<div dir="ltr">Alas, that didn't fix the issue.<div><br></div><div>Lorin<br><div><br></div><div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Mar 20, 2013 at 9:33 PM, Warren Wang <span dir="ltr"><<a href="mailto:warren@wangspeed.com" target="_blank">warren@wangspeed.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto"><div>Try enabling promiscuous on br100. Had the same problem in no multi mode. <br><br>--<div>Warren</div>
</div><div><div class="h5"><div><br>On Mar 20, 2013, at 9:24 PM, Lorin Hochstein <<a href="mailto:lorin@nimbisservices.com" target="_blank">lorin@nimbisservices.com</a>> wrote:<br><br></div><blockquote type="cite"><div>
<div dir="ltr">Hey all:<div><br></div><div>I'm having some trouble getting floating IPs working on a new Folsom deployment (using nova-network, FlatDHCP, no-multihost, running on Ubuntu 12.04).</div><div><br></div><div>
The short version is that nova-network does not seem to be forwarding the traffic for a floating IP. I have <span style="line-height:18px;font-size:14px;font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif"> </span><span style="line-height:18px;font-size:14px;font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif">a running instance with a fixed IP of 10.40.0.2 and a floating IP of <a href="http://10.20.0.3" target="_blank">10.20.0.3</a>:</span></div>
<div><span style="line-height:18px;font-size:14px;font-family:Arial,'Liberation Sans','DejaVu Sans',sans-serif"><br></span></div><div><div><font color="#000000" face="Arial, Liberation Sans, DejaVu Sans, sans-serif"><span style="line-height:17.99715805053711px">$ nova list</span></font></div>
<div><font color="#000000" face="Arial, Liberation Sans, DejaVu Sans, sans-serif"><span style="line-height:17.99715805053711px">+-------+---------+--------+------------------------------+</span></font></div><div><font color="#000000" face="Arial, Liberation Sans, DejaVu Sans, sans-serif"><span style="line-height:17.99715805053711px">| ID | Name | Status | Networks |</span></font></div>
<div><font color="#000000" face="Arial, Liberation Sans, DejaVu Sans, sans-serif"><span style="line-height:17.99715805053711px">+-------+---------+--------+------------------------------+</span></font></div><div><font color="#000000" face="Arial, Liberation Sans, DejaVu Sans, sans-serif"><span style="line-height:17.99715805053711px">| 3d292 | quantal | ACTIVE | private=10.40.0.2, 10.20.0.3 |</span></font></div>
<div><font color="#000000" face="Arial, Liberation Sans, DejaVu Sans, sans-serif"><span style="line-height:17.99715805053711px">+-------+---------+--------+------------------------------+</span></font></div><div><font color="#000000" face="Arial, Liberation Sans, DejaVu Sans, sans-serif"><span style="line-height:17.99715805053711px"><br>
</span></font></div><div><font color="#000000" face="Arial, Liberation Sans, DejaVu Sans, sans-serif"><span style="line-height:17.99715805053711px">The controller has a public IP address of 10.20.0.2</span></font></div>
<div><font color="#000000" face="Arial, Liberation Sans, DejaVu Sans, sans-serif"><span style="line-height:17.99715805053711px"><br></span></font></div><div><font color="#000000" face="Arial, Liberation Sans, DejaVu Sans, sans-serif"><span style="line-height:17.99715805053711px">If I'm logged in to the controller, I can ssh to the instance on both the floating and fixed IP. But if I try to connect from an external network, I can't connect to the floating IP (I'm using the no-op firewall so shouldn't be a securitiy group issue, although I've also configured to allow ping and ssh in the default group).</span></font></div>
<div><font color="#000000" face="Arial, Liberation Sans, DejaVu Sans, sans-serif"><span style="line-height:17.99715805053711px"><br></span></font></div><div><font color="#000000" face="Arial, Liberation Sans, DejaVu Sans, sans-serif"><span style="line-height:17.99715805053711px">If I do a tcpdump, I can confirm the ICMP packets destined for 10.20.0.3 are received by the controller on the public interface, but they never appear on br100, which is where they should get forwarded to. I've got IP forwarding enabled, and at this point I'm at a loss to try and dtermine what's happening.</span></font></div>
</div><div><br></div><div>I posted lots of gory details on serverfault <<a href="http://serverfault.com/questions/489893" target="_blank">http://serverfault.com/questions/489893</a>> including a link to a dump of iptables <<a href="https://gist.github.com/lorin/5209761" target="_blank">https://gist.github.com/lorin/5209761</a>>, "ip a", routing tables, etc.</div>
<div><br></div><div>Anybody have any insights here?<br clear="all"><div><br></div>-- <br><div dir="ltr">Lorin Hochstein<br><div>Lead Architect - Cloud Services</div><div>Nimbis Services, Inc.</div><div><a href="http://www.nimbisservices.com" target="_blank">www.nimbisservices.com</a></div>
</div>
</div></div>
</div></blockquote></div></div><blockquote type="cite"><div><span>_______________________________________________</span><br><span>OpenStack-operators mailing list</span><br><span><a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a></span><br>
<span><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a></span><br></div></blockquote></div></blockquote>
</div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Lorin Hochstein<br><div>Lead Architect - Cloud Services</div><div>Nimbis Services, Inc.</div><div><a href="http://www.nimbisservices.com" target="_blank">www.nimbisservices.com</a></div>
</div>
</div></div></div></div>