Yes, packets being dropped by the security groups as Ravi suggests would be my first guess.<div><br></div><div>Assuming you have not done anything special to put this VM in a specific security group, it will be in the 'default' security group for that tenant.  Running the following command using the same tenant as was used to create the VM would create a security group rule would allow ICMP traffic (including pings) to the VM: </div>

<div><br></div><div><pre class="screen" style="color:rgb(35,48,45);font-family:Monaco,'Courier New','DejaVu Sans Mono','Bitstream Vera Sans Mono',monospace;overflow-x:scroll;width:1028px;font-size:12px;border-bottom-color:rgb(222,222,222)!important;border-bottom-style:solid!important;border-bottom-width:1px!important;border-top-color:rgb(222,222,222)!important;border-top-style:solid!important;border-top-width:1px!important;padding:0.5em!important">

nova secgroup-add-rule default icmp -1 -1 <a href="http://0.0.0.0/0">0.0.0.0/0</a></pre><br><div class="gmail_quote">On Fri, Nov 23, 2012 at 8:58 PM, Ravi Chunduru <span dir="ltr"><<a href="mailto:ravivsn@gmail.com" target="_blank">ravivsn@gmail.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Shyam,<div> Make sure you have access control list configured for the VMs.</div><div>You can configure it from the dashboard.</div>

<div><br></div><div>Thanks,</div><div>-Ravi.</div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">

On Fri, Nov 23, 2012 at 12:34 PM, Shyam Goud <span dir="ltr"><<a href="mailto:shyam.todeti@oneconvergence.com" target="_blank">shyam.todeti@oneconvergence.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

<div><div class="h5">


  

    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <br>
    <div>Hello All,<br>
      <br>
      I am unable to ping VM on its floating IP from external network.
      Interestingly I am able to ping external network from VM.<br>
      VM's: Fixed IP 10.0.0.3, Floating IP <a href="http://192.168.2.161/24" target="_blank">192.168.2.161/24</a>. <br>
      <br>
      Appreciate any inputs here.<br>
      <br>
       #quantum router-list<br>
+--------------------------------------+---------+--------------------------------------------------------+<br>
      | id                                   | name    |
      external_gateway_info                                  |<br>
+--------------------------------------+---------+--------------------------------------------------------+<br>
      | 27b3117b-1fe7-43b6-a1af-6c4cd54387bb | router1 | {"network_id":
      "246f3475-1113-479a-a478-ee2b91c09b82"} |<br>
+--------------------------------------+---------+--------------------------------------------------------+<br>
      <br>
      root@controller-desktop:~# <br>
      root@controller-desktop:~# quantum port-list --
      --27b3117b-1fe7-43b6-a1af-6c4cd54387bb<br>
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+<br>
      | id                                   | name | mac_address      
      |
      fixed_ips                                                                           
      |<br>
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+<br>
      | 0e54497a-c4da-4d24-bdcf-50d9bc7349fc |      | fa:16:3e:7a:93:47
      | {"subnet_id": "78e72581-6079-4758-beb1-e35751c428f8",
      "ip_address": "10.0.0.1"}      |<br>
      | 146fa6ef-4051-493f-a1f5-caaf7d6be106 |      | fa:16:3e:60:40:44
      | {"subnet_id": "b0955be1-cefe-4fb8-b607-01ff93af5753",
      "ip_address": "192.168.2.161"} |<br>
      | 41d1f801-febd-4559-9253-b661623cdf95 |      | fa:16:3e:2a:40:2d
      | {"subnet_id": "78e72581-6079-4758-beb1-e35751c428f8",
      "ip_address": "10.0.0.3"}      |<br>
      | db7f14be-a460-4dfb-87df-8098cf16489f |      | fa:16:3e:f5:22:21
      | {"subnet_id": "78e72581-6079-4758-beb1-e35751c428f8",
      "ip_address": "10.0.0.2"}      |<br>
      | ee9f258e-0f4a-463a-b2d8-738d00b246f7 |      | fa:16:3e:b1:c5:46
      | {"subnet_id": "b0955be1-cefe-4fb8-b607-01ff93af5753",
      "ip_address": "192.168.2.160"} |<br>
+--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+<br>
      <br>
      root@controller-desktop:~# quantum floatingip-list<br>
+--------------------------------------+------------------+---------------------+--------------------------------------+<br>
      | id                                   | fixed_ip_address |
      floating_ip_address | port_id                              |<br>
+--------------------------------------+------------------+---------------------+--------------------------------------+<br>
      | e045f346-a4f3-44c2-9c9e-0f02d95107a8 | 10.0.0.3         |
      192.168.2.161       | 41d1f801-febd-4559-9253-b661623cdf95 |<br>
+--------------------------------------+------------------+---------------------+--------------------------------------+<br>
      root@controller-desktop:~# <br>
      <br>
      +++++++++++ Routers Routing tables ++++++++++++<br>
      ~# ip netns exec qrouter-27b3117b-1fe7-43b6-a1af-6c4cd54387bb
      route -n<br>
      Kernel IP routing table<br>
      Destination     Gateway         Genmask         Flags Metric
      Ref    Use Iface<br>
      0.0.0.0         192.168.2.254   0.0.0.0         UG    0     
      0        0 qg-ee9f258e-0f<br>
      10.0.0.0        0.0.0.0         255.255.255.0   U     0     
      0        0 qr-0e54497a-c4<br>
      192.168.2.0     0.0.0.0         255.255.255.0   U     0     
      0        0 qg-ee9f258e-0f<br>
      root@controller-desktop:~# <br>
      <br>
      <br>
      +++++++++ Routers NAT policy +++++++++++++++++<br>
      <br>
      # ip netns exec qrouter-27b3117b-1fe7-43b6-a1af-6c4cd54387bb
      iptables -t nat -L -vn<br>
      Chain PREROUTING (policy ACCEPT 5008 packets, 475K bytes)<br>
       pkts bytes target     prot opt in     out    
      source               destination         <br>
       5013  475K quantum-l3-agent-PREROUTING  all  --  *      *      
      <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>           <br>
      <br>
      Chain INPUT (policy ACCEPT 528 packets, 140K bytes)<br>
       pkts bytes target     prot opt in     out    
      source               destination         <br>
      <br>
      Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)<br>
       pkts bytes target     prot opt in     out    
      source               destination         <br>
          1    84 quantum-l3-agent-OUTPUT  all  --  *      *      
      <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>           <br>
      <br>
      Chain POSTROUTING (policy ACCEPT 5 packets, 420 bytes)<br>
       pkts bytes target     prot opt in     out    
      source               destination         <br>
         10   840 quantum-l3-agent-POSTROUTING  all  --  *      *      
      <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>           <br>
         10   840 quantum-postrouting-bottom  all  --  *      *      
      <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>           <br>
      <br>
      Chain quantum-l3-agent-OUTPUT (1 references)<br>
       pkts bytes target     prot opt in     out    
      source               destination         <br>
          1    84 DNAT       all  --  *      *      
      <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            192.168.2.161        to:10.0.0.3<br>
      <br>
      Chain quantum-l3-agent-POSTROUTING (1 references)<br>
       pkts bytes target     prot opt in     out    
      source               destination         <br>
          0     0 ACCEPT     all  --  !qg-ee9f258e-0f !qg-ee9f258e-0f 
      <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            ! ctstate DNAT<br>
      <br>
      Chain quantum-l3-agent-PREROUTING (1 references)<br>
       pkts bytes target     prot opt in     out    
      source               destination         <br>
          5   420 DNAT       all  --  *      *      
      <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            192.168.2.161        to:10.0.0.3<br>
      <br>
      Chain quantum-l3-agent-float-snat (1 references)<br>
       pkts bytes target     prot opt in     out    
      source               destination         <br>
          5   420 SNAT       all  --  *      *      
      10.0.0.3             <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            to:192.168.2.161<br>
      <br>
      Chain quantum-l3-agent-snat (1 references)<br>
       pkts bytes target     prot opt in     out    
      source               destination         <br>
         10   840 quantum-l3-agent-float-snat  all  --  *      *      
      <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>           <br>
          0     0 SNAT       all  --  *      *      
      <a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a>          <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            to:192.168.2.160<br>
      <br>
      Chain quantum-postrouting-bottom (1 references)<br>
       pkts bytes target     prot opt in     out    
      source               destination         <br>
         10   840 quantum-l3-agent-snat  all  --  *      *      
      <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>            <a href="http://0.0.0.0/0" target="_blank">0.0.0.0/0</a>           <br>
      root@controller-desktop:~# <br>
      <br>
      <br>
      Following is the link which we used to create floating IPs.<br>
      <br>
      <b><a href="http://docs.openstack.org/trunk/openstack-network/admin/content/demo_logical_network_config.html" target="_blank">http://docs.openstack.org/trunk/openstack-network/admin/content/demo_logical_network_config.html</a></b><br>




      <br>
      Thanks,<br>
      Shyam.<br>
      <br>
    </div>
    <br>
  </div>

<br></div></div>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><span class="HOEnZb"><font color="#888888"><br><br clear="all"><div><br></div>-- <br>Ravi<br><br>
</font></span></div>
<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>Dan Wendlandt <div>Nicira, Inc: <a href="http://www.nicira.com" target="_blank">www.nicira.com</a><br><div>twitter: danwendlandt<br>

~~~~~~~~~~~~~~~~~~~~~~~~~~~<br></div></div><br>
</div>