=128 time=0.945 ms

--- 7.7.7.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.945/0.945/0.945/0.000 ms

ping to external URL from qrouter : OK

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 www.google.com PING www.google.com (173.194.127.82) 56(84) bytes of data. 64 bytes from hkg03s11-in-f18.1e100.net (173.194.127.82): icmp_req=1 ttl=128 time=112 ms

--- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 112.185/112.185/112.185/0.000 ms

ping to router-gateway of qrouter from qrouter : OK

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 7.7.7.220 PING 7.7.7.220 (7.7.7.220) 56(84) bytes of data. 64 bytes from 7.7.7.220: icmp_req=1 ttl=64 time=0.104 ms

--- 7.7.7.220 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.104/0.104/0.104/0.000 ms

ping to floatingips from qrouter : FAIL

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 7.7.7.221 PING 7.7.7.221 (7.7.7.221) 56(84) bytes of data.

--- 7.7.7.221 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 7.7.7.222 PING 7.7.7.222 (7.7.7.222) 56(84) bytes of data.

--- 7.7.7.222 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 7.7.7.223 PING 7.7.7.223 (7.7.7.223) 56(84) bytes of data.

--- 7.7.7.223 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms


# configurations : neutron.conf in controller

root@controller:~# cat /etc/neutron/neutron.conf [DEFAULT] debug = True state_path = /var/lib/neutron lock_path = $state_path/lock core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2

service_plugins = neutron.services.firewall.fwaas_plugin.FirewallPlugin

allow_overlapping_ips = True rabbit_host = controller rabbit_password = openstack notification_driver = neutron.openstack.common.notifier.rpc_notifier

[quotas]

[agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

[keystone_authtoken] auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = neutron admin_password = openstack signing_dir = $state_path/keystone-signing

[database] connection = mysql://neutron:openstack@controller:3306/neutron

[service_providers] service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default


# configurations : ovs_neutron_plugin.ini in controller

root@controller:~# cat /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini [ovs] tenant_network_type = gre tunnel_id_ranges = 1:1000 integration_bridge = br-int tunnel_bridge = br-tun

local_ip = 10.1.0.101

enable_tunneling = True

[database] connection = mysql://neutron:openstack@controller:3306/neutron

[agent]

[securitygroup] firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver


# configurations : neutron.conf in network node

root@network:~# cat /etc/neutron/neutron.conf [DEFAULT] state_path = /var/lib/neutron lock_path = $state_path/lock core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2

service_plugins = neutron.services.firewall.fwaas_plugin.FirewallPlugin

service_plugins = neutron.plugins.services.agent_loadbalancer.plugin.LoadBalancerPlugin

allow_overlapping_ips = True notification_driver = neutron.openstack.common.notifier.rpc_notifier rabbit_host = controller rabbit_password = openstack

[quotas]

[agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

[keystone_authtoken] auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = neutron admin_password = openstack signing_dir = $state_path/keystone-signing

[database] connection = mysql://neutron:openstack@controller/neutron

[service_providers] service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default


# configurations : ovs_neutron_plugin.ini in network node

root@network:~# cat /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini [ovs] tenant_network_type = gre tunnel_id_ranges = 1:1000 integration_bridge = br-int tunnel_bridge = br-tun local_ip = 10.0.0.12 enable_tunneling = True

[database] connection = mysql://neutron:openstack@controller:3306/neutron

[agent]

[securitygroup] firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver


# configurations : neutron.conf in compute node

oot@compute1:~# root@compute1:~# cat /etc/neutron/neutron.conf [DEFAULT] debug = True verbose = True state_path = /var/lib/neutron lock_path = $state_path/lock core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2 allow_overlapping_ips = True notification_driver = neutron.openstack.common.notifier.rpc_notifier rabbit_host = controller rabbit_password = openstack

[quotas]

[agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

[keystone_authtoken] auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = neutron admin_password = openstack signing_dir = $state_path/keystone-signing

[database] connection = mysql://neutron:openstack@controller/neutron

[service_providers] service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default


# configurations : ovs_neutron_plugin.ini in compute node

root@compute1:~# cat /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini [ovs] tenant_network_type = gre tunnel_id_ranges = 1:1000 integration_bridge = br-int tunnel_bridge = br-tun local_ip = 10.0.0.101 enable_tunneling = True

[database] connection = mysql://neutron:openstack@controller:3306/neutron

[agent]

[securitygroup]

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver


# tcpdump test


ping: controller(7.7.7.11) --> floating ip 7.7.7.221 : FAIL

root@controller:~# ping -I eth0 -c1 7.7.7.221 PING 7.7.7.221 (7.7.7.221) from 7.7.7.11 eth0: 56(84) bytes of data. From 7.7.7.221 icmp_seq=1 Destination Host Unreachable

--- 7.7.7.221 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 tcpdump -i any -n -v 'icmp[icmptype] = icmp-echoreply or icmp[icmptype] = icmp-echo' tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes ^C05:02:08.788818 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 7.7.7.11 > 7.7.7.221: ICMP echo request, id 19627, seq 1, length 64

1 packet captured 1 packet received by filter 0 packets dropped by kernel


ping: VM(fixed ip: 10.1.1.4) --> floating ip 7.7.7.221 : FAIL

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ssh cirros@10.1.1.4 cirros@10.1.1.4's password: $ ping -c1 7.7.7.221 PING 7.7.7.221 (7.7.7.221): 56 data bytes

--- 7.7.7.221 ping statistics --- 1 packets transmitted, 0 packets received, 100% packet loss

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 tcpdump -i any -n -v 'icmp[icmptype] = icmp-echoreply or icmp[icmptype] = icmp-echo' tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes ^C05:06:42.821897 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 10.1.1.4 > 7.7.7.221: ICMP echo request, id 26369, seq 0, length 64

1 packet captured 1 packet received by filter 0 packets dropped by kernel

In havana-3, cannot ssh or ping to floating ips

In my test env, I cannot ping or ssh to floating IPs. There is no warning or errors on log files and the other operations are working well.

I can ssh to VMs thru ip netns exec qrouter-xxx ssh cirros@floatingip or VNC and also can ping to google.com from VMs. However In a VM, I cannot ping to VM's floating IPs assigned to VM itself or any other floating IPs
and from the server(eg. from controller node), I cannot ping or ssh to floating IPs which assigned to VMs.

my env: - host machine : mac - servers: ubuntu server 12.04 vms on vmware fusion - configuration: controller node1, compute node2, network node1

please, check my settings and test result as following:


# checking settings on controller node

root@controller:~# nova-manage version 2013.2following url:

root@controller:~# nova-manage service list Binary Host Zone Status State Updated_At nova-cert controller internal enabled :-) 2013-12-04 19:21:45 nova-conductor controller internal enabled :-) 2013-12-04 19:21:52 nova-consoleauth controller internal enabled :-) 2013-12-04 19:21:45 nova-scheduler controller internal enabled :-) 2013-12-04 19:21:45 nova-compute compute1 nova enabled :-) 2013-12-04 19:21:52 nova-compute compute2 nova enabled :-) 2013-12-04 19:21:52

root@controller:~# neutron agent-list +--------------------------------------+--------------------+----------+-------+----------------+ | id | agent_type | host | alive | admin_state_up | +--------------------------------------+--------------------+----------+-------+----------------+ | 6ddb5b44-c085-44a7-a7a6-d910842b651a | Open vSwitch agent | compute2 | :-) | True | | 975b2e01-187e-46c7-8c7e-ab7637c7ef8f | Open vSwitch agent | network | :-) | True | | 9dec45ed-15f8-4bef-b9df-c679712e75ff | L3 agent | network | :-) | True | | ae92c0a3-5f2f-4049-80ff-84863901ee62 | Open vSwitch agent | compute1 | :-) | True | | c122a019-5fad-4376-bd73-94886007af82 | DHCP agent | network | :-) | True | +--------------------------------------+--------------------+----------+-------+----------------+

root@controller:~# nova list +--------------------------------------+------+--------+------------+------------- | ID | Name | Status | Task State | Power State | Networks
+--------------------------------------+------+--------+------------+------------- | d9ebad3e-b5dd-4979-b5de-c37427d3e7ad | vm1 | ACTIVE | None | Running | proj1-net2=10.1.2.4, 7.7.7.222 | cde6f2d9-11a3-4113-8fb4-54e48f374ce0 | vm2 | ACTIVE | None | Running | proj1-net1=10.1.1.4, 7.7.7.223 | e0d6cc74-e33f-4584-b6b8-13814bfa5b14 | vm3 | ACTIVE | None | Running | proj1-net2=10.1.2.3, 7.7.7.221 | 85ab43d9-d55a-4675-80be-30bf51f82d41 | vm4 | ACTIVE | None | Running | proj1-net1=10.1.1.5 +--------------------------------------+------+--------+------------+-------------

root@controller:~# neutron floatingip-list +--------------------------------------+------------------+---------------------+--------------------------------------+ | id | fixed_ip_address | floating_ip_address | port_id | +--------------------------------------+------------------+---------------------+--------------------------------------+ | 4128da24-8003-4b4e-aaf2-24fb93de484f | 10.1.1.4 | 7.7.7.223 | 8691d117-dd06-40dc-a562-72e2f7739001 | | 7f5eb983-1d64-43c2-a0a2-78057fe70ed0 | 10.1.2.3 | 7.7.7.221 | ac47dcf1-eea9-4d89-953c-a8595eafa520 | | 94fa8979-6d97-4fd6-8335-955f5c422454 | 10.1.2.4 | 7.7.7.222 | 26a25a42-6206-4e3d-98f3-ae2a7a75aab1 | +--------------------------------------+------------------+---------------------+--------------------------------------+

root@controller:~# source rcs/adminrc root@controller:~# neutron subnet-list +--------------------------------------+-----------------+-------------+--------------------------------------------+ | id | name | cidr | allocation_pools | +--------------------------------------+-----------------+-------------+--------------------------------------------+ | 0e9aa126-062e-4ce7-9ca2-0185d2e89148 | proj1-subnet1 | 10.1.1.0/24 | {"start": "10.1.1.2", "end": "10.1.1.254"} | | 250762da-a9e4-4596-a306-a27bd3eb7f34 | proj1-subnet2 | 10.1.2.0/24 | {"start": "10.1.2.2", "end": "10.1.2.254"} | | 507d9c6c-1c66-4811-b53e-2fe648fe2412 | floatingip-pool | 7.7.7.0/24 | {"start": "7.7.7.220", "end": "7.7.7.240"} | +--------------------------------------+-----------------+-------------+--------------------------------------------+

check for subnet of external network, or floatingip pool

root@controller:~# neutron subnet-show floatingip-pool +------------------+--------------------------------------------+ | Field | Value | +------------------+--------------------------------------------+ | allocation_pools | {"start": "7.7.7.220", "end": "7.7.7.240"} | | cidr | 7.7.7.0/24 | | dns_nameservers | 8.8.4.4 | | | 8.8.8.8 | | enable_dhcp | False | | gateway_ip | 7.7.7.2 | | host_routes | | | id | 507d9c6c-1c66-4811-b53e-2fe648fe2412 | | ip_version | 4 | | name | floatingip-pool | | network_id | 47ecd126-df21-4b8e-9c1b-2250d30bbc5f | | tenant_id | 7c2bc4411f994795ab4ae94c594d4fba | +------------------+--------------------------------------------+

ping to external gateway from controller : OK

root@controller:~# ping -c1 7.7.7.2 PING 7.7.7.2 (7.7.7.2) 56(84) bytes of data. 64 bytes from 7.7.7.2: icmp_req=1 ttl=128 time=0.498 ms

ping to external URL from controller : OK

root@controller:~# ping -c1 www.google.com PING www.google.com (173.194.127.84) 56(84) bytes of data. 64 bytes from hkg03s11-in-f20.1e100.net (173.194.127.84): icmp_req=1 ttl=128 time=137 ms

check router-gateway port & ip address

root@controller:~# neutron port-show 58dbc3a3-78dd-4cbc-9b6b-2b9976be1b08 +-----------------------+----------------------------------------------------------------------------------+ | Field | Value | +-----------------------+----------------------------------------------------------------------------------+ | admin_state_up | True | | allowed_address_pairs | | | binding:capabilities | {"port_filter": true} | | binding:host_id | network | | binding:vif_type | ovs | | device_id | 8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 | | device_owner | network:router_gateway | | extra_dhcp_opts | | | fixed_ips | {"subnet_id": "507d9c6c-1c66-4811-b53e-2fe648fe2412", "ip_address": "7.7.7.220"} | | id | 58dbc3a3-78dd-4cbc-9b6b-2b9976be1b08 | | mac_address | fa:16:3e:d9:c8:b2 | | name | | | network_id | 47ecd126-df21-4b8e-9c1b-2250d30bbc5f | | security_groups | | | status | DOWN | | tenant_id | | +-----------------------+----------------------------------------------------------------------------------+

ping to router-gateway from controller : OK

root@controller:~# ping -c1 7.7.7.220 PING 7.7.7.220 (7.7.7.220) 56(84) bytes of data. 64 bytes from 7.7.7.220: icmp_req=1 ttl=64 time=0.672 ms

ping to floating-ip from controller : FAIL

root@controller:~# ping -c1 7.7.7.221 PING 7.7.7.221 (7.7.7.221) 56(84) bytes of data.

--- 7.7.7.221 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms

root@controller:~# ping -c1 7.7.7.222 PING 7.7.7.222 (7.7.7.222) 56(84) bytes of data.

--- 7.7.7.222 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms

root@controller:~# ping -c1 7.7.7.223 PING 7.7.7.223 (7.7.7.223) 56(84) bytes of data.

--- 7.7.7.223 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms


# checking settings on network node

check qrouter ip address

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ip a 1: lo: <loopback,up,lower_up> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: qr-007778eb-dc: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether fa:16:3e:d0:38:7d brd ff:ff:ff:ff:ff:ff inet 10.1.2.1/24 brd 10.1.2.255 scope global qr-007778eb-dc inet6 fe80::f816:3eff:fed0:387d/64 scope link valid_lft forever preferred_lft forever 3: qr-aa8dbee1-da: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether fa:16:3e:54:8f:1d brd ff:ff:ff:ff:ff:ff inet 10.1.1.1/24 brd 10.1.1.255 scope global qr-aa8dbee1-da inet6 fe80::f816:3eff:fe54:8f1d/64 scope link valid_lft forever preferred_lft forever 4: qg-58dbc3a3-78: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether fa:16:3e:d9:c8:b2 brd ff:ff:ff:ff:ff:ff inet 7.7.7.220/24 brd 7.7.7.255 scope global qg-58dbc3a3-78 inet 7.7.7.223/32 brd 7.7.7.223 scope global qg-58dbc3a3-78 inet 7.7.7.221/32 brd 7.7.7.221 scope global qg-58dbc3a3-78 inet 7.7.7.222/32 brd 7.7.7.222 scope global qg-58dbc3a3-78 inet6 fe80::f816:3eff:fed9:c8b2/64 scope link valid_lft forever preferred_lft forever

check qrouter iptables filter table

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 iptables -t filter -S -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -N neutron-filter-top -N neutron-l3-agent-FORWARD -N neutron-l3-agent-INPUT -N neutron-l3-agent-OUTPUT -N neutron-l3-agent-local -A INPUT -j neutron-l3-agent-INPUT -A FORWARD -j neutron-filter-top -A FORWARD -j neutron-l3-agent-FORWARD -A OUTPUT -j neutron-filter-top -A OUTPUT -j neutron-l3-agent-OUTPUT -A neutron-filter-top -j neutron-l3-agent-local -A neutron-l3-agent-INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 9697 -j ACCEPT

check qrouter iptables nat table

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 iptables -t nat -S -P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -N neutron-l3-agent-OUTPUT -N neutron-l3-agent-POSTROUTING -N neutron-l3-agent-PREROUTING -N neutron-l3-agent-float-snat -N neutron-l3-agent-snat -N neutron-postrouting-bottom -A PREROUTING -j neutron-l3-agent-PREROUTING -A OUTPUT -j neutron-l3-agent-OUTPUT -A POSTROUTING -j neutron-l3-agent-POSTROUTING -A POSTROUTING -j neutron-postrouting-bottom -A neutron-l3-agent-OUTPUT -d 7.7.7.223/32 -j DNAT --to-destination 10.1.1.4 -A neutron-l3-agent-OUTPUT -d 7.7.7.221/32 -j DNAT --to-destination 10.1.2.3 -A neutron-l3-agent-OUTPUT -d 7.7.7.222/32 -j DNAT --to-destination 10.1.2.4 -A neutron-l3-agent-POSTROUTING ! -i qg-58dbc3a3-78 ! -o qg-58dbc3a3-78 -m conntrack ! --ctstate DNAT -j ACCEPT -A neutron-l3-agent-PREROUTING -d 7.7.7.223/32 -j DNAT --to-destination 10.1.1.4 -A neutron-l3-agent-PREROUTING -d 7.7.7.221/32 -j DNAT --to-destination 10.1.2.3 -A neutron-l3-agent-PREROUTING -d 7.7.7.222/32 -j DNAT --to-destination 10.1.2.4 -A neutron-l3-agent-float-snat -s 10.1.1.4/32 -j SNAT --to-source 7.7.7.223 -A neutron-l3-agent-float-snat -s 10.1.2.3/32 -j SNAT --to-source 7.7.7.221 -A neutron-l3-agent-float-snat -s 10.1.2.4/32 -j SNAT --to-source 7.7.7.222 -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat -A neutron-l3-agent-snat -s 10.1.2.0/24 -j SNAT --to-source 7.7.7.220 -A neutron-l3-agent-snat -s 10.1.1.0/24 -j SNAT --to-source 7.7.7.220 -A neutron-postrouting-bottom -j neutron-l3-agent-snat

ping to vm fixed ip from qrouter : OK

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 10.1.1.4 PING 10.1.1.4 (10.1.1.4) 56(84) bytes of data. 64 bytes from 10.1.1.4: icmp_req=1 ttl=64 time=3.10 ms

--- 10.1.1.4 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.109/3.109/3.109/0.000 ms root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 10.1.1.5 PING 10.1.1.5 (10.1.1.5) 56(84) bytes of data. 64 bytes from 10.1.1.5: icmp_req=1 ttl=64 time=2.55 ms

--- 10.1.1.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.558/2.558/2.558/0.000 ms root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 10.1.2.3 PING 10.1.2.3 (10.1.2.3) 56(84) bytes of data. 64 bytes from 10.1.2.3: icmp_req=1 ttl=64 time=3.11 ms

--- 10.1.2.3 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 3.115/3.115/3.115/0.000 ms root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 10.1.2.4 PING 10.1.2.4 (10.1.2.4) 56(84) bytes of data. 64 bytes from 10.1.2.4: icmp_req=1 ttl=64 time=2.35 ms

--- 10.1.2.4 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.358/2.358/2.358/0.000 ms root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 10.1.2.5 PING 10.1.2.5 (10.1.2.5) 56(84) bytes of data. 64 bytes from 10.1.2.5: icmp_req=1 ttl=64 time=2.76 ms

--- 10.1.2.5 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 2.761/2.761/2.761/0.000 ms

ping to external gateway from qrouter : OK

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 7.7.7.2 PING 7.7.7.2 (7.7.7.2) 56(84) bytes of data. 64 bytes from 7.7.7.2: icmp_req=1 ttl=128 time=0.945 ms

--- 7.7.7.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.945/0.945/0.945/0.000 ms

ping to external URL from qrouter : OK

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 www.google.com PING www.google.com (173.194.127.82) 56(84) bytes of data. 64 bytes from hkg03s11-in-f18.1e100.net (173.194.127.82): icmp_req=1 ttl=128 time=112 ms

--- www.google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 112.185/112.185/112.185/0.000 ms

ping to router-gateway of qrouter from qrouter : OK

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 7.7.7.220 PING 7.7.7.220 (7.7.7.220) 56(84) bytes of data. 64 bytes from 7.7.7.220: icmp_req=1 ttl=64 time=0.104 ms

--- 7.7.7.220 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.104/0.104/0.104/0.000 ms

ping to floatingips from qrouter : FAIL

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 7.7.7.221 PING 7.7.7.221 (7.7.7.221) 56(84) bytes of data.

--- 7.7.7.221 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 7.7.7.222 PING 7.7.7.222 (7.7.7.222) 56(84) bytes of data.

--- 7.7.7.222 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ping -c1 7.7.7.223 PING 7.7.7.223 (7.7.7.223) 56(84) bytes of data.

--- 7.7.7.223 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms


# configurations : neutron.conf in controller

root@controller:~# cat /etc/neutron/neutron.conf [DEFAULT] debug = True state_path = /var/lib/neutron lock_path = $state_path/lock core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2

service_plugins = neutron.services.firewall.fwaas_plugin.FirewallPlugin

allow_overlapping_ips = True rabbit_host = controller rabbit_password = openstack notification_driver = neutron.openstack.common.notifier.rpc_notifier

[quotas]

[agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

[keystone_authtoken] auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = neutron admin_password = openstack signing_dir = $state_path/keystone-signing

[database] connection = mysql://neutron:openstack@controller:3306/neutron

[service_providers] service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default


# configurations : ovs_neutron_plugin.ini in controller

root@controller:~# cat /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini [ovs] tenant_network_type = gre tunnel_id_ranges = 1:1000 integration_bridge = br-int tunnel_bridge = br-tun

local_ip = 10.1.0.101

enable_tunneling = True

[database] connection = mysql://neutron:openstack@controller:3306/neutron

[agent]

[securitygroup] firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver


# configurations : neutron.conf in network node

root@network:~# cat /etc/neutron/neutron.conf [DEFAULT] state_path = /var/lib/neutron lock_path = $state_path/lock core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2

service_plugins = neutron.services.firewall.fwaas_plugin.FirewallPlugin

service_plugins = neutron.plugins.services.agent_loadbalancer.plugin.LoadBalancerPlugin

allow_overlapping_ips = True notification_driver = neutron.openstack.common.notifier.rpc_notifier rabbit_host = controller rabbit_password = openstack

[quotas]

[agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

[keystone_authtoken] auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = neutron admin_password = openstack signing_dir = $state_path/keystone-signing

[database] connection = mysql://neutron:openstack@controller/neutron

[service_providers] service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default


# configurations : ovs_neutron_plugin.ini in network node

root@network:~# cat /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini [ovs] tenant_network_type = gre tunnel_id_ranges = 1:1000 integration_bridge = br-int tunnel_bridge = br-tun local_ip = 10.0.0.12 enable_tunneling = True

[database] connection = mysql://neutron:openstack@controller:3306/neutron

[agent]

[securitygroup] firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver


# configurations : neutron.conf in compute node

oot@compute1:~# root@compute1:~# cat /etc/neutron/neutron.conf [DEFAULT] debug = True verbose = True state_path = /var/lib/neutron lock_path = $state_path/lock core_plugin = neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2 allow_overlapping_ips = True notification_driver = neutron.openstack.common.notifier.rpc_notifier rabbit_host = controller rabbit_password = openstack

[quotas]

[agent] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf

[keystone_authtoken] auth_host = controller auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = neutron admin_password = openstack signing_dir = $state_path/keystone-signing

[database] connection = mysql://neutron:openstack@controller/neutron

[service_providers] service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default


# configurations : ovs_neutron_plugin.ini in compute node

root@compute1:~# cat /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini [ovs] tenant_network_type = gre tunnel_id_ranges = 1:1000 integration_bridge = br-int tunnel_bridge = br-tun local_ip = 10.0.0.101 enable_tunneling = True

[database] connection = mysql://neutron:openstack@controller:3306/neutron

[agent]

[securitygroup]

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver


# tcpdump test


ping: controller(7.7.7.11) --> floating ip 7.7.7.221 : FAIL

root@controller:~# ping -I eth0 -c1 7.7.7.221 PING 7.7.7.221 (7.7.7.221) from 7.7.7.11 eth0: 56(84) bytes of data. From 7.7.7.221 icmp_seq=1 Destination Host Unreachable

--- 7.7.7.221 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 tcpdump -i any -n -v 'icmp[icmptype] = icmp-echoreply or icmp[icmptype] = icmp-echo' tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes ^C05:02:08.788818 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 7.7.7.11 > 7.7.7.221: ICMP echo request, id 19627, seq 1, length 64

1 packet captured 1 packet received by filter 0 packets dropped by kernel


ping: VM(fixed ip: 10.1.1.4) --> floating ip 7.7.7.221 : FAIL

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 ssh cirros@10.1.1.4 cirros@10.1.1.4's password: $ ping -c1 7.7.7.221 PING 7.7.7.221 (7.7.7.221): 56 data bytes

--- 7.7.7.221 ping statistics --- 1 packets transmitted, 0 packets received, 100% packet loss

root@network:~# ip netns exec qrouter-8a2ad1d5-24e4-4adb-bc5f-b59d0d5a0701 tcpdump -i any -n -v 'icmp[icmptype] = icmp-echoreply or icmp[icmptype] = icmp-echo' tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes ^C05:06:42.821897 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84) 10.1.1.4 > 7.7.7.221: ICMP echo request, id 26369, seq 0, length 64

1 packet captured 1 packet received by filter 0 packets dropped by kernelhttps://drive.google.com/file/d/0B48UxR5ZbMGhZk1CZzdyOF9GRms/edit?usp=sharing

In havana-3, cannot ssh or ping to floating ips

In my test env, I cannot ping or ssh to floating IPs. There is no warning or errors on log files and the other operations are working well.well. when I tested neutron grizzly version, there was no problem accessing floating IPs.

I can ssh to VMs thru ip netns exec qrouter-xxx ssh cirros@floatingip or VNC and also can ping to google.com from VMs. VMs.

However In a VM, I cannot ping to VM's floating IPs assigned to VM itself or any other floating IPs

and from the server(eg. from controller node), I cannot ping or ssh to floating IPs which assigned to VMs.

my env: - host machine : mac - servers: ubuntu server 12.04 vms on vmware fusion - configuration: controller node1, compute node2, network node1

please, check my settings and test result as following url:

https://drive.google.com/file/d/0B48UxR5ZbMGhZk1CZzdyOF9GRms/edit?usp=sharing

In havana-3, cannot ssh or ping to floating ips

In my test env, I cannot ping or ssh to floating IPs. I cannot ping or ssh to floating IPs.

There is no warning or errors on log files and the other operations are working well. when I tested neutron grizzly version, there was no problem accessing floating IPs.

well.

  • I can ssh to VMs thru ip netns exec qrouter-xxx ssh cirros@floatingip or VNC and also can ping to google.com from VMs.

  • However In a VM, I cannot ping to VM's floating IPs assigned to VM itself or any other floating IPs

  • and from the server(eg. from controller node),

  • I cannot ping or ssh to floating IPs which assigned to VMs.


my env: - env

  • host machine : mac - mac
  • servers: ubuntu server 12.04 vms on vmware fusion - fusion
  • configuration: controller node1, compute node2, network node1


please, check my settings and test result as following url:

https://drive.google.com/file/d/0B48UxR5ZbMGhZk1CZzdyOF9GRms/edit?usp=sharing

In havana-3, cannot ssh or ping to floating ips

In my test env, I cannot ping or ssh to floating IPs.

There is no warning or errors on log files and the other operations are working well.

  • I can ssh to VMs thru ip netns exec qrouter-xxx ssh cirros@floatingip or VNC and also can ping to google.com www.google.com from VMs.

  • However In a VM, I cannot ping to VM's floating IPs assigned to VM itself or any other floating IPs

  • and from the server(eg. from controller node),

  • I cannot ping or ssh to floating IPs which assigned to VMs.

my env

  • host machine : mac
  • servers: ubuntu server 12.04 vms on vmware fusion
  • configuration: controller node1, compute node2, network node1

please, check my settings and test result as following url:

https://drive.google.com/file/d/0B48UxR5ZbMGhZk1CZzdyOF9GRms/edit?usp=sharing

In havana-3, cannot ssh or ping to floating ips

In my test env, I cannot ping or ssh to floating IPs.

There is no warning or errors on log files and the other operations are working well.

  • I can ssh to VMs thru ip netns exec qrouter-xxx ssh cirros@floatingip or VNC and also can ping to www.google.com Google.com from VMs.

  • However In a VM, I cannot ping to VM's floating IPs assigned to VM itself or any other floating IPs

  • and from the server(eg. from controller node),

  • I cannot ping or ssh to floating IPs which assigned to VMs.

my env

  • host machine : mac
  • servers: ubuntu server 12.04 vms on vmware fusion
  • configuration: controller node1, compute node2, network node1

please, check my settings and test result as following url:

https://drive.google.com/file/d/0B48UxR5ZbMGhZk1CZzdyOF9GRms/edit?usp=sharing

In havana-3, cannot ssh or ping to floating ips

In my test env, I cannot ping or ssh to floating IPs.

There is no warning or errors on log files and the other operations are working well.

  • I can ssh to VMs thru ip netns exec qrouter-xxx ssh cirros@floatingip or VNC and also can ping to Google.com from VMs.

  • However In a VM, I cannot ping to VM's floating IPs assigned to VM itself or any other floating IPs

  • and from the server(eg. from controller node),

  • I cannot ping or ssh to floating IPs which assigned to VMs.

my env

  • host machine : mac
  • servers: ubuntu server 12.04 vms on vmware fusion
  • configuration: controller node1, compute node2, network node1

please, check my settings and test result as following url:

https://drive.google.com/file/d/0B48UxR5ZbMGhZk1CZzdyOF9GRms/edit?usp=sharingsetting & test results from google drive

In havana-3, cannot ssh or ping to floating ips

In my test env, I cannot ping or ssh to floating IPs.

There is no warning or errors on log files and the other operations are working well.

  • I can ssh to VMs thru ip netns exec qrouter-xxx ssh cirros@floatingip or VNC and also can ping to Google.com from VMs.

  • However In a VM, I cannot ping to VM's floating IPs assigned to VM itself or any other floating IPs

  • and from the server(eg. from controller node),

  • I cannot ping or ssh to floating IPs which assigned to VMs.

my env

  • host machine : mac
  • servers: ubuntu server 12.04 vms on vmware fusion
  • configuration: controller node1, compute node2, network node1

please, check my settings and test result as following url:

setting & and test results from google drive

In havana-3, cannot ssh or ping to floating ips

In my test env, I cannot ping or ssh to floating IPs.

There is no warning or errors on log files and the other operations are working well.

  • I can ssh to VMs thru ip netns exec qrouter-xxx ssh cirros@floatingip or VNC and also can ping to Google.com from VMs.

  • However In a VM, I cannot ping to VM's floating IPs assigned to VM itself or any other floating IPs

  • and from the server(eg. from controller node),

  • I cannot ping or ssh to floating IPs which assigned to VMs.

my env

  • host machine : mac
  • servers: ubuntu server 12.04 vms on vmware fusion
  • configuration: controller node1, compute node2, network node1

please, check my settings and test result as following my google drive url:

setting and test results from google drivehttps://drive.google.com/file/d/0B48UxR5ZbMGhZk1CZzdyOF9GRms/edit?usp=sharing

In havana-3, cannot ssh or ping to floating ips

In my test env, I cannot ping or ssh to floating IPs.

There is no warning or errors on log files and the other operations are working well.

  • I can ssh to VMs thru ip netns exec qrouter-xxx ssh cirros@floatingip cirros@fixed-ip or VNC and also can ping to Google.com from VMs.

  • However In a VM, I cannot ping to VM's floating IPs assigned to VM itself or any other floating IPs

  • and from the server(eg. from controller node),

  • I cannot ping or ssh to floating IPs which assigned to VMs.

my env

  • host machine : mac
  • servers: ubuntu server 12.04 vms on vmware fusion
  • configuration: controller node1, compute node2, network node1

please, check my settings and test result as following my google drive url:

https://drive.google.com/file/d/0B48UxR5ZbMGhZk1CZzdyOF9GRms/edit?usp=sharing

In havana-3, cannot ssh or ping to floating ips

In my test env, I cannot ping or ssh to floating IPs.

There My problem is no warning or errors on log files and the other operations are working well. :

  • I can ssh to VMs thru ip netns exec qrouter-xxx ssh cirros@fixed-ip or can connect thru VNC and also can ping to Google.com 8.8.8.8(or any site outside of my env) from VMs.

  • However In a VM, I cannot ping to VM's floating IPs assigned to VM itself or any other floating IPs

  • and from the server(eg. from controller node),

  • I cannot ping or ssh to floating IPs which assigned to VMs.

my env

  • host machine : mac
  • servers: ubuntu server 12.04 vms on vmware fusion
  • configuration: controller node1, compute node2, network node1
  • package: havana-3 (2013.2)

please, check my settings and test result as following my google drive url:

https://drive.google.com/file/d/0B48UxR5ZbMGhZk1CZzdyOF9GRms/edit?usp=sharinghttp://paste.openstack.org/show/54754/

In havana-3, cannot ssh or ping to floating ips

In my test env, I cannot ping or ssh to floating IPs.

My problem is :

  • I can ssh to VMs thru ip netns exec qrouter-xxx ssh cirros@fixed-ip or can connect thru VNC and also can ping to 8.8.8.8(or any site outside of my env) from VMs.

  • However In a VM, I cannot ping to VM's floating IPs assigned to VM itself or any other floating IPs

  • and from the server(eg. from controller node),

  • I cannot ping or ssh to floating IPs which assigned to VMs.

my env

  • host machine : mac
  • servers: ubuntu server 12.04 vms on vmware fusion
  • configuration: controller node1, compute node2, network node1
  • package: havana-3 (2013.2)

please, check my settings and test result as following my google drive url:

http://paste.openstack.org/show/54754/