<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;">
<div>OpenStack Liberty</div>
<div>Ubuntu 14.04</div>
<div><br>
</div>
<div>I have a little strange problem, I’m running a Swift cluster but the proxy nodes reside in a OpenStack tenant. The private network of the tenant is connected to a ha-router on the external storage network.</div>
<div><br>
</div>
<div>Now this used to work like a charm, where all my 3 proxy nodes within the tenant were able to connect to the storage network and the ports on each of the Swift nodes, but all of the sudden I lost the connectivity from 2 and now if I spin up new instances
within the project I can not connect to the swift nodes, but still I can connect from this only proxy.</div>
<div><br>
</div>
<div>I can ping the swift nodes but can not connect to any open ports, [6000/2, 22, etc], here is where it gets a little I have a none swift node on the network that I can connect to with out problems, the swift nodes are not running a firewall.</div>
<div><br>
</div>
<div>
<div>root@swift-01:~# iptables -L</div>
<div>Chain INPUT (policy ACCEPT)</div>
<div>target prot opt source destination</div>
<div><br>
</div>
<div>Chain FORWARD (policy ACCEPT)</div>
<div>target prot opt source destination</div>
<div><br>
</div>
<div>Chain OUTPUT (policy ACCEPT)</div>
<div>target prot opt source destination</div>
</div>
<div><br>
</div>
<div>The nodes belong to the default security group which has the following rules</div>
<div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>Ingress<span class="Apple-tab-span" style="white-space:pre">
</span>IPv6<span class="Apple-tab-span" style="white-space:pre"> </span>Any<span class="Apple-tab-span" style="white-space:pre">
</span>Any<span class="Apple-tab-span" style="white-space:pre"> </span>-<span class="Apple-tab-span" style="white-space:pre">
</span>default<span class="Apple-tab-span" style="white-space:pre"> </span>Delete Rule</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>Egress<span class="Apple-tab-span" style="white-space:pre">
</span>IPv4<span class="Apple-tab-span" style="white-space:pre"> </span>Any<span class="Apple-tab-span" style="white-space:pre">
</span>Any<span class="Apple-tab-span" style="white-space:pre"> </span>0.0.0.0/0<span class="Apple-tab-span" style="white-space:pre">
</span>-<span class="Apple-tab-span" style="white-space:pre"> </span>Delete Rule</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>Egress<span class="Apple-tab-span" style="white-space:pre">
</span>IPv6<span class="Apple-tab-span" style="white-space:pre"> </span>Any<span class="Apple-tab-span" style="white-space:pre">
</span>Any<span class="Apple-tab-span" style="white-space:pre"> </span>::/0<span class="Apple-tab-span" style="white-space:pre">
</span>-<span class="Apple-tab-span" style="white-space:pre"> </span>Delete Rule</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>Ingress<span class="Apple-tab-span" style="white-space:pre">
</span>IPv4<span class="Apple-tab-span" style="white-space:pre"> </span>Any<span class="Apple-tab-span" style="white-space:pre">
</span>Any<span class="Apple-tab-span" style="white-space:pre"> </span>-<span class="Apple-tab-span" style="white-space:pre">
</span>default<span class="Apple-tab-span" style="white-space:pre"> </span>Delete Rule</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>Ingress<span class="Apple-tab-span" style="white-space:pre">
</span>IPv4<span class="Apple-tab-span" style="white-space:pre"> </span>ICMP<span class="Apple-tab-span" style="white-space:pre">
</span>Any<span class="Apple-tab-span" style="white-space:pre"> </span>0.0.0.0/0<span class="Apple-tab-span" style="white-space:pre">
</span>-<span class="Apple-tab-span" style="white-space:pre"> </span>Delete Rule</div>
<div><span class="Apple-tab-span" style="white-space:pre"></span>Ingress<span class="Apple-tab-span" style="white-space:pre">
</span>IPv4<span class="Apple-tab-span" style="white-space:pre"> </span>TCP<span class="Apple-tab-span" style="white-space:pre">
</span>22 (SSH)<span class="Apple-tab-span" style="white-space:pre"> </span>0.0.0.0/0<span class="Apple-tab-span" style="white-space:pre">
</span>-</div>
</div>
<div><br>
</div>
<div>I created a new project and set up a router against the storage network in the same manner as my previous project and instances within that project can connect to ports on all servers running on the storage network.</div>
<div><br>
</div>
<div>On one of the network nodes I ran "ip netns exec qrouter-dfa2bdc2-7482-42c4-b166-515849119428 bash” (the router in the faulty project) and tried to ping and telnet to the ports on the swift hosts without luck.</div>
<div><br>
</div>
<div>Any ideas on where to go next for troubleshooting ?</div>
<div>
<div id="MAC_OUTLOOK_SIGNATURE"></div>
</div>
</body>
</html>