Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

cannot access VM from outside on its floating IP

Hello,

I have an openstack libery setup with TripleO. 1 controller node and 2 compute nodes. All nodes are virtual nodes on the same physical machine. I've created 2 instances with 1 private ip and 1 floating ip.

I can only access the instances from the controller node, under the router namespace only. I can't ping or ssh the instances from any other nodes. The instances can access themselves through both private and floating ips.

Any troubleshooting tips are appreciate. Thanks.

cannot access VM from outside on its floating IP

Hello,

I have an openstack libery setup with TripleO. 1 controller node and 2 compute nodes. All nodes are virtual nodes machines on the same physical machine. I've created 2 instances with 1 private ip and 1 floating ip.

I can only access the instances from the controller node, under the router namespace only. I can't ping or ssh the instances from any other nodes. The instances can access themselves through both private and floating ips.

Private network : 192.168.4.0/24 External network: 10.8.75.240/28

From controller node:

ip netns exec qrouter-67a8dcc6-a0d3-4df6-a40e-87aba61fb205 ping 192.168.4.4 PING 192.168.4.4 (192.168.4.4) 56(84) bytes of data. 64 bytes from 192.168.4.4: icmp_seq=1 ttl=64 time=3.65 ms

ip netns exec qrouter-67a8dcc6-a0d3-4df6-a40e-87aba61fb205 ping 10.8.75.247 PING 10.8.75.247 (10.8.75.247) 56(84) bytes of data. 64 bytes from 10.8.75.247: icmp_seq=1 ttl=64 time=3.46 ms

Any troubleshooting tips are appreciate. Thanks.

cannot access VM from outside on its floating IP

Hello,

I have an openstack libery setup with TripleO. 1 controller node and 2 compute nodes. All nodes are virtual machines on the same physical machine. I've created 2 instances with 1 private ip and 1 floating ip.

I can only access the instances from the controller node, under the router namespace only. I can't ping or ssh the instances from any other nodes. The instances can access themselves through both private and floating ips.

Private network : 192.168.4.0/24 External network: 10.8.75.240/28

From controller node:

ip netns exec qrouter-67a8dcc6-a0d3-4df6-a40e-87aba61fb205 ping 192.168.4.4 PING 192.168.4.4 (192.168.4.4) 56(84) bytes of data. 64 bytes from 192.168.4.4: icmp_seq=1 ttl=64 time=3.65 ms

ip netns exec qrouter-67a8dcc6-a0d3-4df6-a40e-87aba61fb205 ping 10.8.75.247 PING 10.8.75.247 (10.8.75.247) 56(84) bytes of data. 64 bytes from 10.8.75.247: icmp_seq=1 ttl=64 time=3.46 ms

neutron subnet-list|grep external | bca2cc80-ef46-4b29-909c-41d510549873 | external | 10.8.75.240/28 | {"start": "10.8.75.246", "end": "10.8.75.254"} |

neutron subnet-show bca2cc80-ef46-4b29-909c-41d510549873 +-------------------+------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------+ | allocation_pools | {"start": "10.8.75.246", "end": "10.8.75.254"} | | cidr | 10.8.75.240/28 | | dns_nameservers | | | enable_dhcp | False | | gateway_ip | 10.8.75.241 |

From the physical machine (10.8.75.241)

ping 10.8.75.247 PING 10.8.75.247 (10.8.75.247) 56(84) bytes of data. From 10.8.75.241 icmp_seq=1 Destination Host Unreachable

Any troubleshooting tips are appreciate. Thanks.

cannot access VM from outside on its floating IP

Hello,

I have an openstack libery setup with TripleO. 1 controller node and 2 compute nodes. All nodes are virtual machines on the same physical machine. I've created 2 instances with 1 private ip and 1 floating ip.

I can only access the instances from the controller node, under the router namespace only. I can't ping or ssh the instances from any other nodes. The instances can access themselves through both private and floating ips.

Private network : 192.168.4.0/24 External network: 10.8.75.240/28

From controller node:

ip netns exec qrouter-67a8dcc6-a0d3-4df6-a40e-87aba61fb205 ping 192.168.4.4 PING 192.168.4.4 (192.168.4.4) 56(84) bytes of data. 64 bytes from 192.168.4.4: icmp_seq=1 ttl=64 time=3.65 ms

ip netns exec qrouter-67a8dcc6-a0d3-4df6-a40e-87aba61fb205 ping 10.8.75.247 PING 10.8.75.247 (10.8.75.247) 56(84) bytes of data. 64 bytes from 10.8.75.247: icmp_seq=1 ttl=64 time=3.46 ms

neutron subnet-list|grep external external

| bca2cc80-ef46-4b29-909c-41d510549873 | external | 10.8.75.240/28 | {"start": "10.8.75.246", "end": "10.8.75.254"}   |

|

neutron subnet-show bca2cc80-ef46-4b29-909c-41d510549873 bca2cc80-ef46-4b29-909c-41d510549873

+-------------------+------------------------------------------------+
| Field             | Value                                          |
+-------------------+------------------------------------------------+
| allocation_pools  | {"start": "10.8.75.246", "end": "10.8.75.254"} |
| cidr              | 10.8.75.240/28                                 |
| dns_nameservers   |                                                |
| enable_dhcp       | False                                          |
| gateway_ip        | 10.8.75.241                                    |

|

From the physical machine (10.8.75.241)

ping 10.8.75.247 10.8.75.247

PING 10.8.75.247 (10.8.75.247) 56(84) bytes of data.
From 10.8.75.241 icmp_seq=1 Destination Host Unreachable

Unreachable

Any troubleshooting tips are appreciate. Thanks.

cannot access VM from outside on its floating IP

Hello,

I have an openstack libery setup with TripleO. 1 controller node and 2 compute nodes. All nodes are virtual machines on the same physical machine. I've created 2 instances with 1 private ip and 1 floating ip.

I can only access the instances from the controller node, under the router namespace only. I can't ping or ssh the instances from any other nodes. The instances can access themselves through both private and floating ips.

Private network : 192.168.4.0/24 External network: 10.8.75.240/28

From controller node:

ip netns exec qrouter-67a8dcc6-a0d3-4df6-a40e-87aba61fb205 ping 192.168.4.4 PING 192.168.4.4 (192.168.4.4) 56(84) bytes of data. 64 bytes from 192.168.4.4: icmp_seq=1 ttl=64 time=3.65 ms

ip netns exec qrouter-67a8dcc6-a0d3-4df6-a40e-87aba61fb205 ping 10.8.75.247 PING 10.8.75.247 (10.8.75.247) 56(84) bytes of data. 64 bytes from 10.8.75.247: icmp_seq=1 ttl=64 time=3.46 ms

neutron subnet-list|grep external

| bca2cc80-ef46-4b29-909c-41d510549873 | external | 10.8.75.240/28 | {"start": "10.8.75.246", "end": "10.8.75.254"}   |

neutron subnet-show bca2cc80-ef46-4b29-909c-41d510549873

+-------------------+------------------------------------------------+
| Field             | Value                                          |
+-------------------+------------------------------------------------+
| allocation_pools  | {"start": "10.8.75.246", "end": "10.8.75.254"} |
| cidr              | 10.8.75.240/28                                 |
| dns_nameservers   |                                                |
| enable_dhcp       | False                                          |
| gateway_ip        | 10.8.75.241                                    |

From the physical machine (10.8.75.241)

ping 10.8.75.247

PING 10.8.75.247 (10.8.75.247) 56(84) bytes of data.
From 10.8.75.241 icmp_seq=1 Destination Host Unreachable

Any troubleshooting tips are appreciate. Thanks.

LE: On controller node:

[root@overcloud-novacompute-0 ~]# ovs-vsctl show
c0454841-eeda-4086-9adc-22e8ce48088d
    Bridge br-int
        fail_mode: secure
        Port "qvoe11e3b99-b9"
            tag: 1
            Interface "qvoe11e3b99-b9"
        Port br-int
            Interface br-int
                type: internal
        Port "qvo8e0ffa18-c3"
            tag: 1
            Interface "qvo8e0ffa18-c3"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-c0000209"
            Interface "vxlan-c0000209"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.0.2.8", out_key=flow, remote_ip="192.0.2.9"}
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    ovs_version: "2.5.0"

cannot access VM from outside on its floating IP

Hello,

I have an openstack libery setup with TripleO. 1 controller node and 2 compute nodes. All nodes are virtual machines on the same physical machine. I've created 2 instances with 1 private ip and 1 floating ip.

I can only access the instances from the controller node, under the router namespace only. I can't ping or ssh the instances from any other nodes. The instances can access themselves through both private and floating ips.

Private network : 192.168.4.0/24 External network: 10.8.75.240/28

From controller node:

ip netns exec qrouter-67a8dcc6-a0d3-4df6-a40e-87aba61fb205 ping 192.168.4.4 PING 192.168.4.4 (192.168.4.4) 56(84) bytes of data. 64 bytes from 192.168.4.4: icmp_seq=1 ttl=64 time=3.65 ms

ip netns exec qrouter-67a8dcc6-a0d3-4df6-a40e-87aba61fb205 ping 10.8.75.247 PING 10.8.75.247 (10.8.75.247) 56(84) bytes of data. 64 bytes from 10.8.75.247: icmp_seq=1 ttl=64 time=3.46 ms

neutron subnet-list|grep external

| bca2cc80-ef46-4b29-909c-41d510549873 | external | 10.8.75.240/28 | {"start": "10.8.75.246", "end": "10.8.75.254"}   |

neutron subnet-show bca2cc80-ef46-4b29-909c-41d510549873

+-------------------+------------------------------------------------+
| Field             | Value                                          |
+-------------------+------------------------------------------------+
| allocation_pools  | {"start": "10.8.75.246", "end": "10.8.75.254"} |
| cidr              | 10.8.75.240/28                                 |
| dns_nameservers   |                                                |
| enable_dhcp       | False                                          |
| gateway_ip        | 10.8.75.241                                    |

From the physical machine (10.8.75.241)

ping 10.8.75.247

PING 10.8.75.247 (10.8.75.247) 56(84) bytes of data.
From 10.8.75.241 icmp_seq=1 Destination Host Unreachable

Any troubleshooting tips are appreciate. Thanks.

LE: On controller node:

[root@overcloud-novacompute-0 ~]# ovs-vsctl show
c0454841-eeda-4086-9adc-22e8ce48088d
    Bridge br-int
        fail_mode: secure
        Port "qvoe11e3b99-b9"
            tag: 1
            Interface "qvoe11e3b99-b9"
        Port br-int
            Interface br-int
                type: internal
        Port "qvo8e0ffa18-c3"
            tag: 1
            Interface "qvo8e0ffa18-c3"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-c0000209"
            Interface "vxlan-c0000209"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.0.2.8", out_key=flow, remote_ip="192.0.2.9"}
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    ovs_version: "2.5.0"

[root@overcloud-novacompute-0 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.8  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::263:36ff:fe53:bc12  prefixlen 64  scopeid 0x20<link>
        ether 00:63:36:53:bc:12  txqueuelen 1000  (Ethernet)
        RX packets 18535  bytes 4688952 (4.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11315  bytes 2393580 (2.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 2269  bytes 121889 (119.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2269  bytes 121889 (119.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbr8e0ffa18-c3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        ether 86:b8:c9:5f:ff:b0  txqueuelen 0  (Ethernet)
        RX packets 25  bytes 2404 (2.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbre11e3b99-b9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        ether 16:e0:18:94:e0:c8  txqueuelen 0  (Ethernet)
        RX packets 14  bytes 1448 (1.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvb8e0ffa18-c3: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::84b8:c9ff:fe5f:ffb0  prefixlen 64  scopeid 0x20<link>
        ether 86:b8:c9:5f:ff:b0  txqueuelen 1000  (Ethernet)
        RX packets 587  bytes 59387 (57.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 530  bytes 58047 (56.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvbe11e3b99-b9: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::14e0:18ff:fe94:e0c8  prefixlen 64  scopeid 0x20<link>
        ether 16:e0:18:94:e0:c8  txqueuelen 1000  (Ethernet)
        RX packets 129  bytes 14541 (14.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 182  bytes 17361 (16.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvo8e0ffa18-c3: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::e4b9:a9ff:fe38:b846  prefixlen 64  scopeid 0x20<link>
        ether e6:b9:a9:38:b8:46  txqueuelen 1000  (Ethernet)
        RX packets 530  bytes 58047 (56.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 587  bytes 59387 (57.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvoe11e3b99-b9: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::5850:43ff:fe29:2c6d  prefixlen 64  scopeid 0x20<link>
        ether 5a:50:43:29:2c:6d  txqueuelen 1000  (Ethernet)
        RX packets 182  bytes 17361 (16.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 129  bytes 14541 (14.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tap8e0ffa18-c3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        inet6 fe80::fc16:3eff:fedc:f16a  prefixlen 64  scopeid 0x20<link>
        ether fe:16:3e:dc:f1:6a  txqueuelen 500  (Ethernet)
        RX packets 525  bytes 57609 (56.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 578  bytes 58133 (56.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tape11e3b99-b9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        inet6 fe80::fc16:3eff:febb:d239  prefixlen 64  scopeid 0x20<link>
        ether fe:16:3e:bb:d2:39  txqueuelen 500  (Ethernet)
        RX packets 177  bytes 16923 (16.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 131  bytes 14721 (14.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

cannot access VM from outside on its floating IP

Hello,

I have an openstack libery setup with TripleO. 1 controller node and 2 compute nodes. All nodes are virtual machines on the same physical machine. I've created 2 instances with 1 private ip and 1 floating ip.

I can only access the instances from the controller node, under the router namespace only. I can't ping or ssh the instances from any other nodes. The instances can access themselves through both private and floating ips.

Private network : 192.168.4.0/24 External network: 10.8.75.240/28

From controller node:

ip netns exec qrouter-67a8dcc6-a0d3-4df6-a40e-87aba61fb205 ping 192.168.4.4 PING 192.168.4.4 (192.168.4.4) 56(84) bytes of data. 64 bytes from 192.168.4.4: icmp_seq=1 ttl=64 time=3.65 ms

ip netns exec qrouter-67a8dcc6-a0d3-4df6-a40e-87aba61fb205 ping 10.8.75.247 PING 10.8.75.247 (10.8.75.247) 56(84) bytes of data. 64 bytes from 10.8.75.247: icmp_seq=1 ttl=64 time=3.46 ms

neutron subnet-list|grep external

| bca2cc80-ef46-4b29-909c-41d510549873 | external | 10.8.75.240/28 | {"start": "10.8.75.246", "end": "10.8.75.254"}   |

neutron subnet-show bca2cc80-ef46-4b29-909c-41d510549873

+-------------------+------------------------------------------------+
| Field             | Value                                          |
+-------------------+------------------------------------------------+
| allocation_pools  | {"start": "10.8.75.246", "end": "10.8.75.254"} |
| cidr              | 10.8.75.240/28                                 |
| dns_nameservers   |                                                |
| enable_dhcp       | False                                          |
| gateway_ip        | 10.8.75.241                                    |

From the physical machine (10.8.75.241)

ping 10.8.75.247

PING 10.8.75.247 (10.8.75.247) 56(84) bytes of data.
From 10.8.75.241 icmp_seq=1 Destination Host Unreachable

Any troubleshooting tips are appreciate. Thanks.

LE: On controller node

[root@overcloud-controller-0 nova]# ovs-vsctl show
83bba490-eb01-48f3-986c-f99281c8f5fc
    Bridge br-int
        fail_mode: secure
        Port "qr-a37855c8-f5"
            tag: 2
            Interface "qr-a37855c8-f5"
                type: internal
        Port "tapa4537e80-19"
            tag: 2
            Interface "tapa4537e80-19"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "tap2fcd8b13-9c"
            tag: 1
            Interface "tap2fcd8b13-9c"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-ex
        Port "eth0"
            Interface "eth0"
        Port "qg-19c90a53-a9"
            Interface "qg-19c90a53-a9"
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-c0000208"
            Interface "vxlan-c0000208"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.0.2.9", out_key=flow, remote_ip="192.0.2.8"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    ovs_version: "2.5.0"

[root@overcloud-controller-0 nova]# ifconfig
br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.9  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::293:7cff:fedb:87ea  prefixlen 64  scopeid 0x20<link>
        ether 00:93:7c:db:87:ea  txqueuelen 0  (Ethernet)
        RX packets 200452  bytes 726858237 (693.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 361851  bytes 517205962 (493.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::293:7cff:fedb:87ea  prefixlen 64  scopeid 0x20<link>
        ether 00:93:7c:db:87:ea  txqueuelen 1000  (Ethernet)
        RX packets 200612  bytes 726977200 (693.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 362411  bytes 517274343 (493.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 4097031  bytes 1562000432 (1.4 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4097031  bytes 1562000432 (1.4 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

On compute node:

[root@overcloud-novacompute-0 ~]# ovs-vsctl show
c0454841-eeda-4086-9adc-22e8ce48088d
    Bridge br-int
        fail_mode: secure
        Port "qvoe11e3b99-b9"
            tag: 1
            Interface "qvoe11e3b99-b9"
        Port br-int
            Interface br-int
                type: internal
        Port "qvo8e0ffa18-c3"
            tag: 1
            Interface "qvo8e0ffa18-c3"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-c0000209"
            Interface "vxlan-c0000209"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.0.2.8", out_key=flow, remote_ip="192.0.2.9"}
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    ovs_version: "2.5.0"

[root@overcloud-novacompute-0 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.8  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::263:36ff:fe53:bc12  prefixlen 64  scopeid 0x20<link>
        ether 00:63:36:53:bc:12  txqueuelen 1000  (Ethernet)
        RX packets 18535  bytes 4688952 (4.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11315  bytes 2393580 (2.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 2269  bytes 121889 (119.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2269  bytes 121889 (119.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbr8e0ffa18-c3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        ether 86:b8:c9:5f:ff:b0  txqueuelen 0  (Ethernet)
        RX packets 25  bytes 2404 (2.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbre11e3b99-b9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        ether 16:e0:18:94:e0:c8  txqueuelen 0  (Ethernet)
        RX packets 14  bytes 1448 (1.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvb8e0ffa18-c3: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::84b8:c9ff:fe5f:ffb0  prefixlen 64  scopeid 0x20<link>
        ether 86:b8:c9:5f:ff:b0  txqueuelen 1000  (Ethernet)
        RX packets 587  bytes 59387 (57.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 530  bytes 58047 (56.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvbe11e3b99-b9: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::14e0:18ff:fe94:e0c8  prefixlen 64  scopeid 0x20<link>
        ether 16:e0:18:94:e0:c8  txqueuelen 1000  (Ethernet)
        RX packets 129  bytes 14541 (14.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 182  bytes 17361 (16.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvo8e0ffa18-c3: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::e4b9:a9ff:fe38:b846  prefixlen 64  scopeid 0x20<link>
        ether e6:b9:a9:38:b8:46  txqueuelen 1000  (Ethernet)
        RX packets 530  bytes 58047 (56.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 587  bytes 59387 (57.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvoe11e3b99-b9: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::5850:43ff:fe29:2c6d  prefixlen 64  scopeid 0x20<link>
        ether 5a:50:43:29:2c:6d  txqueuelen 1000  (Ethernet)
        RX packets 182  bytes 17361 (16.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 129  bytes 14541 (14.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tap8e0ffa18-c3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        inet6 fe80::fc16:3eff:fedc:f16a  prefixlen 64  scopeid 0x20<link>
        ether fe:16:3e:dc:f1:6a  txqueuelen 500  (Ethernet)
        RX packets 525  bytes 57609 (56.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 578  bytes 58133 (56.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tape11e3b99-b9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        inet6 fe80::fc16:3eff:febb:d239  prefixlen 64  scopeid 0x20<link>
        ether fe:16:3e:bb:d2:39  txqueuelen 500  (Ethernet)
        RX packets 177  bytes 16923 (16.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 131  bytes 14721 (14.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

cannot access VM from outside on its floating IP

Hello,

I have an openstack libery setup with TripleO. 1 controller node and 2 compute nodes. All nodes are virtual machines on the same physical machine. I've created 2 instances with 1 private ip and 1 floating ip.

I can only access the instances from the controller node, under the router namespace only. I can't ping or ssh the instances from any other nodes. The instances can access themselves through both private and floating ips.

Private network : 192.168.4.0/24 192.168.100.0/24 External network: 10.8.75.240/2810.8.75.0/24

From controller node:

ip netns exec qrouter-67a8dcc6-a0d3-4df6-a40e-87aba61fb205 qrouter-0f8a41e1-a8b9-4f2f-bb49-9168cec658eb ping 192.168.4.4 192.168.100.4 PING 192.168.4.4 (192.168.4.4) 192.168.100.4 (192.168.100.4) 56(84) bytes of data. 64 bytes from 192.168.4.4: 192.168.100.4: icmp_seq=1 ttl=64 time=3.65 ms

ip netns exec qrouter-67a8dcc6-a0d3-4df6-a40e-87aba61fb205 qrouter-0f8a41e1-a8b9-4f2f-bb49-9168cec658eb ping 10.8.75.247 10.8.75.243 PING 10.8.75.247 (10.8.75.247) 10.8.75.243 (10.8.75.243) 56(84) bytes of data. 64 bytes from 10.8.75.247: 10.8.75.243: icmp_seq=1 ttl=64 time=3.46 ms

neutron subnet-list|grep external

| bca2cc80-ef46-4b29-909c-41d510549873 35d6eb89-51b3-4de8-bbda-cd22db0855e7 | external | 10.8.75.240/28 10.8.75.0/24     | {"start": "10.8.75.246", "10.8.75.241", "end": "10.8.75.254"}    |

neutron subnet-show bca2cc80-ef46-4b29-909c-41d51054987335d6eb89-51b3-4de8-bbda-cd22db0855e7

+-------------------+------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------+ | allocation_pools | {"start": "10.8.75.246", "10.8.75.241", "end": "10.8.75.254"} | | cidr | 10.8.75.240/28 10.8.75.0/24 | | dns_nameservers | 192.168.88.15 | | enable_dhcp | False True | | gateway_ip | 10.8.75.241 10.8.75.1 |

| host_routes | |

From the physical machine (10.8.75.241)(10.8.75.52)

ping 10.8.75.24710.8.75.243

PING 10.8.75.247 (10.8.75.247) 10.8.75.243 (10.8.75.243) 56(84) bytes of data.
From 10.8.75.241 10.8.75.52 icmp_seq=1 Destination Host Unreachable

Any troubleshooting tips are appreciate. Thanks.

LE: On controller node

[root@overcloud-controller-0 nova]# ovs-vsctl show
83bba490-eb01-48f3-986c-f99281c8f5fc
    Bridge br-int
        fail_mode: secure
        Port "qr-a37855c8-f5"
            tag: 2
            Interface "qr-a37855c8-f5"
                type: internal
        Port "tapa4537e80-19"
            tag: 2
            Interface "tapa4537e80-19"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "tap2fcd8b13-9c"
            tag: 1
            Interface "tap2fcd8b13-9c"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-ex
        Port "eth0"
            Interface "eth0"
        Port "qg-19c90a53-a9"
            Interface "qg-19c90a53-a9"
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-c0000208"
            Interface "vxlan-c0000208"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.0.2.9", out_key=flow, remote_ip="192.0.2.8"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    ovs_version: "2.5.0"

[root@overcloud-controller-0 nova]# ifconfig
br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.9  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::293:7cff:fedb:87ea  prefixlen 64  scopeid 0x20<link>
        ether 00:93:7c:db:87:ea  txqueuelen 0  (Ethernet)
        RX packets 200452  bytes 726858237 (693.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 361851  bytes 517205962 (493.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::293:7cff:fedb:87ea  prefixlen 64  scopeid 0x20<link>
        ether 00:93:7c:db:87:ea  txqueuelen 1000  (Ethernet)
        RX packets 200612  bytes 726977200 (693.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 362411  bytes 517274343 (493.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 4097031  bytes 1562000432 (1.4 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4097031  bytes 1562000432 (1.4 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@overcloud-controller-0 nova]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 br-ex
169.254.169.254 192.0.2.1       255.255.255.255 UGH   0      0        0 br-ex
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 br-ex

On compute node:

[root@overcloud-novacompute-0 ~]# ovs-vsctl show
c0454841-eeda-4086-9adc-22e8ce48088d
    Bridge br-int
        fail_mode: secure
        Port "qvoe11e3b99-b9"
            tag: 1
            Interface "qvoe11e3b99-b9"
        Port br-int
            Interface br-int
                type: internal
        Port "qvo8e0ffa18-c3"
            tag: 1
            Interface "qvo8e0ffa18-c3"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-c0000209"
            Interface "vxlan-c0000209"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.0.2.8", out_key=flow, remote_ip="192.0.2.9"}
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    ovs_version: "2.5.0"

[root@overcloud-novacompute-0 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.8  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::263:36ff:fe53:bc12  prefixlen 64  scopeid 0x20<link>
        ether 00:63:36:53:bc:12  txqueuelen 1000  (Ethernet)
        RX packets 18535  bytes 4688952 (4.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11315  bytes 2393580 (2.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 2269  bytes 121889 (119.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2269  bytes 121889 (119.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbr8e0ffa18-c3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        ether 86:b8:c9:5f:ff:b0  txqueuelen 0  (Ethernet)
        RX packets 25  bytes 2404 (2.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbre11e3b99-b9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        ether 16:e0:18:94:e0:c8  txqueuelen 0  (Ethernet)
        RX packets 14  bytes 1448 (1.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvb8e0ffa18-c3: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::84b8:c9ff:fe5f:ffb0  prefixlen 64  scopeid 0x20<link>
        ether 86:b8:c9:5f:ff:b0  txqueuelen 1000  (Ethernet)
        RX packets 587  bytes 59387 (57.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 530  bytes 58047 (56.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvbe11e3b99-b9: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::14e0:18ff:fe94:e0c8  prefixlen 64  scopeid 0x20<link>
        ether 16:e0:18:94:e0:c8  txqueuelen 1000  (Ethernet)
        RX packets 129  bytes 14541 (14.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 182  bytes 17361 (16.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvo8e0ffa18-c3: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::e4b9:a9ff:fe38:b846  prefixlen 64  scopeid 0x20<link>
        ether e6:b9:a9:38:b8:46  txqueuelen 1000  (Ethernet)
        RX packets 530  bytes 58047 (56.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 587  bytes 59387 (57.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvoe11e3b99-b9: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::5850:43ff:fe29:2c6d  prefixlen 64  scopeid 0x20<link>
        ether 5a:50:43:29:2c:6d  txqueuelen 1000  (Ethernet)
        RX packets 182  bytes 17361 (16.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 129  bytes 14541 (14.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tap8e0ffa18-c3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        inet6 fe80::fc16:3eff:fedc:f16a  prefixlen 64  scopeid 0x20<link>
        ether fe:16:3e:dc:f1:6a  txqueuelen 500  (Ethernet)
        RX packets 525  bytes 57609 (56.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 578  bytes 58133 (56.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tape11e3b99-b9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        inet6 fe80::fc16:3eff:febb:d239  prefixlen 64  scopeid 0x20<link>
        ether fe:16:3e:bb:d2:39  txqueuelen 500  (Ethernet)
        RX packets 177  bytes 16923 (16.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 131  bytes 14721 (14.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

On undercloud:

[stack@instack ~]$ ifconfig
br-ctlplane: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.1  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::24e:7cff:fe9a:e17  prefixlen 64  scopeid 0x20<link>
        ether 00:4e:7c:9a:0e:17  txqueuelen 0  (Ethernet)
        RX packets 882595  bytes 80549734 (76.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2874962  bytes 12146077372 (11.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.146  netmask 255.255.255.0  broadcast 192.168.122.255
        inet6 fe80::5054:ff:fec4:d150  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:c4:d1:50  txqueuelen 1000  (Ethernet)
        RX packets 1223785  bytes 1630072288 (1.5 GiB)
        RX errors 0  dropped 3  overruns 0  frame 0
        TX packets 607572  bytes 57149783 (54.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::24e:7cff:fe9a:e17  prefixlen 64  scopeid 0x20<link>
        ether 00:4e:7c:9a:0e:17  txqueuelen 1000  (Ethernet)
        RX packets 882863  bytes 80567426 (76.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2874998  bytes 12146087200 (11.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 3402131  bytes 12662871059 (11.7 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3402131  bytes 12662871059 (11.7 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[stack@instack ~]$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.122.1   0.0.0.0         UG    0      0        0 eth0
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 br-ctlplane
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0

cannot access VM from outside on its floating IP

Hello,

I have an openstack libery setup with TripleO. 1 controller node and 2 compute nodes. All nodes are virtual machines on the same physical machine. I've created 2 instances with 1 private ip and 1 floating ip.

I can only access the instances from the controller node, under the router namespace only. I can't ping or ssh the instances from any other nodes. The instances can access themselves through both private and floating ips.

Private network : 192.168.100.0/24 External network: 10.8.75.0/24

From controller node:

ip netns exec qrouter-0f8a41e1-a8b9-4f2f-bb49-9168cec658eb ping 192.168.100.4
PING 192.168.100.4 (192.168.100.4) 56(84) bytes of data.
64 bytes from 192.168.100.4: icmp_seq=1 ttl=64 time=3.65 ms

ms ip netns exec qrouter-0f8a41e1-a8b9-4f2f-bb49-9168cec658eb ping 10.8.75.243 PING 10.8.75.243 (10.8.75.243) 56(84) bytes of data. 64 bytes from 10.8.75.243: icmp_seq=1 ttl=64 time=3.46 ms

ms neutron subnet-list|grep external

external

    | 35d6eb89-51b3-4de8-bbda-cd22db0855e7 | external | 10.8.75.0/24     | {"start": "10.8.75.241", "end": "10.8.75.254"}       |

neutron subnet-show 35d6eb89-51b3-4de8-bbda-cd22db0855e7

35d6eb89-51b3-4de8-bbda-cd22db0855e7 +-------------------+------------------------------------------------+ | Field | Value | +-------------------+------------------------------------------------+ | allocation_pools | {"start": "10.8.75.241", "end": "10.8.75.254"} | | cidr | 10.8.75.0/24 | | dns_nameservers | 192.168.88.15 | | enable_dhcp | True | | gateway_ip | 10.8.75.1 | | host_routes | |

|

From the physical machine (10.8.75.52)

ping 10.8.75.243

ping 10.8.75.243

    PING 10.8.75.243 (10.8.75.243) 56(84) bytes of data.
 From 10.8.75.52 icmp_seq=1 Destination Host Unreachable

Any troubleshooting tips are appreciate. Thanks.

LE: On controller node

[root@overcloud-controller-0 nova]# ovs-vsctl show
83bba490-eb01-48f3-986c-f99281c8f5fc
    Bridge br-int
        fail_mode: secure
        Port "qr-a37855c8-f5"
            tag: 2
            Interface "qr-a37855c8-f5"
                type: internal
        Port "tapa4537e80-19"
            tag: 2
            Interface "tapa4537e80-19"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "tap2fcd8b13-9c"
            tag: 1
            Interface "tap2fcd8b13-9c"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-ex
        Port "eth0"
            Interface "eth0"
        Port "qg-19c90a53-a9"
            Interface "qg-19c90a53-a9"
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-c0000208"
            Interface "vxlan-c0000208"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.0.2.9", out_key=flow, remote_ip="192.0.2.8"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    ovs_version: "2.5.0"

[root@overcloud-controller-0 nova]# ifconfig
br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.9  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::293:7cff:fedb:87ea  prefixlen 64  scopeid 0x20<link>
        ether 00:93:7c:db:87:ea  txqueuelen 0  (Ethernet)
        RX packets 200452  bytes 726858237 (693.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 361851  bytes 517205962 (493.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::293:7cff:fedb:87ea  prefixlen 64  scopeid 0x20<link>
        ether 00:93:7c:db:87:ea  txqueuelen 1000  (Ethernet)
        RX packets 200612  bytes 726977200 (693.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 362411  bytes 517274343 (493.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 4097031  bytes 1562000432 (1.4 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4097031  bytes 1562000432 (1.4 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@overcloud-controller-0 nova]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 br-ex
169.254.169.254 192.0.2.1       255.255.255.255 UGH   0      0        0 br-ex
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 br-ex

On compute node:

[root@overcloud-novacompute-0 ~]# ovs-vsctl show
c0454841-eeda-4086-9adc-22e8ce48088d
    Bridge br-int
        fail_mode: secure
        Port "qvoe11e3b99-b9"
            tag: 1
            Interface "qvoe11e3b99-b9"
        Port br-int
            Interface br-int
                type: internal
        Port "qvo8e0ffa18-c3"
            tag: 1
            Interface "qvo8e0ffa18-c3"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-c0000209"
            Interface "vxlan-c0000209"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.0.2.8", out_key=flow, remote_ip="192.0.2.9"}
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    ovs_version: "2.5.0"

[root@overcloud-novacompute-0 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.8  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::263:36ff:fe53:bc12  prefixlen 64  scopeid 0x20<link>
        ether 00:63:36:53:bc:12  txqueuelen 1000  (Ethernet)
        RX packets 18535  bytes 4688952 (4.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11315  bytes 2393580 (2.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 2269  bytes 121889 (119.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2269  bytes 121889 (119.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbr8e0ffa18-c3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        ether 86:b8:c9:5f:ff:b0  txqueuelen 0  (Ethernet)
        RX packets 25  bytes 2404 (2.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbre11e3b99-b9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        ether 16:e0:18:94:e0:c8  txqueuelen 0  (Ethernet)
        RX packets 14  bytes 1448 (1.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvb8e0ffa18-c3: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::84b8:c9ff:fe5f:ffb0  prefixlen 64  scopeid 0x20<link>
        ether 86:b8:c9:5f:ff:b0  txqueuelen 1000  (Ethernet)
        RX packets 587  bytes 59387 (57.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 530  bytes 58047 (56.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvbe11e3b99-b9: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::14e0:18ff:fe94:e0c8  prefixlen 64  scopeid 0x20<link>
        ether 16:e0:18:94:e0:c8  txqueuelen 1000  (Ethernet)
        RX packets 129  bytes 14541 (14.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 182  bytes 17361 (16.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvo8e0ffa18-c3: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::e4b9:a9ff:fe38:b846  prefixlen 64  scopeid 0x20<link>
        ether e6:b9:a9:38:b8:46  txqueuelen 1000  (Ethernet)
        RX packets 530  bytes 58047 (56.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 587  bytes 59387 (57.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvoe11e3b99-b9: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::5850:43ff:fe29:2c6d  prefixlen 64  scopeid 0x20<link>
        ether 5a:50:43:29:2c:6d  txqueuelen 1000  (Ethernet)
        RX packets 182  bytes 17361 (16.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 129  bytes 14541 (14.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tap8e0ffa18-c3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        inet6 fe80::fc16:3eff:fedc:f16a  prefixlen 64  scopeid 0x20<link>
        ether fe:16:3e:dc:f1:6a  txqueuelen 500  (Ethernet)
        RX packets 525  bytes 57609 (56.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 578  bytes 58133 (56.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tape11e3b99-b9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        inet6 fe80::fc16:3eff:febb:d239  prefixlen 64  scopeid 0x20<link>
        ether fe:16:3e:bb:d2:39  txqueuelen 500  (Ethernet)
        RX packets 177  bytes 16923 (16.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 131  bytes 14721 (14.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

On undercloud:

[stack@instack ~]$ ifconfig
br-ctlplane: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.1  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::24e:7cff:fe9a:e17  prefixlen 64  scopeid 0x20<link>
        ether 00:4e:7c:9a:0e:17  txqueuelen 0  (Ethernet)
        RX packets 882595  bytes 80549734 (76.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2874962  bytes 12146077372 (11.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.146  netmask 255.255.255.0  broadcast 192.168.122.255
        inet6 fe80::5054:ff:fec4:d150  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:c4:d1:50  txqueuelen 1000  (Ethernet)
        RX packets 1223785  bytes 1630072288 (1.5 GiB)
        RX errors 0  dropped 3  overruns 0  frame 0
        TX packets 607572  bytes 57149783 (54.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::24e:7cff:fe9a:e17  prefixlen 64  scopeid 0x20<link>
        ether 00:4e:7c:9a:0e:17  txqueuelen 1000  (Ethernet)
        RX packets 882863  bytes 80567426 (76.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2874998  bytes 12146087200 (11.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 3402131  bytes 12662871059 (11.7 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3402131  bytes 12662871059 (11.7 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[stack@instack ~]$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.122.1   0.0.0.0         UG    0      0        0 eth0
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 br-ctlplane
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0

cannot access VM from outside on its floating IP

Hello,

I have an openstack libery setup with TripleO. 1 controller node and 2 compute nodes. All nodes are virtual machines on the same physical machine. I've created 2 instances with 1 private ip and 1 floating ip.

I can only access the instances from the controller node, under the router namespace only. I can't ping or ssh the instances from any other nodes. The instances can access themselves through both private and floating ips.

Private network : 192.168.100.0/24 External network: 10.8.75.0/24

From controller node:

ip netns exec qrouter-0f8a41e1-a8b9-4f2f-bb49-9168cec658eb ping 192.168.100.4
PING 192.168.100.4 (192.168.100.4) 56(84) bytes of data.
64 bytes from 192.168.100.4: icmp_seq=1 ttl=64 time=3.65 ms

ip netns exec qrouter-0f8a41e1-a8b9-4f2f-bb49-9168cec658eb ping 10.8.75.243
PING 10.8.75.243 (10.8.75.243) 56(84) bytes of data.
64 bytes from 10.8.75.243: icmp_seq=1 ttl=64 time=3.46 ms

neutron subnet-list|grep external

    | 35d6eb89-51b3-4de8-bbda-cd22db0855e7 | external | 10.8.75.0/24     | {"start": "10.8.75.241", "end": "10.8.75.254"}       |

neutron subnet-show 35d6eb89-51b3-4de8-bbda-cd22db0855e7

+-------------------+------------------------------------------------+
| Field             | Value                                          |
+-------------------+------------------------------------------------+
| allocation_pools  | {"start": "10.8.75.241", "end": "10.8.75.254"} |
| cidr              | 10.8.75.0/24                                   |
| dns_nameservers   | 192.168.88.15                                  |
| enable_dhcp       | True                                           |
| gateway_ip        | 10.8.75.1                                      |
| host_routes       |                                                |

From the physical machine (10.8.75.52)

ping 10.8.75.243

    PING 10.8.75.243 (10.8.75.243) 56(84) bytes of data.
    From 10.8.75.52 icmp_seq=1 Destination Host Unreachable

Any troubleshooting tips are appreciate. Thanks.

LE: On controller node

[root@overcloud-controller-0 nova]# ovs-vsctl show
83bba490-eb01-48f3-986c-f99281c8f5fc
    Bridge br-int
        fail_mode: secure
        Port "qr-a37855c8-f5"
            tag: 2
            Interface "qr-a37855c8-f5"
                type: internal
        Port "tapa4537e80-19"
            tag: 2
            Interface "tapa4537e80-19"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "tap2fcd8b13-9c"
            tag: 1
            Interface "tap2fcd8b13-9c"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-ex
        Port "eth0"
            Interface "eth0"
        Port "qg-19c90a53-a9"
            Interface "qg-19c90a53-a9"
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-c0000208"
            Interface "vxlan-c0000208"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.0.2.9", out_key=flow, remote_ip="192.0.2.8"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    ovs_version: "2.5.0"

[root@overcloud-controller-0 nova]# ifconfig
br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.9  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::293:7cff:fedb:87ea  prefixlen 64  scopeid 0x20<link>
        ether 00:93:7c:db:87:ea  txqueuelen 0  (Ethernet)
        RX packets 200452  bytes 726858237 (693.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 361851  bytes 517205962 (493.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::293:7cff:fedb:87ea  prefixlen 64  scopeid 0x20<link>
        ether 00:93:7c:db:87:ea  txqueuelen 1000  (Ethernet)
        RX packets 200612  bytes 726977200 (693.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 362411  bytes 517274343 (493.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 4097031  bytes 1562000432 (1.4 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4097031  bytes 1562000432 (1.4 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@overcloud-controller-0 nova]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 br-ex
169.254.169.254 192.0.2.1       255.255.255.255 UGH   0      0        0 br-ex
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 br-ex

On compute node:

[root@overcloud-novacompute-0 ~]# ovs-vsctl show
c0454841-eeda-4086-9adc-22e8ce48088d
    Bridge br-int
        fail_mode: secure
        Port "qvoe11e3b99-b9"
            tag: 1
            Interface "qvoe11e3b99-b9"
        Port br-int
            Interface br-int
                type: internal
        Port "qvo8e0ffa18-c3"
            tag: 1
            Interface "qvo8e0ffa18-c3"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-c0000209"
            Interface "vxlan-c0000209"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.0.2.8", out_key=flow, remote_ip="192.0.2.9"}
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    ovs_version: "2.5.0"

[root@overcloud-novacompute-0 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.8  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::263:36ff:fe53:bc12  prefixlen 64  scopeid 0x20<link>
        ether 00:63:36:53:bc:12  txqueuelen 1000  (Ethernet)
        RX packets 18535  bytes 4688952 (4.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11315  bytes 2393580 (2.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 2269  bytes 121889 (119.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2269  bytes 121889 (119.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbr8e0ffa18-c3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        ether 86:b8:c9:5f:ff:b0  txqueuelen 0  (Ethernet)
        RX packets 25  bytes 2404 (2.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbre11e3b99-b9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        ether 16:e0:18:94:e0:c8  txqueuelen 0  (Ethernet)
        RX packets 14  bytes 1448 (1.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvb8e0ffa18-c3: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::84b8:c9ff:fe5f:ffb0  prefixlen 64  scopeid 0x20<link>
        ether 86:b8:c9:5f:ff:b0  txqueuelen 1000  (Ethernet)
        RX packets 587  bytes 59387 (57.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 530  bytes 58047 (56.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvbe11e3b99-b9: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::14e0:18ff:fe94:e0c8  prefixlen 64  scopeid 0x20<link>
        ether 16:e0:18:94:e0:c8  txqueuelen 1000  (Ethernet)
        RX packets 129  bytes 14541 (14.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 182  bytes 17361 (16.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvo8e0ffa18-c3: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::e4b9:a9ff:fe38:b846  prefixlen 64  scopeid 0x20<link>
        ether e6:b9:a9:38:b8:46  txqueuelen 1000  (Ethernet)
        RX packets 530  bytes 58047 (56.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 587  bytes 59387 (57.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvoe11e3b99-b9: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::5850:43ff:fe29:2c6d  prefixlen 64  scopeid 0x20<link>
        ether 5a:50:43:29:2c:6d  txqueuelen 1000  (Ethernet)
        RX packets 182  bytes 17361 (16.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 129  bytes 14541 (14.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tap8e0ffa18-c3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        inet6 fe80::fc16:3eff:fedc:f16a  prefixlen 64  scopeid 0x20<link>
        ether fe:16:3e:dc:f1:6a  txqueuelen 500  (Ethernet)
        RX packets 525  bytes 57609 (56.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 578  bytes 58133 (56.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tape11e3b99-b9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        inet6 fe80::fc16:3eff:febb:d239  prefixlen 64  scopeid 0x20<link>
        ether fe:16:3e:bb:d2:39  txqueuelen 500  (Ethernet)
        RX packets 177  bytes 16923 (16.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 131  bytes 14721 (14.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

On undercloud:

[stack@instack ~]$ ifconfig
br-ctlplane: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.1  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::24e:7cff:fe9a:e17  prefixlen 64  scopeid 0x20<link>
        ether 00:4e:7c:9a:0e:17  txqueuelen 0  (Ethernet)
        RX packets 882595  bytes 80549734 (76.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2874962  bytes 12146077372 (11.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.146  netmask 255.255.255.0  broadcast 192.168.122.255
        inet6 fe80::5054:ff:fec4:d150  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:c4:d1:50  txqueuelen 1000  (Ethernet)
        RX packets 1223785  bytes 1630072288 (1.5 GiB)
        RX errors 0  dropped 3  overruns 0  frame 0
        TX packets 607572  bytes 57149783 (54.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::24e:7cff:fe9a:e17  prefixlen 64  scopeid 0x20<link>
        ether 00:4e:7c:9a:0e:17  txqueuelen 1000  (Ethernet)
        RX packets 882863  bytes 80567426 (76.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2874998  bytes 12146087200 (11.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 3402131  bytes 12662871059 (11.7 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3402131  bytes 12662871059 (11.7 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[stack@instack ~]$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.122.1   0.0.0.0         UG    0      0        0 eth0
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 br-ctlplane
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0



[stack@instack ~]$ nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
+-------------+-----------+---------+-----------+--------------+

cannot access VM from outside on its floating IP

Hello,

I have an openstack libery setup with TripleO. 1 controller node and 2 compute nodes. All nodes are virtual machines on the same physical machine. I've created 2 instances with 1 private ip and 1 floating ip.

I can only access the instances from the controller node, under the router namespace only. I can't ping or ssh the instances from any other nodes. The instances can access themselves through both private and floating ips.

Private network : 192.168.100.0/24 External network: 10.8.75.0/24

From controller node:

ip netns exec qrouter-0f8a41e1-a8b9-4f2f-bb49-9168cec658eb ping 192.168.100.4
PING 192.168.100.4 (192.168.100.4) 56(84) bytes of data.
64 bytes from 192.168.100.4: icmp_seq=1 ttl=64 time=3.65 ms

ip netns exec qrouter-0f8a41e1-a8b9-4f2f-bb49-9168cec658eb ping 10.8.75.243
PING 10.8.75.243 (10.8.75.243) 56(84) bytes of data.
64 bytes from 10.8.75.243: icmp_seq=1 ttl=64 time=3.46 ms

neutron subnet-list|grep external

    | 35d6eb89-51b3-4de8-bbda-cd22db0855e7 | external | 10.8.75.0/24     | {"start": "10.8.75.241", "end": "10.8.75.254"}       |

neutron subnet-show 35d6eb89-51b3-4de8-bbda-cd22db0855e7

+-------------------+------------------------------------------------+
| Field             | Value                                          |
+-------------------+------------------------------------------------+
| allocation_pools  | {"start": "10.8.75.241", "end": "10.8.75.254"} |
| cidr              | 10.8.75.0/24                                   |
| dns_nameservers   | 192.168.88.15                                  |
| enable_dhcp       | True                                           |
| gateway_ip        | 10.8.75.1                                      |
| host_routes       |                                                |

From the physical machine (10.8.75.52)

ping 10.8.75.243

    PING 10.8.75.243 (10.8.75.243) 56(84) bytes of data.
    From 10.8.75.52 icmp_seq=1 Destination Host Unreachable

Any troubleshooting tips are appreciate. Thanks.

LE: On controller node

[root@overcloud-controller-0 nova]# ovs-vsctl show
83bba490-eb01-48f3-986c-f99281c8f5fc
    Bridge br-int
        fail_mode: secure
        Port "qr-a37855c8-f5"
            tag: 2
            Interface "qr-a37855c8-f5"
                type: internal
        Port "tapa4537e80-19"
            tag: 2
            Interface "tapa4537e80-19"
                type: internal
        Port br-int
            Interface br-int
                type: internal
        Port "tap2fcd8b13-9c"
            tag: 1
            Interface "tap2fcd8b13-9c"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-ex
        Port "eth0"
            Interface "eth0"
        Port "qg-19c90a53-a9"
            Interface "qg-19c90a53-a9"
                type: internal
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-c0000208"
            Interface "vxlan-c0000208"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.0.2.9", out_key=flow, remote_ip="192.0.2.8"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    ovs_version: "2.5.0"

[root@overcloud-controller-0 nova]# ifconfig
br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.9  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::293:7cff:fedb:87ea  prefixlen 64  scopeid 0x20<link>
        ether 00:93:7c:db:87:ea  txqueuelen 0  (Ethernet)
        RX packets 200452  bytes 726858237 (693.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 361851  bytes 517205962 (493.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::293:7cff:fedb:87ea  prefixlen 64  scopeid 0x20<link>
        ether 00:93:7c:db:87:ea  txqueuelen 1000  (Ethernet)
        RX packets 200612  bytes 726977200 (693.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 362411  bytes 517274343 (493.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 4097031  bytes 1562000432 (1.4 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4097031  bytes 1562000432 (1.4 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@overcloud-controller-0 nova]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.0.2.1       0.0.0.0         UG    0      0        0 br-ex
169.254.169.254 192.0.2.1       255.255.255.255 UGH   0      0        0 br-ex
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 br-ex

On compute node:

[root@overcloud-novacompute-0 ~]# ovs-vsctl show
c0454841-eeda-4086-9adc-22e8ce48088d
    Bridge br-int
        fail_mode: secure
        Port "qvoe11e3b99-b9"
            tag: 1
            Interface "qvoe11e3b99-b9"
        Port br-int
            Interface br-int
                type: internal
        Port "qvo8e0ffa18-c3"
            tag: 1
            Interface "qvo8e0ffa18-c3"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port int-br-ex
            Interface int-br-ex
                type: patch
                options: {peer=phy-br-ex}
    Bridge br-ex
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port br-ex
            Interface br-ex
                type: internal
    Bridge br-tun
        fail_mode: secure
        Port "vxlan-c0000209"
            Interface "vxlan-c0000209"
                type: vxlan
                options: {df_default="true", in_key=flow, local_ip="192.0.2.8", out_key=flow, remote_ip="192.0.2.9"}
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    ovs_version: "2.5.0"

[root@overcloud-novacompute-0 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.8  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::263:36ff:fe53:bc12  prefixlen 64  scopeid 0x20<link>
        ether 00:63:36:53:bc:12  txqueuelen 1000  (Ethernet)
        RX packets 18535  bytes 4688952 (4.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 11315  bytes 2393580 (2.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 2269  bytes 121889 (119.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2269  bytes 121889 (119.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbr8e0ffa18-c3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        ether 86:b8:c9:5f:ff:b0  txqueuelen 0  (Ethernet)
        RX packets 25  bytes 2404 (2.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbre11e3b99-b9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        ether 16:e0:18:94:e0:c8  txqueuelen 0  (Ethernet)
        RX packets 14  bytes 1448 (1.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvb8e0ffa18-c3: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::84b8:c9ff:fe5f:ffb0  prefixlen 64  scopeid 0x20<link>
        ether 86:b8:c9:5f:ff:b0  txqueuelen 1000  (Ethernet)
        RX packets 587  bytes 59387 (57.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 530  bytes 58047 (56.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvbe11e3b99-b9: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::14e0:18ff:fe94:e0c8  prefixlen 64  scopeid 0x20<link>
        ether 16:e0:18:94:e0:c8  txqueuelen 1000  (Ethernet)
        RX packets 129  bytes 14541 (14.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 182  bytes 17361 (16.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvo8e0ffa18-c3: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::e4b9:a9ff:fe38:b846  prefixlen 64  scopeid 0x20<link>
        ether e6:b9:a9:38:b8:46  txqueuelen 1000  (Ethernet)
        RX packets 530  bytes 58047 (56.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 587  bytes 59387 (57.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvoe11e3b99-b9: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1400
        inet6 fe80::5850:43ff:fe29:2c6d  prefixlen 64  scopeid 0x20<link>
        ether 5a:50:43:29:2c:6d  txqueuelen 1000  (Ethernet)
        RX packets 182  bytes 17361 (16.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 129  bytes 14541 (14.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tap8e0ffa18-c3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        inet6 fe80::fc16:3eff:fedc:f16a  prefixlen 64  scopeid 0x20<link>
        ether fe:16:3e:dc:f1:6a  txqueuelen 500  (Ethernet)
        RX packets 525  bytes 57609 (56.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 578  bytes 58133 (56.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tape11e3b99-b9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1400
        inet6 fe80::fc16:3eff:febb:d239  prefixlen 64  scopeid 0x20<link>
        ether fe:16:3e:bb:d2:39  txqueuelen 500  (Ethernet)
        RX packets 177  bytes 16923 (16.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 131  bytes 14721 (14.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

On undercloud:

[stack@instack ~]$ ifconfig
br-ctlplane: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.0.2.1  netmask 255.255.255.0  broadcast 192.0.2.255
        inet6 fe80::24e:7cff:fe9a:e17  prefixlen 64  scopeid 0x20<link>
        ether 00:4e:7c:9a:0e:17  txqueuelen 0  (Ethernet)
        RX packets 882595  bytes 80549734 (76.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2874962  bytes 12146077372 (11.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.146  netmask 255.255.255.0  broadcast 192.168.122.255
        inet6 fe80::5054:ff:fec4:d150  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:c4:d1:50  txqueuelen 1000  (Ethernet)
        RX packets 1223785  bytes 1630072288 (1.5 GiB)
        RX errors 0  dropped 3  overruns 0  frame 0
        TX packets 607572  bytes 57149783 (54.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::24e:7cff:fe9a:e17  prefixlen 64  scopeid 0x20<link>
        ether 00:4e:7c:9a:0e:17  txqueuelen 1000  (Ethernet)
        RX packets 882863  bytes 80567426 (76.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2874998  bytes 12146087200 (11.3 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 3402131  bytes 12662871059 (11.7 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3402131  bytes 12662871059 (11.7 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[stack@instack ~]$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.122.1   0.0.0.0         UG    0      0        0 eth0
192.0.2.0       0.0.0.0         255.255.255.0   U     0      0        0 br-ctlplane
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0



[stack@instack ~]$ nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
|             |           |         |           | default      |
+-------------+-----------+---------+-----------+--------------+


[stack@instack ~]$ . stackrc
[stack@instack ~]$ heat stack-list
+--------------------------------------+------------+-----------------+---------------------+--------------+
| id                                   | stack_name | stack_status    | creation_time       | updated_time |
+--------------------------------------+------------+-----------------+---------------------+--------------+
| 21f1bb39-8c9a-4fab-8d0f-5d106dd77f48 | overcloud  | CREATE_COMPLETE | 2016-06-04T13:25:45 | None         |
+--------------------------------------+------------+-----------------+---------------------+--------------+
[stack@instack ~]$ nova list
+--------------------------------------+-------------------------+--------+------------+-------------+--------------------+
| ID                                   | Name                    | Status | Task State | Power State | Networks           |
+--------------------------------------+-------------------------+--------+------------+-------------+--------------------+
| de173951-0d0b-4435-8fa8-0af98499adbb | overcloud-controller-0  | ACTIVE | -          | Running     | ctlplane=192.0.2.9 |
| 94f82231-5265-4555-ad72-f824e2330f59 | overcloud-novacompute-0 | ACTIVE | -          | Running     | ctlplane=192.0.2.8 |
+--------------------------------------+-------------------------+--------+------------+-------------+--------------------+