[Openstack-operators] [DVR] Instances without floating-ip cannot reach external network
Gustavo Randich
gustavo.randich at gmail.com
Tue May 5 19:36:50 UTC 2015
Problem solved.
In this test/lab cloud, we're using vmware to host the network node.
Putting the esx's virtual switch in promiscuous mode did the trick.
On Tue, May 5, 2015 at 3:54 PM, Gustavo Randich <gustavo.randich at gmail.com>
wrote:
> Hi everybody,
>
> I've just configuerd DVR in Kilo. Everything is fine, except that
> instances with no floating-ip cannot reach external network.
>
> NETWORKS
> neutron net-create ext-net1 --router:external --provider:physical_network
> external --provider:network_type flat
> neutron subnet-create ext-net1 10.180.0.0/16 --name ext-subnet1
> --allocation-pool start=10.180.100.1,end=10.180.100.100 --disable-dhcp
> --gateway 10.180.255.254
> neutron net-create demo-net
> neutron subnet-create demo-net 10.0.1.0/24 --name demo-subnet
> --gateway 10.0.1.1
> neutron router-create demo-router
> neutron router-interface-add demo-router demo-subnet
> neutron router-gateway-set demo-router ext-net1
>
> I suspect the cause of the problem is that the SNAT namespace in my
> Network Node cannot reach the external network's gateway. Should the SNAT
> namespace in Network Node "see" the external network gateway via de "qg"
> interface? E.g.:
>
> # ip netns exec snat-e6284aff-67eb-4c0b-9983-b7c9e0a0cbbc ping -I
> qg-fcdb6430-0c 10.180.255.254
> ...
> 2 packets transmitted, 0 received, 100% packet loss, time 1007ms
>
> I can see the ARP request on the network node's physical interface, but no
> reply.
>
> # tcpdump -envi eth0 arp or icmp
> 14:09:29.500350 fa:16:3e:3b:d2:67 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has
> 10.180.255.254 tell 10.180.100.1, length 28
> 14:09:30.500494 fa:16:3e:3b:d2:67 > ff:ff:ff:ff:ff:ff, ethertype ARP
> (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has
> 10.180.255.254 tell 10.180.100.1, length 28
> ...
> (NO REPLY)
>
> Thanks!
>
>
> NETWORK NODE SNAT NAMESPACE
> # ip netns exec snat-e6284aff-67eb-4c0b-9983-b7c9e0a0cbbc ip a
> ...
> 9: sg-f7ee7649-81: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UNKNOWN group default
> link/ether fa:16:3e:0e:2d:37 brd ff:ff:ff:ff:ff:ff
> inet 10.0.1.3/24 brd 10.0.1.255 scope global sg-f7ee7649-81
> valid_lft forever preferred_lft forever
> inet6 fe80::f816:3eff:fe0e:2d37/64 scope link
> valid_lft forever preferred_lft forever
> 10: qg-fcdb6430-0c: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UNKNOWN group default
> link/ether fa:16:3e:3b:d2:67 brd ff:ff:ff:ff:ff:ff
> inet 10.180.100.1/16 brd 10.180.255.255 scope global qg-fcdb6430-0c
> valid_lft forever preferred_lft forever
> inet6 fe80::f816:3eff:fe3b:d267/64 scope link
> valid_lft forever preferred_lft forever
>
> # ip netns exec snat-e6284aff-67eb-4c0b-9983-b7c9e0a0cbbc arp -an
> ...
> ? (10.180.255.254) at <incomplete> on qg-fcdb6430-0c
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150505/e2241cac/attachment.html>
More information about the OpenStack-operators
mailing list