<div dir="ltr"><div><div><div><div><div>Hi Andreas,<br><br></div>Your guess is right,i forgot to add  rules to permit ICMP (ping)  :)<br></div>Everything is working as expected now.<br><br></div>thank you very much for your response<br><br></div>regards,<br></div>Hamza<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-06-29 14:42 GMT+01:00 Andreas Scheuring <span dir="ltr"><<a href="mailto:scheuran@linux.vnet.ibm.com" target="_blank">scheuran@linux.vnet.ibm.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Your setup looks fine.<br>
<br>
Please check your security groups configuration. There should be a rule<br>
that allows icmp traffic outside to have a guest pinging out to the<br>
router. And a rule to allow ingress icmp if you want to ping a guest<br>
from the outside world!<br>
<br>
<br>
<br>
In addition, you can debug thing with the following commands:<br>
<br>
> ip netns show<br>
<br>
--> should give you a list of all network namepsace available. There<br>
should be one called "qrouter...." which represents your router.<br>
<br>
<br>
> ip netns exec <netnwor-namepspace> ip a<br>
<br>
You should see two interfaces there, one qg with your external router<br>
ip, one qr with the internal router ip<br>
<br>
You should also be able to execute ping from there to test if you can<br>
reach some external node and an internal instance<br>
<br>
> ip netns exec <netnwor-namepspace> ping <ip><br>
<br>
<br>
<br>
Hope that helps<br>
<br>
Andreas<br>
<div><div class="h5"><br>
<br>
<br>
On Mo, 2015-06-29 at 11:20 +0100, achi hara wrote:<br>
> Hi guys,<br>
><br>
> I have installed juno openstack installation on Ubuntu 14.04. After<br>
> creating the router through neutron API with two interface , I am NOT<br>
> able to ping my external network. Router's external interface/gateway<br>
> status is DOWN.<br>
><br>
> I am adding my content of /etc/neutron/plugins/ml2/ml2_conf.ini of the<br>
> network node:<br>
><br>
> [ml2]<br>
> type_drivers=flat,gre<br>
> tenant_network_types=gre<br>
> mechanism_drivers=openvswitch<br>
><br>
> [ml2_type_flat]<br>
> flat_networks=External<br>
><br>
> [ml2_type_vlan]<br>
><br>
> [ml2_type_gre]<br>
> tunnel_id_ranges=1:1000<br>
><br>
> [ml2_type_vxlan]<br>
><br>
> [securitygroup]<br>
> firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver<br>
> enable_ipset=True<br>
> enable_security_group=True<br>
><br>
> [ovs]<br>
> bridge_mappings=External:br-ex<br>
> enable_tunneling=True<br>
> local_ip=10.20.20.52<br>
><br>
> [agent]<br>
> tunnel_types=gre<br>
><br>
><br>
> The content of /etc/neutron/l3_agent.ini of the network node<br>
><br>
> [DEFAULT]<br>
> verbose=True<br>
> router_delete_namespaces=True<br>
> interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver<br>
> use_namespaces=True<br>
> external_network_bridge=br-ex<br>
><br>
><br>
> Content of ovs-vsctl show  after creating the bridges<br>
><br>
> ubuntu@network01:~$ sudo ovs-vsctl show<br>
> f7d6ee0f-3107-4011-910f-420b925068c4<br>
>     Bridge br-int<br>
>         fail_mode: secure<br>
>         Port int-br-tun<br>
>             Interface int-br-tun<br>
>                 type: patch<br>
>                 options: {peer=phy-br-tun}<br>
>         Port int-br-ex<br>
>             Interface int-br-ex<br>
>                 type: patch<br>
>                 options: {peer=phy-br-ex}<br>
>         Port "qr-648090f8-6d"<br>
>             tag: 1<br>
>             Interface "qr-648090f8-6d"<br>
>                 type: internal<br>
>         Port br-int<br>
>             Interface br-int<br>
>                 type: internal<br>
>         Port "tapad7609c0-2f"<br>
>             tag: 1<br>
>             Interface "tapad7609c0-2f"<br>
>                 type: internal<br>
>         Port patch-tun<br>
>             Interface patch-tun<br>
>                 type: patch<br>
>                 options: {peer=patch-int}<br>
>     Bridge br-tun<br>
>         fail_mode: secure<br>
>         Port "gre-0a141435"<br>
>             Interface "gre-0a141435"<br>
>                 type: gre<br>
>                 options: {df_default="true", in_key=flow,<br>
> local_ip="10.20.20.52", out_key=flow, remote_ip="10.20.20.53"}<br>
>         Port patch-int<br>
>             Interface patch-int<br>
>                 type: patch<br>
>                 options: {peer=patch-tun}<br>
>         Port br-tun<br>
>             Interface br-tun<br>
>                 type: internal<br>
>         Port "gre-c0a8019a"<br>
>             Interface "gre-c0a8019a"<br>
>                 type: gre<br>
>                 options: {df_default="true", in_key=flow,<br>
> local_ip="10.20.20.52", out_key=flow, remote_ip="192.168.1.154"}<br>
>     Bridge br-ex<br>
>         Port br-ex<br>
>             Interface br-ex<br>
>                 type: internal<br>
>         Port phy-br-ex<br>
>             Interface phy-br-ex<br>
>                 type: patch<br>
>                 options: {peer=int-br-ex}<br>
>         Port "qg-4be112a4-08"<br>
>             Interface "qg-4be112a4-08"<br>
>                 type: internal<br>
>         Port "p3p2"<br>
>             Interface "p3p2"<br>
>     ovs_version: "2.0.2"<br>
><br>
><br>
> External network added by following commands:<br>
><br>
> neutron net-create ext-net --router:external True<br>
> --provider:physical_network External --provider:network_type flat<br>
><br>
> neutron subnet-create ext-net --name ext-subnet --allocation-pool<br>
> start=10.1.166.101,end=10.1.166.200 --disable-dhcp --gateway 10.1.0.1<br>
> <a href="http://10.1.0.0/16" rel="noreferrer" target="_blank">10.1.0.0/16</a><br>
><br>
><br>
><br>
> Any help please ??<br>
><br>
><br>
> thanks<br>
><br>
> Hamza<br>
><br>
</div></div>> _______________________________________________<br>
> OpenStack-operators mailing list<br>
> <a href="mailto:OpenStack-operators@lists.openstack.org">OpenStack-operators@lists.openstack.org</a><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Andreas<br>
(IRC: scheuran)<br>
<br>
<br>
</font></span></blockquote></div><br></div>