<div dir="ltr">George,<div><br></div><div>My issue has been resolved. The conflict was created by the local virbr0 interface's nat rules. After removing this interface from my compute node all looks good now.</div><div><br></div><div>Thanks for your help</div><div>Paras.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Nov 3, 2014 at 10:01 AM, Paras pradhan <span dir="ltr"><<a href="mailto:pradhanparas@gmail.com" target="_blank">pradhanparas@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">George,<div><br></div><div>Disabled nat on the compute node and now I can ping/ssh to the instance using the floating. Do you see anything wrong the nat rules here <a href="http://paste.openstack.org/show/128754/" target="_blank">http://paste.openstack.org/show/128754/</a> ?</div><div><br></div><div>Thanks</div><span class="HOEnZb"><font color="#888888"><div>Paras.</div></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Oct 31, 2014 at 6:20 AM, George Shuklin <span dir="ltr"><<a href="mailto:george.shuklin@gmail.com" target="_blank">george.shuklin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>I was wrong, sorry. Floatings assigned
as /32 on external interface inside network namespace. The signle
idea I have now - is try to remove all iptables with NAT (it's
destructive up to moment of network node reboot or router
delete/create), and check out if address will reply to ping.<br>
<br>
If 'yes' - means problems in routing/nat<br>
If 'no' - means problem are outside openstack router (external
net, provider routing, etc).<div><div><br>
<br>
On 10/29/2014 06:23 PM, Paras pradhan wrote:<br>
</div></div></div><div><div>
<blockquote type="cite">
<div dir="ltr">Hi George,
<div><br>
</div>
<div><br>
</div>
<div>You mean .193 and .194 should be in the different subnets?
<a href="http://192.168.122.193/24" target="_blank">192.168.122.193/24</a>
reserved from the allocation pool and <a href="http://192.168.122.194/32" target="_blank">192.168.122.194/32</a>
is the floating ip.</div>
<div><br>
</div>
<div>Here are the outputs for the commands</div>
<div><br>
</div>
<div><b>neutron port-list
--device-id=8725dd16-8831-4a09-ae98-6c5342ea501f<br>
</b></div>
<div>
<p>+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+</p>
<p>| id | name |
mac_address | fixed_ips
|</p>
<p>+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+</p>
<p>| 6f835de4-c15b-44b8-9002-160ff4870643 | |
fa:16:3e:85:dc:ee | {"subnet_id":
"0189699c-8ffc-44cb-aebc-054c8d6001ee", "ip_address":
"192.168.122.193"} |</p>
<p>| be3c4294-5f16-45b6-8c21-44b35247d102 | |
fa:16:3e:72:ae:da | {"subnet_id":
"d01a6522-063d-40ba-b4dc-5843177aab51", "ip_address":
"10.10.0.1"} |</p>
<p>+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+</p>
</div>
<div><br>
</div>
<div>
<p><b>neutron floatingip-list</b></p>
<p>+--------------------------------------+------------------+---------------------+--------------------------------------+</p>
<p>| id |
fixed_ip_address | floating_ip_address | port_id
|</p>
<p>+--------------------------------------+------------------+---------------------+--------------------------------------+</p>
<p>| 55b00e9c-5b79-4553-956b-e342ae0a430a |
10.10.0.9 | 192.168.122.194 |
82bcbb91-827a-41aa-9dd9-cb7a4f8e7166 |<br>
</p>
<p>+--------------------------------------+------------------+---------------------+--------------------------------------+</p>
</div>
<div><br>
</div>
<div>
<p><b>neutron net-list</b></p>
<p>+--------------------------------------+----------+-------------------------------------------------------+</p>
<p>| id | name
| subnets |</p>
<p>+--------------------------------------+----------+-------------------------------------------------------+</p>
<p>| dabc2c18-da64-467b-a2ba-373e460444a7 | demo-net
| d01a6522-063d-40ba-b4dc-5843177aab51 <a href="http://10.10.0.0/24" target="_blank">10.10.0.0/24</a>
|</p>
<p>| ceaaf189-5b6f-4215-8686-fbdeae87c12d | ext-net
| 0189699c-8ffc-44cb-aebc-054c8d6001ee <a href="http://192.168.122.0/24" target="_blank">192.168.122.0/24</a>
|</p>
<p>+--------------------------------------+----------+-------------------------------------------------------+</p>
<p><br>
</p>
<p><b>neutron subnet-list</b></p>
<p>+--------------------------------------+-------------+------------------+--------------------------------------------------------+</p>
<p>| id | name
| cidr | allocation_pools
|</p>
<p>+--------------------------------------+-------------+------------------+--------------------------------------------------------+</p>
<p>| d01a6522-063d-40ba-b4dc-5843177aab51 |
demo-subnet | <a href="http://10.10.0.0/24" target="_blank">10.10.0.0/24</a> |
{"start": "10.10.0.2", "end": "10.10.0.254"} |</p>
<p>| 0189699c-8ffc-44cb-aebc-054c8d6001ee |
ext-subnet | <a href="http://192.168.122.0/24" target="_blank">192.168.122.0/24</a> |
{"start": "192.168.122.193", "end": "192.168.122.222"} |</p>
<p>
</p>
<p>+--------------------------------------+-------------+------------------+--------------------------------------------------------+</p>
<p><br>
</p>
<p>P.S: External subnet is <a href="http://192.168.122.0/24" target="_blank">192.168.122.0/24</a> and
internal vm instance's subnet is <a href="http://10.10.0.0/24" target="_blank">10.10.0.0/24</a></p>
<p><br>
</p>
<p>Thanks</p>
<p>Paras.</p>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Oct 27, 2014 at 5:51 PM, George
Shuklin <span dir="ltr"><<a href="mailto:george.shuklin@gmail.com" target="_blank">george.shuklin@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <br>
I don't like this:<span><br>
<br>
15: qg-d351f21a-08: <BROADCAST,UP,LOWER_UP> mtu
1500 qdisc noqueue state UNKNOWN group default <br>
inet <a href="http://192.168.122.193/24" target="_blank">192.168.122.193/24</a>
brd 192.168.122.255 scope global qg-d351f21a-08<br>
valid_lft forever preferred_lft forever<br>
inet <a href="http://192.168.122.194/32" target="_blank">192.168.122.194/32</a>
brd 192.168.122.194 scope global qg-d351f21a-08<br>
valid_lft forever preferred_lft forever<br>
<br>
</span> Why you got two IPs on same interface with
different netmasks?<br>
<br>
I just rechecked it on our installations - it should not
be happens.<br>
<br>
Next: or this is a bug, or this is uncleaned network node
(lesser bug), or someone messing with neutron.<br>
<br>
Starts from neutron:<br>
<br>
show ports for router:<br>
<br>
neutron port-list --device-id=router-uuid-here<br>
neutron floatingips-list<br>
neutron net-list<br>
neutron subnet-list<br>
(trim to related only)<br>
<br>
(and please mark again who is 'internet' and who is
'internal' ips, i'm kinda loosing in '192.168.*'.
<div>
<div><br>
<br>
<br>
<div>On 10/27/2014 04:47 PM, Paras pradhan wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr"><b>Yes it got its ip which is
192.168.122.194 in the paste below.</b>
<div><br>
</div>
<div>--<br>
<div><br>
</div>
<div>
<p>root@juno2:~# ip netns exec
qrouter-34f3b828-b7b8-4f44-b430-14d9c5bd0d0c
ip -4 a</p>
<p>1: lo: <LOOPBACK,UP,LOWER_UP> mtu
65536 qdisc noqueue state UNKNOWN group
default </p>
<p> inet <a href="http://127.0.0.1/8" target="_blank">127.0.0.1/8</a>
scope host lo</p>
<p> valid_lft forever preferred_lft
forever</p>
<p>14: qr-ac50d700-29:
<BROADCAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UNKNOWN group default </p>
<p> inet <a href="http://50.50.50.1/24" target="_blank">50.50.50.1/24</a> brd
50.50.50.255 scope global qr-ac50d700-29</p>
<p> valid_lft forever preferred_lft
forever</p>
<p>15: qg-d351f21a-08:
<BROADCAST,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UNKNOWN group default </p>
<p> inet <a href="http://192.168.122.193/24" target="_blank">192.168.122.193/24</a> brd
192.168.122.255 scope global qg-d351f21a-08</p>
<p> valid_lft forever preferred_lft
forever</p>
<p> inet <a href="http://192.168.122.194/32" target="_blank">192.168.122.194/32</a> brd
192.168.122.194 scope global qg-d351f21a-08</p>
<p> valid_lft forever preferred_lft
forever</p>
<p>---</p>
<p><b><span style="font-family:arial,sans-serif;font-size:13px">stdbuf
-e0 -o0 ip net exec qrouter... /bin/bash
give me the following</span><br>
</b></p>
<p><span style="font-family:arial,sans-serif;font-size:13px"><br>
</span></p>
<p><span style="font-family:arial,sans-serif;font-size:13px">--</span></p>
<p><br>
</p>
<p>root@juno2:~# ifconfig </p>
<p>lo Link encap:Local Loopback </p>
<p> inet addr:127.0.0.1
Mask:255.0.0.0</p>
<p> inet6 addr: ::1/128 Scope:Host</p>
<p> UP LOOPBACK RUNNING MTU:65536
Metric:1</p>
<p> RX packets:2 errors:0 dropped:0
overruns:0 frame:0</p>
<p> TX packets:2 errors:0 dropped:0
overruns:0 carrier:0</p>
<p> collisions:0 txqueuelen:0 </p>
<p> RX bytes:168 (168.0 B) TX
bytes:168 (168.0 B)</p>
<p><br>
</p>
<p>qg-d351f21a-08 Link encap:Ethernet HWaddr
fa:16:3e:79:0f:a2 </p>
<p> inet addr:192.168.122.193
Bcast:192.168.122.255 Mask:255.255.255.0</p>
<p> inet6 addr:
fe80::f816:3eff:fe79:fa2/64 Scope:Link</p>
<p> UP BROADCAST RUNNING MTU:1500
Metric:1</p>
<p> RX packets:2673 errors:0
dropped:0 overruns:0 frame:0</p>
<p> TX packets:112 errors:0 dropped:0
overruns:0 carrier:0</p>
<p> collisions:0 txqueuelen:0 </p>
<p> RX bytes:205377 (205.3 KB) TX
bytes:6537 (6.5 KB)</p>
<p><br>
</p>
<p>qr-ac50d700-29 Link encap:Ethernet HWaddr
fa:16:3e:7e:6d:f3 </p>
<p> inet addr:50.50.50.1
Bcast:50.50.50.255 Mask:255.255.255.0</p>
<p> inet6 addr:
fe80::f816:3eff:fe7e:6df3/64 Scope:Link</p>
<p> UP BROADCAST RUNNING MTU:1500
Metric:1</p>
<p> RX packets:345 errors:0 dropped:0
overruns:0 frame:0</p>
<p> TX packets:1719 errors:0
dropped:0 overruns:0 carrier:0</p>
<p> collisions:0 txqueuelen:0 </p>
<p> </p>
<p> RX bytes:27377 (27.3 KB) TX
bytes:164541 (164.5 KB)</p>
<p>--</p>
<p><br>
</p>
<p>Thanks</p>
<p>Paras.</p>
<p><br>
</p>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Oct 25, 2014 at
3:18 AM, George Shuklin <span dir="ltr"><<a href="mailto:george.shuklin@gmail.com" target="_blank">george.shuklin@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> Check
out if qrouter got floating inside network
namespace (ip net exec qrouter... ip -4 a),
or just bash in to it (stdbuf -e0 -o0 ip net
exec qrouter... /bin/bash) and play with it
like with normal server.
<div>
<div><br>
<br>
<br>
<div>On 10/24/2014 07:38 PM, Paras
pradhan wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">Hello,
<div><br>
</div>
<div>Assigned a floating ip to an
instance. But I can't ping the
instance. This instance can reach
internet with no problem. But I
can't ssh or icmp to this
instance. Its not a security group
issue. </div>
<div><br>
</div>
<div>On my network node that runs
l3, I can see qrouter. The extenel
subnet looks like this:</div>
<div><br>
</div>
<div>
<p>allocation-pool
start=192.168.122.193,end=192.168.122.222
--disable-dhcp --gateway
192.168.122.1 <a href="http://192.168.122.0/24" target="_blank">192.168.122.0/24</a></p>
<p>I can ping 192.168.122.193
using: ip netns exec
qrouter-34f3b828-b7b8-4f44-b430-14d9c5bd0d0c
ping 192.168.122.193</p>
<p>but not 192.168.122.194 (which
is the floating ip)</p>
<p>Doing tcp dump on the interace
that connects to the external
world, I can see ICMP request
but not reply from the interface
:</p>
<p><br>
</p>
<p>11:36:40.360255 IP
192.168.122.1 > <a href="http://192.168.122.194" target="_blank">192.168.122.194</a>:
ICMP echo request, id 2589, seq
312, length 64</p>
<p> </p>
<p>11:36:41.360222 IP
192.168.122.1 > <a href="http://192.168.122.194" target="_blank">192.168.122.194</a>:
ICMP echo request, id 2589, seq
313, length 64</p>
<p><br>
</p>
<p>Ideas?</p>
<p>Thanks</p>
<p>Paras.</p>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<pre>_______________________________________________
OpenStack-operators mailing list
<a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a>
</pre>
</blockquote>
<br>
</div>
<br>
_______________________________________________<br>
OpenStack-operators mailing list<br>
<a href="mailto:OpenStack-operators@lists.openstack.org" target="_blank">OpenStack-operators@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>