Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

can't access instance floating IP

I installed Kilo Openstack/devstack with everything on a single node on ubuntu 14.04. I created an instance, I can see it got both internal and external IPs assigned IP Addresses

Public172.24.4.5, 2001:db8::6 Private10.0.0.4, fd6d:9a49:de06:0:f816:3eff:feb5:1609

I added it to the default security group and edited the security group enabling icmp and ssh (port 22) ingress rules. Now can ping and ssh the instance internal IP 10.0.0.4.

However, I cannot ping or SSH the instance floating IP 172.24.4.5 from the compute node or any other machine on the network.
I can ping public network default gateway IP 172.24.4.1 and router external IP 172.24.4.2. However, ping to instance floating IP 172.24.4.5 does not work.

Looking at both public and private networks I see that both status is Active. All router interfaces are shown as Active as well.

Here is the output of commands from the compute node $ neutron router-list $ ip netns | grep router_id ( $ ip netns exec qrouter-router_id iptables -S -t nat $ ip netns exec qrouter-router_id ip a $ ip netns exec qrouter-router_id ifconfig

neutron router-list ea089823-0b25-42c8-ac30-d56ffa1ff2ac | router1 | {"network_id": "2863985b-f319-435e-8d0b-8f6647008711", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "a2bd8b63-7be5-43b5-9534-bd5e04a59734", "ip_address": "172.24.4.2"}, {"subnet_id": "c26dd6ba-6573-4c06-936e-00fe5c1d67bb", "ip_address": "2001:db8::3"}]} | False | False |

ip netns | grep ea089823-0b25-42c8-ac30-d56ffa1ff2ac qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac

sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac iptables -S -t nat

-P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -N neutron-l3-agent-OUTPUT -N neutron-l3-agent-POSTROUTING -N neutron-l3-agent-PREROUTING -N neutron-l3-agent-float-snat -N neutron-l3-agent-snat -N neutron-postrouting-bottom -A PREROUTING -j neutron-l3-agent-PREROUTING -A OUTPUT -j neutron-l3-agent-OUTPUT -A POSTROUTING -j neutron-l3-agent-POSTROUTING -A POSTROUTING -j neutron-postrouting-bottom -A neutron-l3-agent-POSTROUTING ! -i qg-43b82233-b7 ! -o qg-43b82233-b7 -m conntrack ! --ctstate DNAT -j ACCEPT -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697 -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat -A neutron-l3-agent-snat -o qg-43b82233-b7 -j SNAT --to-source 172.24.4.2 -A neutron-l3-agent-snat -m mark ! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source 172.24.4.2 -A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat

sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac ip a

1: lo: <loopback,up,lower_up> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 9: qr-db44c430-bc: <broadcast,up,lower_up> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:90:1b:f8 brd ff:ff:ff:ff:ff:ff inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-db44c430-bc valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe90:1bf8/64 scope link valid_lft forever preferred_lft forever 10: qg-43b82233-b7: <broadcast,up,lower_up> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:3e:bb:08 brd ff:ff:ff:ff:ff:ff inet 172.24.4.2/24 brd 172.24.4.255 scope global qg-43b82233-b7 valid_lft forever preferred_lft forever inet6 2001:db8::3/64 scope global valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe3e:bb08/64 scope link valid_lft forever preferred_lft forever 11: qr-a252a5a5-af: <broadcast,up,lower_up> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:f1:66:e4 brd ff:ff:ff:ff:ff:ff inet6 fd6d:9a49:de06::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fef1:66e4/64 scope link valid_lft forever preferred_lft forever

sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:560 (560.0 B) TX bytes:560 (560.0 B)

qg-43b82233-b7 Link encap:Ethernet HWaddr fa:16:3e:3e:bb:08 inet addr:172.24.4.2 Bcast:172.24.4.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe3e:bb08/64 Scope:Link inet6 addr: 2001:db8::3/64 Scope:Global UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:687 errors:0 dropped:0 overruns:0 frame:0 TX packets:460 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:60186 (60.1 KB) TX bytes:52156 (52.1 KB)

qr-a252a5a5-af Link encap:Ethernet HWaddr fa:16:3e:f1:66:e4 inet6 addr: fe80::f816:3eff:fef1:66e4/64 Scope:Link inet6 addr: fd6d:9a49:de06::1/64 Scope:Global UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:130 errors:0 dropped:0 overruns:0 frame:0 TX packets:12945 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:14529 (14.5 KB) TX bytes:1423886 (1.4 MB)

qr-db44c430-bc Link encap:Ethernet HWaddr fa:16:3e:90:1b:f8 inet addr:10.0.0.1 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::f816:3eff:fe90:1bf8/64 Scope:Link UP BROADCAST RUNNING MTU:1500 Metric:1 RX packets:13372 errors:0 dropped:0 overruns:0 frame:0 TX packets:542 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1477793 (1.4 MB) TX bytes:51232 (51.2 KB)

Appreciate your advice!