Yes, packets being dropped by the security groups as Ravi suggests would be my first guess.<div><br></div><div>Assuming you have not done anything special to put this VM in a specific security group, it will be in the 'default' security group for that tenant. Running the following command using the same tenant as was used to create the VM would create a security group rule would allow ICMP traffic (including pings) to the VM: </div>
<div><br></div><div><pre class="screen" style="color:rgb(35,48,45);font-family:Monaco,'Courier New','DejaVu Sans Mono','Bitstream Vera Sans Mono',monospace;overflow-x:scroll;width:1028px;font-size:12px;border-bottom-color:rgb(222,222,222)!important;border-bottom-style:solid!important;border-bottom-width:1px!important;border-top-color:rgb(222,222,222)!important;border-top-style:solid!important;border-top-width:1px!important;padding:0.5em!important">
nova secgroup-add-rule default icmp -1 -1 <a href="http://0.0.0.0/0">0.0.0.0/0</a></pre><br><div class="gmail_quote">On Fri, Nov 23, 2012 at 8:58 PM, Ravi Chunduru <span dir="ltr"><<a href="mailto:ravivsn@gmail.com" target="_blank">ravivsn@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Shyam,<div> Make sure you have access control list configured for the VMs.</div><div>You can configure it from the dashboard.</div>
<div><br></div><div>Thanks,</div><div>-Ravi.</div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">
On Fri, Nov 23, 2012 at 12:34 PM, Shyam Goud <span dir="ltr"><<a href="mailto:shyam.todeti@oneconvergence.com" target="_blank">shyam.todeti@oneconvergence.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div class="h5">
<div bgcolor="#FFFFFF" text="#000000">
<br>
<div>Hello All,<br>
<br>
I am unable to ping VM on its floating IP from external network.
Interestingly I am able to ping external network from VM.<br>
VM's: Fixed IP 10.0.0.3, Floating IP <a href="http://192.168.2.161/24" target="_blank">192.168.2.161/24</a>. <br>
<br>
Appreciate any inputs here.<br>
<br>
#quantum router-list<br>
+--------------------------------------+---------+--------------------------------------------------------+<br>
| id | name |
external_gateway_info |<br>
+--------------------------------------+---------+--------------------------------------------------------+<br>
| 27b3117b-1fe7-43b6-a1af-6c4cd54387bb | router1 | {"network_id":
"246f3475-1113-479a-a478-ee2b91c09b82"} |<br>
+--------------------------------------+---------+--------------------------------------------------------+<br>
<br>
root@controller-desktop:~# <br>
root@controller-desktop:~# quantum port-list --
--27b3117b-1fe7-43b6-a1af-6c4cd54387bb<br>
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+<br>
| id | name | mac_address
|
fixed_ips
|<br>
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+<br>
| 0e54497a-c4da-4d24-bdcf-50d9bc7349fc | | fa:16:3e:7a:93:47
| {"subnet_id": "78e72581-6079-4758-beb1-e35751c428f8",
"ip_address": "10.0.0.1"} |<br>
| 146fa6ef-4051-493f-a1f5-caaf7d6be106 | | fa:16:3e:60:40:44
| {"subnet_id": "b0955be1-cefe-4fb8-b607-01ff93af5753",
"ip_address": "192.168.2.161"} |<br>
| 41d1f801-febd-4559-9253-b661623cdf95 | | fa:16:3e:2a:40:2d
| {"subnet_id": "78e72581-6079-4758-beb1-e35751c428f8",
"ip_address": "10.0.0.3"} |<br>
| db7f14be-a460-4dfb-87df-8098cf16489f | | fa:16:3e:f5:22:21
| {"subnet_id": "78e72581-6079-4758-beb1-e35751c428f8",
"ip_address": "10.0.0.2"} |<br>
| ee9f258e-0f4a-463a-b2d8-738d00b246f7 | | fa:16:3e:b1:c5:46
| {"subnet_id": "b0955be1-cefe-4fb8-b607-01ff93af5753",
"ip_address": "192.168.2.160"} |<br>
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+<br>
<br>
root@controller-desktop:~# quantum floatingip-list<br>
+--------------------------------------+------------------+---------------------+--------------------------------------+<br>
| id | fixed_ip_address |
floating_ip_address | port_id |<br>
+--------------------------------------+------------------+---------------------+--------------------------------------+<br>
| e045f346-a4f3-44c2-9c9e-0f02d95107a8 | 10.0.0.3 |
192.168.2.161 | 41d1f801-febd-4559-9253-b661623cdf95 |<br>
+--------------------------------------+------------------+---------------------+--------------------------------------+<br>
root@controller-desktop:~# <br>
<br>
+++++++++++ Routers Routing tables ++++++++++++<br>
~# ip netns exec qrouter-27b3117b-1fe7-43b6-a1af-6c4cd54387bb
route -n<br>
Kernel IP routing table<br>
Destination Gateway Genmask Flags Metric
Ref Use Iface<br>
0.0.0.0 192.168.2.254 0.0.0.0 UG 0
0 0 qg-ee9f258e-0f<br>
10.0.0.0 0.0.0.0 255.255.255.0 U 0
0 0 qr-0e54497a-c4<br>
192.168.2.0 0.0.0.0 255.255.255.0 U 0
0 0 qg-ee9f258e-0f<br>
root@controller-desktop:~# <br>
<br>
<br>
+++++++++ Routers NAT policy +++++++++++++++++<br>
<br>
# ip netns exec qrouter-27b3117b-1fe7-43b6-a1af-6c4cd54387bb
iptables -t nat -L -vn<br>
Chain PREROUTING (policy ACCEPT 5008 packets, 475K bytes)<br>
pkts bytes target prot opt in out
source destination <br>
5013 475K quantum-l3-agent-PREROUTING all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>
<br>
Chain INPUT (policy ACCEPT 528 packets, 140K bytes)<br>
pkts bytes target prot opt in out
source destination <br>
<br>
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)<br>
pkts bytes target prot opt in out
source destination <br>
1 84 quantum-l3-agent-OUTPUT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>
<br>
Chain POSTROUTING (policy ACCEPT 5 packets, 420 bytes)<br>
pkts bytes target prot opt in out
source destination <br>
10 840 quantum-l3-agent-POSTROUTING all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>
10 840 quantum-postrouting-bottom all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>
<br>
Chain quantum-l3-agent-OUTPUT (1 references)<br>
pkts bytes target prot opt in out
source destination <br>
1 84 DNAT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> 192.168.2.161 to:10.0.0.3<br>
<br>
Chain quantum-l3-agent-POSTROUTING (1 references)<br>
pkts bytes target prot opt in out
source destination <br>
0 0 ACCEPT all -- !qg-ee9f258e-0f !qg-ee9f258e-0f
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> ! ctstate DNAT<br>
<br>
Chain quantum-l3-agent-PREROUTING (1 references)<br>
pkts bytes target prot opt in out
source destination <br>
5 420 DNAT all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> 192.168.2.161 to:10.0.0.3<br>
<br>
Chain quantum-l3-agent-float-snat (1 references)<br>
pkts bytes target prot opt in out
source destination <br>
5 420 SNAT all -- * *
10.0.0.3 <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> to:192.168.2.161<br>
<br>
Chain quantum-l3-agent-snat (1 references)<br>
pkts bytes target prot opt in out
source destination <br>
10 840 quantum-l3-agent-float-snat all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>
0 0 SNAT all -- * *
<a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> to:192.168.2.160<br>
<br>
Chain quantum-postrouting-bottom (1 references)<br>
pkts bytes target prot opt in out
source destination <br>
10 840 quantum-l3-agent-snat all -- * *
<a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a> <br>
root@controller-desktop:~# <br>
<br>
<br>
Following is the link which we used to create floating IPs.<br>
<br>
<b><a href="http://docs.openstack.org/trunk/openstack-network/admin/content/demo_logical_network_config.html" target="_blank">http://docs.openstack.org/trunk/openstack-network/admin/content/demo_logical_network_config.html</a></b><br>
<br>
Thanks,<br>
Shyam.<br>
<br>
</div>
<br>
</div>
<br></div></div>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><div><br></div>-- <br>Ravi<br><br>
</font></span></div>
<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>Dan Wendlandt <div>Nicira, Inc: <a href="http://www.nicira.com" target="_blank">www.nicira.com</a><br><div>twitter: danwendlandt<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~<br></div></div><br>
</div>