<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
code
{mso-style-priority:99;
font-family:"Courier New";}
span.com
{mso-style-name:com;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D">Have you opened ssh/icmp security groups?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> Shanker Gudipati [mailto:shanker.gudipati@tcs.com]
<br>
<b>Sent:</b> Tuesday, December 13, 2016 7:24 AM<br>
<b>To:</b> openstack-dev@lists.openstack.org<br>
<b>Subject:</b> [openstack-dev] Cannot ping or ssh to floating ip assigned to instance [neutron][floating ip]<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-left:solid black 1.5pt;padding:0in 0in 0in 4.0pt">
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">Hi all,
<br>
<br>
I have devstack setup which of newton version. (Lab setup)<br>
<br>
Issue : cannot ping or ssh to floating ip assigned to instance(Security groups are allowed).
<br>
<br>
172.16.73.0/24 is the external network or lab network.<br>
<br>
neutron net-list<br>
+--------------------------------------+----------+-----------------------------------------------------+<br>
| id | name | subnets |<br>
+--------------------------------------+----------+-----------------------------------------------------+<br>
| ccdb22fe-8bae-4378-9b47-82c04a16186e | ext-net | af84a87f-ce6f-4da3-a6bb-5238e97cabd4 172.16.73.0/24 |<br>
| e5999086-9fb1-403b-9273-7bb218ceebe8 | demo-net | 734e5660-807b-4038-9a86-096889f5d188 10.10.1.0/24 |<br>
+--------------------------------------+----------+-----------------------------------------------------+<br>
<br>
neutron net-show e5999086-9fb1-403b-9273-7bb218ceebe8<br>
+---------------------------+--------------------------------------+<br>
| Field | Value |<br>
+---------------------------+--------------------------------------+<br>
| admin_state_up | True |<br>
| availability_zone_hints | |<br>
| availability_zones | nova |<br>
| created_at | 2016-12-12T13:16:49Z |<br>
| description | |<br>
| id | e5999086-9fb1-403b-9273-7bb218ceebe8 |<br>
| ipv4_address_scope | |<br>
| ipv6_address_scope | |<br>
| mtu | 1450 |<br>
| name | demo-net |<br>
| port_security_enabled | True |<br>
| project_id | 03959ecbd383459eaf5d5389ab4372ac |<br>
| provider:network_type | vxlan |<br>
| provider:physical_network | |<br>
| provider:segmentation_id | 61 |<br>
| revision_number | 5 |<br>
| router:external | False |<br>
| shared | False |<br>
| status | ACTIVE |<br>
| subnets | 734e5660-807b-4038-9a86-096889f5d188 |<br>
| tags | |<br>
| tenant_id | 03959ecbd383459eaf5d5389ab4372ac |<br>
| updated_at | 2016-12-12T13:17:31Z |<br>
+---------------------------+--------------------------------------+<br>
<br>
<br>
neutron net-list <br>
+--------------------------------------+----------+-----------------------------------------------------+<br>
| id | name | subnets |<br>
+--------------------------------------+----------+-----------------------------------------------------+<br>
| ccdb22fe-8bae-4378-9b47-82c04a16186e | ext-net | af84a87f-ce6f-4da3-a6bb-5238e97cabd4 172.16.73.0/24 |<br>
| e5999086-9fb1-403b-9273-7bb218ceebe8 | demo-net | 734e5660-807b-4038-9a86-096889f5d188 10.10.1.0/24 |<br>
+--------------------------------------+----------+-----------------------------------------------------+<br>
ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ neutron router-list
<br>
+--------------------------------------+-------------+-----------------------------------------------------+-------------+-------+<br>
| id | name | external_gateway_info | distributed | ha |<br>
+--------------------------------------+-------------+-----------------------------------------------------+-------------+-------+<br>
| ce901ef7-60cd-4d88-828a-3bb5a7e3c9d5 | demo-router | {"network_id": "ccdb22fe- | False | False |<br>
| | | 8bae-4378-9b47-82c04a16186e", "enable_snat": true, | | |<br>
| | | "external_fixed_ips": [{"subnet_id": "af84a87f- | | |<br>
| | | ce6f-4da3-a6bb-5238e97cabd4", "ip_address": | | |<br>
| | | "172.16.73.247"}]} | | |<br>
+--------------------------------------+-------------+-----------------------------------------------------+-------------+-------+<br>
<br>
<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span class="com"><span style="font-size:10.0pt;font-family:"Courier New"">nova floating-ip-list
</span></span><span style="font-size:10.0pt;font-family:"Courier New""><br>
<span class="com">WARNING: Command floating-ip-list is deprecated and will be removed after Nova 15.0.0 is released. Use python-neutronclient or python-openstackclient instead.</span><br>
<span class="com">+--------------------------------------+---------------+--------------------------------------+-----------+---------+</span><br>
<span class="com">| Id | IP | Server Id | Fixed IP | Pool |</span><br>
<span class="com">+--------------------------------------+---------------+--------------------------------------+-----------+---------+</span><br>
<span class="com">| 7a5c87ca-d9e1-4340-91b0-3783f946f731 | 172.16.73.242 | f2878936-9938-4e81-8fd5-828ca68d1d3b | 10.10.1.5 | ext-net |</span><br>
<span class="com">+--------------------------------------+---------------+--------------------------------------+-----------+---------+</span><br>
<span class="com">ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ nova list
</span><br>
<span class="com">+--------------------------------------+-----------+--------+------------+-------------+-----------------------------------+</span><br>
<span class="com">| ID | Name | Status | Task State | Power State | Networks |</span><br>
<span class="com">+--------------------------------------+-----------+--------+------------+-------------+-----------------------------------+</span><br>
<span class="com">| f2878936-9938-4e81-8fd5-828ca68d1d3b | test_cirr | ACTIVE | - | Running | demo-net=10.10.1.5, 172.16.73.242 |</span><br>
<span class="com">+--------------------------------------+-----------+--------+------------+-------------+-----------------------------------+</span><br>
<span class="com">ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ ping 172.16.73.242</span><br>
<span class="com">PING 172.16.73.242 (172.16.73.242) 56(84) bytes of data.</span><br>
<span class="com">From 172.16.73.55 icmp_seq=1 Destination Host Unreachable</span><br>
<span class="com">From 172.16.73.55 icmp_seq=2 Destination Host Unreachable</span><br>
<span class="com">From 172.16.73.55 icmp_seq=3 Destination Host Unreachable</span><br>
<span class="com">^C</span><br>
<span class="com">--- 172.16.73.242 ping statistics ---</span><br>
<span class="com">4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3016ms</span><br>
<span class="com">pipe 3</span><br>
<br>
<br>
<span class="com">ip netns </span><br>
<span class="com">qrouter-ce901ef7-60cd-4d88-828a-3bb5a7e3c9d5</span><br>
<span class="com">qdhcp-e5999086-9fb1-403b-9273-7bb218ceebe8</span><br>
<span class="com">ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ sudo ip netns exec qrouter-ce901ef7-60cd-4d88-828a-3bb5a7e3c9d5 ifconfig -a</span><br>
<span class="com">lo Link encap:Local Loopback </span><br>
<span class="com"> inet addr:127.0.0.1 Mask:255.0.0.0</span><br>
<span class="com"> inet6 addr: ::1/128 Scope:Host</span><br>
<span class="com"> UP LOOPBACK RUNNING MTU:65536 Metric:1</span><br>
<span class="com"> RX packets:10 errors:0 dropped:0 overruns:0 frame:0</span><br>
<span class="com"> TX packets:10 errors:0 dropped:0 overruns:0 carrier:0</span><br>
<span class="com"> collisions:0 txqueuelen:0 </span><br>
<span class="com"> RX bytes:1008 (1.0 KB) TX bytes:1008 (1.0 KB)</span><br>
<br>
<span class="com">qg-3eab0d31-a5 Link encap:Ethernet HWaddr fa:16:3e:a9:96:30 </span><br>
<span class="com"> inet addr:172.16.73.247 Bcast:172.16.73.255 Mask:255.255.255.0</span><br>
<span class="com"> inet6 addr: fe80::f816:3eff:fea9:9630/64 Scope:Link</span><br>
<span class="com"> UP BROADCAST RUNNING MTU:1500 Metric:1</span><br>
<span class="com"> RX packets:76 errors:0 dropped:0 overruns:0 frame:0</span><br>
<span class="com"> TX packets:38 errors:0 dropped:0 overruns:0 carrier:0</span><br>
<span class="com"> collisions:0 txqueuelen:0 </span><br>
<span class="com"> RX bytes:25992 (25.9 KB) TX bytes:2112 (2.1 KB)</span><br>
<br>
<span class="com">qr-e87b6f5b-f7 Link encap:Ethernet HWaddr fa:16:3e:e1:c0:29 </span><br>
<span class="com"> inet addr:10.10.1.1 Bcast:10.10.1.255 Mask:255.255.255.0</span><br>
<span class="com"> inet6 addr: fe80::f816:3eff:fee1:c029/64 Scope:Link</span><br>
<span class="com"> UP BROADCAST RUNNING MTU:1450 Metric:1</span><br>
<span class="com"> RX packets:118 errors:0 dropped:0 overruns:0 frame:0</span><br>
<span class="com"> TX packets:90 errors:0 dropped:0 overruns:0 carrier:0</span><br>
<span class="com"> collisions:0 txqueuelen:0 </span><br>
<span class="com"> RX bytes:11251 (11.2 KB) TX bytes:8442 (8.4 KB)</span><br>
<br>
<span class="com">ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ sudo ip netns exec qdhcp-e5999086-9fb1-403b-9273-7bb218ceebe8 ifconfig -a</span><br>
<span class="com">lo Link encap:Local Loopback </span><br>
<span class="com"> inet addr:127.0.0.1 Mask:255.0.0.0</span><br>
<span class="com"> inet6 addr: ::1/128 Scope:Host</span><br>
<span class="com"> UP LOOPBACK RUNNING MTU:65536 Metric:1</span><br>
<span class="com"> RX packets:0 errors:0 dropped:0 overruns:0 frame:0</span><br>
<span class="com"> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0</span><br>
<span class="com"> collisions:0 txqueuelen:0 </span><br>
<span class="com"> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)</span><br>
<br>
<span class="com">tap0bc58d9f-af Link encap:Ethernet HWaddr fa:16:3e:51:b8:99 </span><br>
<span class="com"> inet addr:10.10.1.2 Bcast:10.10.1.255 Mask:255.255.255.0</span><br>
<span class="com"> inet6 addr: fe80::f816:3eff:fe51:b899/64 Scope:Link</span><br>
<span class="com"> UP BROADCAST RUNNING MTU:1450 Metric:1</span><br>
<span class="com"> RX packets:30 errors:0 dropped:0 overruns:0 frame:0</span><br>
<span class="com"> TX packets:28 errors:0 dropped:0 overruns:0 carrier:0</span><br>
<span class="com"> collisions:0 txqueuelen:0 </span><br>
<span class="com"> RX bytes:2858 (2.8 KB) TX bytes:2719 (2.7 KB)</span><br>
<br>
<br>
<span class="com">sudo ip netns exec qdhcp-e5999086-9fb1-403b-9273-7bb218ceebe8 ping 10.10.1.2PING 10.10.1.2 (10.10.1.2) 56(84) bytes of data.</span><br>
<span class="com">64 bytes from 10.10.1.2: icmp_seq=1 ttl=64 time=0.040 ms</span><br>
<span class="com">64 bytes from 10.10.1.2: icmp_seq=2 ttl=64 time=0.036 ms</span><br>
<span class="com">^C</span><br>
<span class="com">--- 10.10.1.2 ping statistics ---</span><br>
<span class="com">2 packets transmitted, 2 received, 0% packet loss, time 999ms</span><br>
<span class="com">rtt min/avg/max/mdev = 0.036/0.038/0.040/0.002 ms</span><br>
<span class="com">ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ sudo ip netns exec qdhcp-e5999086-9fb1-403b-9273-7bb218ceebe8 ping 172.16.73.247</span><br>
<span class="com">PING 172.16.73.247 (172.16.73.247) 56(84) bytes of data.</span><br>
<span class="com">64 bytes from 172.16.73.247: icmp_seq=1 ttl=64 time=0.253 ms</span><br>
<span class="com">64 bytes from 172.16.73.247: icmp_seq=2 ttl=64 time=0.295 ms</span><br>
<span class="com">^C</span><br>
<span class="com">--- 172.16.73.247 ping statistics ---</span><br>
<span class="com">2 packets transmitted, 2 received, 0% packet loss, time 999ms</span><br>
<span class="com">rtt min/avg/max/mdev = 0.253/0.274/0.295/0.021 ms</span><br>
<span class="com">ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ sudo ip netns exec qrouter-ce901ef7-60cd-4d88-828a-3bb5a7e3c9d5 ping 10.10.1.2
</span><br>
<span class="com">PING 10.10.1.2 (10.10.1.2) 56(84) bytes of data.</span><br>
<span class="com">64 bytes from 10.10.1.2: icmp_seq=1 ttl=64 time=0.264 ms</span><br>
<span class="com">64 bytes from 10.10.1.2: icmp_seq=2 ttl=64 time=0.061 ms</span><br>
<span class="com">^C</span><br>
<span class="com">--- 10.10.1.2 ping statistics ---</span><br>
<span class="com">2 packets transmitted, 2 received, 0% packet loss, time 999ms</span><br>
<span class="com">rtt min/avg/max/mdev = 0.061/0.162/0.264/0.102 ms</span><br>
<span class="com">ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ sudo ip netns exec qrouter-ce901ef7-60cd-4d88-828a-3bb5a7e3c9d5 ping 172.16.73.247</span><br>
<span class="com">PING 172.16.73.247 (172.16.73.247) 56(84) bytes of data.</span><br>
<span class="com">64 bytes from 172.16.73.247: icmp_seq=1 ttl=64 time=0.041 ms</span><br>
<span class="com">64 bytes from 172.16.73.247: icmp_seq=2 ttl=64 time=0.049 ms</span><br>
<span class="com">^C</span><br>
<span class="com">--- 172.16.73.247 ping statistics ---</span><br>
<span class="com">2 packets transmitted, 2 received, 0% packet loss, time 999ms</span><br>
<span class="com">rtt min/avg/max/mdev = 0.041/0.045/0.049/0.004 ms</span></span><span style="font-size:10.0pt;font-family:"Verdana",sans-serif"><o:p></o:p></span></p>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Verdana",sans-serif">IMPORTANT :
<br>
<br>
sudo ip netns exec qrouter-ce901ef7-60cd-4d88-828a-3bb5a7e3c9d5 ping 172.16.73.1<br>
PING 172.16.73.1 (172.16.73.1) 56(84) bytes of data.<br>
<br>
>From 172.16.73.247 icmp_seq=1 Destination Host Unreachable<br>
>From 172.16.73.247 icmp_seq=2 Destination Host Unreachable<br>
>From 172.16.73.247 icmp_seq=3 Destination Host Unreachable<br>
>From 172.16.73.247 icmp_seq=4 Destination Host Unreachable<br>
>From 172.16.73.247 icmp_seq=5 Destination Host Unreachable<br>
>From 172.16.73.247 icmp_seq=6 Destination Host Unreachable<br>
>From 172.16.73.247 icmp_seq=7 Destination Host Unreachable<br>
>From 172.16.73.247 icmp_seq=8 Destination Host Unreachable<br>
>From 172.16.73.247 icmp_seq=9 Destination Host Unreachable<br>
<br>
<br>
ip r<br>
default via 172.16.73.1 dev eth0 <br>
default dev br-int scope link metric 1037 <br>
default dev br-ex scope link metric 1038 <br>
default dev br-tun scope link metric 1039 <br>
169.254.0.0/16 dev br-tun proto kernel scope link src 169.254.6.191 <br>
169.254.0.0/16 dev br-ex proto kernel scope link src 169.254.8.54 <br>
169.254.0.0/16 dev br-int proto kernel scope link src 169.254.6.25 <br>
172.16.73.0/24 dev eth0 proto kernel scope link src 172.16.73.55 <br>
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 <br>
<br>
ovs-vsctl show<br>
<br>
sudo ovs-vsctl show <br>
c7c1de41-26ab-42c0-8db5-d805133bb801<br>
Manager "ptcp:6640:127.0.0.1"<br>
is_connected: true<br>
Bridge br-int<br>
Controller "tcp:127.0.0.1:6633"<br>
is_connected: true<br>
fail_mode: secure<br>
Port "tap0bc58d9f-af"<br>
tag: 41<br>
Interface "tap0bc58d9f-af"<br>
type: internal<br>
Port "qg-3eab0d31-a5"<br>
tag: 42<br>
Interface "qg-3eab0d31-a5"<br>
type: internal<br>
Port int-br-ex<br>
Interface int-br-ex<br>
type: patch<br>
options: {peer=phy-br-ex}<br>
Port "qvoc32c7705-21"<br>
tag: 41<br>
Interface "qvoc32c7705-21"<br>
Port br-int<br>
Interface br-int<br>
type: internal<br>
Port "qr-e87b6f5b-f7"<br>
tag: 41<br>
Interface "qr-e87b6f5b-f7"<br>
type: internal<br>
Port patch-tun<br>
Interface patch-tun<br>
type: patch<br>
options: {peer=patch-int}<br>
Bridge br-ex<br>
Controller "tcp:127.0.0.1:6633"<br>
is_connected: true<br>
fail_mode: secure<br>
Port br-ex<br>
Interface br-ex<br>
type: internal<br>
Port phy-br-ex<br>
Interface phy-br-ex<br>
type: patch<br>
options: {peer=int-br-ex}<br>
Bridge br-tun<br>
Controller "tcp:127.0.0.1:6633"<br>
is_connected: true<br>
fail_mode: secure<br>
Port br-tun<br>
Interface br-tun<br>
type: internal<br>
Port patch-int<br>
Interface patch-int<br>
type: patch<br>
options: {peer=patch-tun}<br>
ovs_version: "2.0.2"<br>
<br>
<br>
Unable to ping the gateway of external network from router namesapce. 172.16.73.1 is the gateway of public network. Please reply if you need any info.
<br>
<br>
Please help. thanks in advance. <br>
<br>
regards<br>
Shanker <o:p></o:p></span></p>
</div>
</div>
<p>=====-----=====-----=====<br>
Notice: The information contained in this e-mail<br>
message and/or attachments to it may contain <br>
confidential or privileged information. If you are <br>
not the intended recipient, any dissemination, use, <br>
review, distribution, printing or copying of the <br>
information contained in this e-mail message <br>
and/or attachments to it are strictly prohibited. If <br>
you have received this communication in error, <br>
please notify us by reply e-mail or telephone and <br>
immediately and permanently delete the message <br>
and any attachments. Thank you<o:p></o:p></p>
</div>
</body>
</html>