<div dir="ltr"><div><div>Problem solved.<br><br></div>In this test/lab cloud, we're using vmware to host the network node. Putting the esx's virtual switch in promiscuous mode did the trick.<br><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, May 5, 2015 at 3:54 PM, Gustavo Randich <span dir="ltr"><<a href="mailto:gustavo.randich@gmail.com" target="_blank">gustavo.randich@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><span><span></span></span></div><span><span>Hi everybody,<br><br>I've just configuerd DVR in Kilo. Everything is fine, except that instances with no floating-ip cannot reach external network.<br></span></span><br><span><span><span><span>NETWORKS<br></span></span></span></span><div style="margin-left:40px"><span><span>neutron net-create ext-net1 --router:external --provider:physical_network external --provider:network_type flat</span></span><br><span><span>neutron subnet-create ext-net1 <a href="http://10.180.0.0/16" target="_blank">10.180.0.0/16</a> --name ext-subnet1 --allocation-pool start=10.180.100.1,end=10.180.100.100 --disable-dhcp --gateway 10.180.255.254</span></span><br><span><span>neutron net-create demo-net</span></span><br><span><span>neutron subnet-create demo-net <a href="http://10.0.1.0/24" target="_blank">10.0.1.0/24</a> --name demo-subnet --gateway 10.0.1.1</span></span><br><span><span>neutron router-create demo-router</span></span><br><span><span>neutron router-interface-add demo-router demo-subnet</span></span><br><span><span>neutron router-gateway-set demo-router ext-net1</span></span><br></div><div style="margin-left:40px"><span><span></span></span></div><span><span><br></span></span><span><span>I suspect the cause of the problem is that the SNAT namespace in my Network Node cannot reach the external network's gateway. Should the SNAT namespace in Network Node "see" the external network gateway via de "qg" interface? E.g.:<br><br></span></span><div style="margin-left:40px"><span><span># ip netns exec snat-e6284aff-67eb-4c0b-9983-b7c9e0a0cbbc ping -I qg-fcdb6430-0c 10.180.255.254</span></span><br></div><div style="margin-left:40px"><span><span></span></span></div><div style="margin-left:40px"><span><span>...</span></span><br></div><div style="margin-left:40px"><span><span></span></span></div></div><div><div style="margin-left:40px"><span><span>2 packets transmitted, 0 received, 100% packet loss, time 1007ms</span></span><br></div><div style="margin-left:40px"><span><span></span></span></div><span><span><br></span></span></div><div><span><span>I can see the ARP request on the network node's physical interface, but no reply.<br></span></span></div><div><br><div style="margin-left:40px"><span><span><span><span># tcpdump -envi eth0 arp or icmp</span></span></span></span><br><span><span><span><span>14:09:29.500350
fa:16:3e:3b:d2:67 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length
42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.180.255.254 tell
10.180.100.1, length 28</span></span></span></span><br><span><span><span><span>14:09:30.500494 fa:16:3e:3b:d2:67 >
ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6),
IPv4 (len 4), Request who-has 10.180.255.254 tell 10.180.100.1, length
28</span></span></span></span><br><span><span><span><span>...</span></span></span></span><br><span><span><span><span></span></span><span><span>(NO REPLY)</span></span></span></span><br><br></div>Thanks!<br><br></div><div><div style="margin-left:40px"><span><span><span><span></span></span></span></span></div><span><span><br></span></span><span><span>NETWORK NODE SNAT NAMESPACE<br></span></span><div style="margin-left:40px"><span><span># ip netns exec snat-e6284aff-67eb-4c0b-9983-b7c9e0a0cbbc ip a</span></span><br><span><span>...</span></span><br><span><span>9: sg-f7ee7649-81: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default</span></span><br><span><span> link/ether fa:16:3e:0e:2d:37 brd ff:ff:ff:ff:ff:ff</span></span><br><span><span> inet <a href="http://10.0.1.3/24" target="_blank">10.0.1.3/24</a> brd 10.0.1.255 scope global sg-f7ee7649-81</span></span><br><span><span> valid_lft forever preferred_lft forever</span></span><br><span><span> inet6 fe80::f816:3eff:fe0e:2d37/64 scope link</span></span><br><span><span> valid_lft forever preferred_lft forever</span></span><br><span><span>10: qg-fcdb6430-0c: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default</span></span><br><span><span> link/ether fa:16:3e:3b:d2:67 brd ff:ff:ff:ff:ff:ff</span></span><br><span><span> inet <a href="http://10.180.100.1/16" target="_blank">10.180.100.1/16</a> brd 10.180.255.255 scope global qg-fcdb6430-0c</span></span><br><span><span> valid_lft forever preferred_lft forever</span></span><br><span><span> inet6 fe80::f816:3eff:fe3b:d267/64 scope link</span></span><br><span><span> valid_lft forever preferred_lft forever</span></span><br><span><span></span></span><br><span><span># ip netns exec snat-e6284aff-67eb-4c0b-9983-b7c9e0a0cbbc arp -an</span></span><br><span><span>...</span></span><br><span><span>? (10.180.255.254) at <incomplete> on qg-fcdb6430-0c</span></span><br><span><span></span></span><br></div><div style="margin-left:40px"><span><span></span></span></div><span><span><br><br></span></span></div></div>
</blockquote></div><br></div>