[Openstack-operators] All in a box: Neutron unable to provide internet access?

Li Ma mali at awcloud.com
Wed Mar 19 13:00:45 UTC 2014


When you start trying to ping outside, you can run "iptables -nvL" on
your network node, to check if any iptables rules "drop" your packets.

Besides, you may hit MTU issue, because GRE will add a header on
ethernet frame from your VM. Try to decrease eth0's MTU from 1500(by
default) to 1450 inside your vm.

-- 
---
cheers,
Li Ma


On 3/19/2014 8:51 PM, Giuseppe Civitella wrote:
> Hi Li,
>
> thanks for the hints. I went through my initial problem and now I'm
> facing a new one despite it has some aspects in common with the other.
> As I already wrote on launchpad (I guess I'm crossposting here:
> https://answers.launchpad.net/neutron/+question/245730) , I'm building
> an opoenstaack in a box with a GRE network. So far I've been able to
> create a public external router ad a router for my admin tenants. 
> I'm able to deploy vms in my admin network and they can ping each
> other and ping the gateway. 
> The problem comes when accessing to the internet.
> If i send some ping from a vm to an external ip I can see the packets
> going out the tenant's network, being snatted, going out as echo
> request and getting back as echo reply on external interface. But they
> don't get back to the machine that originated them.
> If I try to ping the machine from outside the packets stop on the
> external interface even if a proper dnat rule has been put in place by
> the floating ip mechanism.
> Iptables rules generated in the namespace seem fine. In the security
> group I just put rules to allow everything, but I still have this sort
> of dnat problem.
> Any help?
>
> 2014-03-17 12:50 GMT+01:00 Li Ma <mali at awcloud.com
> <mailto:mali at awcloud.com>>:
>
>     As far as I know, stackinsider provide a demo online platform, which
>     takes advantage of nested virtualization. That's why it says "nested"
>     Neutron. It runs OpenStack over OpenStack arch.
>
>     You can just ignore the statement and focus on why your VM cannot
>     access
>     external network.
>
>     On 3/17/2014 7:10 PM, Giuseppe Civitella wrote:
>     > Hi all,
>     >
>     > I trying to perform an Openstack installation in a single box.
>     > Everything went fine except for virtual machines' internet
>     access. I'm
>     > able spawn machine that can ping each other but cannot ping the
>     > gateway or have internet access for those vms.
>     > Looking for mode documentation I've found this:
>     >
>     >
>     http://wiki.stackinsider.com/index.php/Native_Stack_-_Single_Node_using_Neutron_GRE_-_Havana#Enable_IP_forwarding
>     >
>     > which says, at the end of the page:
>     > Unsupported issue
>     > OpenStack Network
>     > After Neutron network is initialized properly, the created virtual
>     > machines are capable of communicating with each other,
>     > however, it is not possible to access Internet inside the virtual
>     > machine, due to the lack of nested Neutron support from OpenStack.
>     >
>     > Is that true? There is no way of having a fully functional Neutron
>     > running in just one box? Should I use nova-network instead?
>     >
>     > Thanks a lot
>     > Giuseppe
>     >
>     >
>     > _______________________________________________
>     > OpenStack-operators mailing list
>     > OpenStack-operators at lists.openstack.org
>     <mailto:OpenStack-operators at lists.openstack.org>
>     >
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>     --
>     ---
>     cheers,
>     Li Ma
>
>
>
>
>     _______________________________________________
>     OpenStack-operators mailing list
>     OpenStack-operators at lists.openstack.org
>     <mailto:OpenStack-operators at lists.openstack.org>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>



More information about the OpenStack-operators mailing list