[OpenStack-fr] 2 providers networks. VM using floating IP from one can reach the controleur and VM from the other network not .
Stéphane Delmotte
stephane.delmotte at univ-lyon1.fr
Lun 13 Nov 14:03:22 UTC 2017
Le 09/11/2017 à 21:16, Jerome Pansanel a écrit :
> Hi Stéphane,
>
> Can you tell us if your VM are one the same host?
>
> Do you have two different (virtual) routers to access the 134.214.213.0
> and 134.214.32.0 networks?
>
> Did you check the path of a ICMP packet with tcpdump?
>
> Cheers,
>
> Jerome
>
> Le 09/11/2017 à 16:29, Stéphane Delmotte a écrit :
>> I have a problem with network on my cloud.
>>
>> Some VM (depends of project) use floating ip from public01 and other
>> from public02
>>
>> My vm on the network public01 work perfectly and can reach the
>> controleur (134.214.34.20) (it is on the same network in my case
>> 134.214.32.0/22)
>> (it use floating ip)
>>
>> my vm on the network public02 work perfectly and can reach all host on
>> the netwok 134.214.213.0/24 and 134.214.32.0/22 exept the controleur
>> (134.214.34.20)
>> why ?
>>
>>
>>
>> there is my configuration
>> 2 providers networks public01 and public02
>>
>> Field | Value |
>> +---------------------------+--------------------------------------+
>> | admin_state_up | UP |
>> | availability_zone_hints | |
>> | availability_zones | nova |
>> | created_at | 2017-09-18T14:20:12Z |
>> | description | |
>> | dns_domain | None |
>> | id | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b |
>> | ipv4_address_scope | None |
>> | ipv6_address_scope | None |
>> | is_default | False |
>> | mtu | 1400 |
>> | name | public01 |
>> | port_security_enabled | False |
>> | project_id | 7a8caa84511d41a291f7b67ae8750eb6 |
>> | provider:network_type | flat |
>> | provider:physical_network | extnet |
>> | provider:segmentation_id | None |
>> | qos_policy_id | None |
>> | revision_number | 12 |
>> | router:external | External |
>> | segments | None |
>> | shared | True |
>> | status | ACTIVE |
>> | subnets | 78c4021e-420f-4acc-a3d4-60232116281d |
>> | updated_at | 2017-09-20T12:23:03Z |
>> +---------------------------+--------------------------------------+
>>
>>
>> +---------------------------+--------------------------------------+
>> | Field | Value |
>> +---------------------------+--------------------------------------+
>> | admin_state_up | UP |
>> | availability_zone_hints | |
>> | availability_zones | nova |
>> | created_at | 2017-10-20T09:18:56Z |
>> | description | |
>> | dns_domain | None |
>> | id | f5d0ece1-cd2d-463e-8352-dec298cd1993 |
>> | ipv4_address_scope | None |
>> | ipv6_address_scope | None |
>> | is_default | False |
>> | mtu | 1400 |
>> | name | public02 |
>> | port_security_enabled | False |
>> | project_id | 7a8caa84511d41a291f7b67ae8750eb6 |
>> | provider:network_type | flat |
>> | provider:physical_network | prabi |
>> | provider:segmentation_id | None |
>> | qos_policy_id | None |
>> | revision_number | 6 |
>> | router:external | External |
>> | segments | None |
>> | shared | True |
>> | status | ACTIVE |
>> | subnets | 7a6df182-0754-4ebb-b93f-b57373328d16 |
>> | updated_at | 2017-10-20T11:45:40Z |
>> +---------------------------+--------------------------------------+
>>
>>
>>
>> and public_subnet
>>
>> 78c4021e-420f-4acc-a3d4-60232116281d |
>> public_subnet |
>> 146cf744-5cc2-4a2a-b67b-52c6e0222d6b | 134.214.32.0/22 |
>> 7a6df182-0754-4ebb-b93f-b57373328d16 |
>> public2_subnet |
>> f5d0ece1-cd2d-463e-8352-dec298cd1993 | 134.214.213.0/24 |
>>
>> subnet show public2_subnet
>> +-------------------+--------------------------------------+
>> | Field | Value |
>> +-------------------+--------------------------------------+
>> | allocation_pools | 134.214.213.3-134.214.213.252 |
>> | cidr | 134.214.213.0/24 |
>> | created_at | 2017-10-20T09:30:03Z |
>> | description | |
>> | dns_nameservers | 134.214.100.6 |
>> | enable_dhcp | True |
>> | gateway_ip | 134.214.213.1 |
>> | host_routes | |
>> | id | 7a6df182-0754-4ebb-b93f-b57373328d16 |
>> | ip_version | 4 |
>> | ipv6_address_mode | None |
>> | ipv6_ra_mode | None |
>> | name | public2_subnet |
>> | network_id | f5d0ece1-cd2d-463e-8352-dec298cd1993 |
>> | project_id | 7a8caa84511d41a291f7b67ae8750eb6 |
>> | revision_number | 3 |
>> | segment_id | None |
>> | service_types | |
>> | subnetpool_id | None |
>> | updated_at | 2017-10-20T11:45:40Z |
>> +-------------------+--------------------------------------+
>>
>>
>> subnet show public_subnet
>> +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+
>>
>> | Field | Value |
>> +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+
>>
>> | allocation_pools |
>> 134.214.34.141-134.214.34.141,134.214.35.208-134.214.35.208,134.214.34.25-134.214.34.27,134.214.34.22-134.214.34.23,134.214.35.183-134.214.35.183
>> |
>> | cidr | 134.214.32.0/22 |
>> | created_at | 2017-09-18T14:20:26Z |
>> | description | |
>> | dns_nameservers | 134.214.100.245, 134.214.100.6 |
>> | enable_dhcp | False |
>> | gateway_ip | 134.214.32.1 |
>> | host_routes | |
>> | id | 78c4021e-420f-4acc-a3d4-60232116281d |
>> | ip_version | 4 |
>> | ipv6_address_mode | None |
>> | ipv6_ra_mode | None |
>> | name | public_subnet |
>> | network_id | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b |
>> | project_id | 7a8caa84511d41a291f7b67ae8750eb6 |
>> | revision_number | 9 |
>> | segment_id | None |
>> | service_types | |
>> | subnetpool_id | None |
>> | updated_at | 2017-09-20T12:23:03Z
>>
>>
>>
>>
>>
>> I need my VM (ip form public02) can reach the controler because I use a
>> cloud broker sleepstream and my vm (on the network 134.214.213.0/24 need
>> connect the API 134.214.32.0/22 because some of them can be orchestrator).
>>
>> I need somme help
>> thanks
>> Stéphane
>>
>>
Hi Jérome,
>
> VM are not on same host but in a compute (ifb-node07.univ-lyon1)
>
>
>
> VM from the other project run also on that compute.
>
>
>
> I have also try with a bar metal machine : I put one of our laptop on
> the network 134.214.213.0 in that case I have the same problem
>
>
>
> ping laptop -> controleur : no
>
>
>
> ping controleur > laptop : yes
>
>
I have found the solution,
On my controleur I have 2 net ns
qrouter-a9f248e8-a8be-49a2-93c9-d9e779ae4d1f
qrouter-12bf2dd0-de64-42c1-bb48-d1b94e03c3b1
(one by provider network)
the name space where is attached my provider tenant (134.214.213.0/24)
is the second one.
I put the route to my controler like this. (i'v found before the name of
the veth)
ip netns exec qrouter-12bf2dd0-de64-42c1-bb48-d1b94e03c3b1 route add
134.214.34.20 dev qg-e9bcd6a8-8f
it is ok now
Thanks
Stéphane
--
Delmotte Stéphane
UMR CNRS 5558 Biometrie et Biologie Evolutive
Bat 711 |
Universite Claude Bernard - Lyon I | Tel : +33 04 72 43 11 68
43, Bd du 11 Novembre 1918 | Fax : 04 72 43 13 88
69622 Villeurbanne cedex FRANCE
Plus d'informations sur la liste de diffusion OpenStack-fr