Ask Your Question

michaelp's profile - activity

2019-03-28 17:00:04 -0500 received badge  Self-Learner (source)
2019-03-28 17:00:04 -0500 received badge  Teacher (source)
2019-03-28 16:52:57 -0500 received badge  Nice Question (source)
2016-11-06 20:10:31 -0500 received badge  Student (source)
2016-08-15 08:12:31 -0500 received badge  Famous Question (source)
2016-02-26 16:12:26 -0500 received badge  Notable Question (source)
2016-01-11 00:51:55 -0500 received badge  Famous Question (source)
2016-01-08 00:24:53 -0500 received badge  Popular Question (source)
2015-12-24 05:38:56 -0500 received badge  Notable Question (source)
2015-11-15 03:47:21 -0500 received badge  Popular Question (source)
2015-10-19 10:32:05 -0500 answered a question can't ping or ssh instance floating IP

Yes. this is correct. From the compute node I can ping/ssh internal IP 10.0.0.4 of the instance (instance IP assigned on the private network)

sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac ping 10.0.0.4 PING 10.0.0.4 (10.0.0.4) 56(84) bytes of data. 64 bytes from 10.0.0.4: icmp_seq=1 ttl=64 time=0.769 ms 64 bytes from 10.0.0.4: icmp_seq=2 ttl=64 time=0.335 ms 64 bytes from 10.0.0.4: icmp_seq=3 ttl=64 time=0.601 ms 64 bytes from 10.0.0.4: icmp_seq=4 ttl=64 time=0.221 ms

However, I cannot ping/ssh floating IPs of the public network

sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac ping 172.24.4.5 PING 172.24.4.5 (172.24.4.5) 56(84) bytes of data. From 172.24.4.2 icmp_seq=1 Destination Host Unreachable From 172.24.4.2 icmp_seq=2 Destination Host Unreachable From 172.24.4.2 icmp_seq=3 Destination Host Unreachable

AT the same time I can ping router IP 172.24.4.2 itself sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac ping 172.24.4.2 PING 172.24.4.2 (172.24.4.2) 56(84) bytes of data. 64 bytes from 172.24.4.2: icmp_seq=1 ttl=64 time=0.121 ms 64 bytes from 172.24.4.2: icmp_seq=2 ttl=64 time=0.069 ms 64 bytes from 172.24.4.2: icmp_seq=3 ttl=64 time=0.059 ms

and I can ping gateway IP of the public network sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac ping 172.24.4.1 PING 172.24.4.1 (172.24.4.1) 56(84) bytes of data. 64 bytes from 172.24.4.1: icmp_seq=1 ttl=64 time=3.46 ms 64 bytes from 172.24.4.1: icmp_seq=2 ttl=64 time=0.091 ms

All router interfaces show status ACTIVE

and both public and private network show status ACTIVE.

Some mysterious problem...

2015-10-19 06:38:53 -0500 asked a question can't ping or ssh instance floating IP

I installed Kilo Openstack/devstack with everything on a single node on ubuntu 14.04. I created an instance, I can see it get an address assigned and give a floating IP4/IP6 public=172.24.4.5, 2001:db8::6 and internal IP4/IP6 private=fd6d:9a49:de06:0:f816:3eff:feb5:14609, 10.0.0.4

I added it to the default security group and edited the security group enabling icmp and ssh (port 22) ingress rules. Now can ping and ssh the instance internal IP 10.0.0.4.

However, I cannot ping or SSH the instance floating IP 172.24.4.5 from the compute node or any other machine on the network.
I can ping public network default gateway IP 172.24.4.1 and router external IP 172.24.4.2. However, ping to instance floating IP 172.24.4.5 does not work.

Here is the output of commands on the compute node

$ neutron router-list 
$ ip netns | grep router_id (
$ ip netns exec qrouter-router_id iptables -S -t nat 
$ ip netns exec qrouter-router_id ip a 
$ ip netns exec qrouter-router_id ifconfig 

neutron router-list 
ea089823-0b25-42c8-ac30-d56ffa1ff2ac | router1 | {"network_id": "2863985b-f319-435e-8d0b-8f6647008711", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "a2bd8b63-7be5-43b5-9534-bd5e04a59734", "ip_address": "172.24.4.2"}, {"subnet_id": "c26dd6ba-6573-4c06-936e-00fe5c1d67bb", "ip_address": "2001:db8::3"}]} | False       | False |

ip netns | grep ea089823-0b25-42c8-ac30-d56ffa1ff2ac
qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac

  sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac iptables -S -t nat

-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-43b82233-b7 ! -o qg-43b82233-b7 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -o qg-43b82233-b7 -j SNAT --to-source 172.24.4.2
-A neutron-l3-agent-snat -m mark ! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source 172.24.4.2
-A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat

 sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
9: qr-db44c430-bc: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/ether fa:16:3e:90:1b:f8 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-db44c430-bc
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe90:1bf8/64 scope link
       valid_lft forever preferred_lft forever
10: qg-43b82233-b7: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default
    link/ether fa:16:3e:3e:bb:08 brd ff:ff:ff:ff:ff:ff
    inet 172.24.4.2/24 brd 172.24.4.255 scope global qg-43b82233-b7
       valid_lft ...
(more)
2015-10-19 06:38:53 -0500 asked a question can't access instance floating IP

I installed Kilo Openstack/devstack with everything on a single node on ubuntu 14.04. I created an instance, I can see it got both internal and external IPs assigned IP Addresses

Public172.24.4.5, 2001:db8::6 Private10.0.0.4, fd6d:9a49:de06:0:f816:3eff:feb5:1609

I added it to the default security group and edited the security group enabling icmp and ssh (port 22) ingress rules. Now can ping and ssh the instance internal IP 10.0.0.4.

However, I cannot ping or SSH the instance floating IP 172.24.4.5 from the compute node or any other machine on the network.
I can ping public network default gateway IP 172.24.4.1 and router external IP 172.24.4.2. However, ping to instance floating IP 172.24.4.5 does not work.

Looking at both public and private networks I see that both status is Active. All router interfaces are shown as Active as well.

Here is the output of commands from the compute node $ neutron router-list $ ip netns | grep router_id ( $ ip netns exec qrouter-router_id iptables -S -t nat $ ip netns exec qrouter-router_id ip a $ ip netns exec qrouter-router_id ifconfig

neutron router-list ea089823-0b25-42c8-ac30-d56ffa1ff2ac | router1 | {"network_id": "2863985b-f319-435e-8d0b-8f6647008711", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "a2bd8b63-7be5-43b5-9534-bd5e04a59734", "ip_address": "172.24.4.2"}, {"subnet_id": "c26dd6ba-6573-4c06-936e-00fe5c1d67bb", "ip_address": "2001:db8::3"}]} | False | False |

ip netns | grep ea089823-0b25-42c8-ac30-d56ffa1ff2ac qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac

sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac iptables -S -t nat

-P PREROUTING ACCEPT -P INPUT ACCEPT -P OUTPUT ACCEPT -P POSTROUTING ACCEPT -N neutron-l3-agent-OUTPUT -N neutron-l3-agent-POSTROUTING -N neutron-l3-agent-PREROUTING -N neutron-l3-agent-float-snat -N neutron-l3-agent-snat -N neutron-postrouting-bottom -A PREROUTING -j neutron-l3-agent-PREROUTING -A OUTPUT -j neutron-l3-agent-OUTPUT -A POSTROUTING -j neutron-l3-agent-POSTROUTING -A POSTROUTING -j neutron-postrouting-bottom -A neutron-l3-agent-POSTROUTING ! -i qg-43b82233-b7 ! -o qg-43b82233-b7 -m conntrack ! --ctstate DNAT -j ACCEPT -A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697 -A neutron-l3-agent-snat -j neutron-l3-agent-float-snat -A neutron-l3-agent-snat -o qg-43b82233-b7 -j SNAT --to-source 172.24.4.2 -A neutron-l3-agent-snat -m mark ! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source 172.24.4.2 -A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat

sudo ip netns exec qrouter-ea089823-0b25-42c8-ac30-d56ffa1ff2ac ip a

1: lo: <loopback,up,lower_up> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 9: qr-db44c430-bc: <broadcast,up,lower_up> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:90:1b:f8 brd ff:ff:ff:ff:ff:ff inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-db44c430-bc valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe90:1bf8/64 scope link valid_lft forever preferred_lft forever 10: qg-43b82233-b7: <broadcast,up,lower_up> mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:3e:bb:08 brd ff:ff:ff:ff:ff ... (more)