[Openstack] Strange network behavior
Vishvananda Ishaya
vishvananda at gmail.com
Fri Nov 9 19:56:59 UTC 2012
What is the ip address of your workstation? You may be running into something similar to this issue:
http://lists.openstack.org/pipermail/openstack-dev/2012-September/001212.html
I suspect either:
a) Traffic not getting snatted when it should. This is usually due to overlapping ranges between your internal network and fixed_range
this would be fixed by limiting fixed_range in your config file to just the instances range: (fixed_range=10.0.41.0/24 ?)
or
b) Traffic getting snatted when it shouldn't. This is usually because your workstation ip is on an ip that is internally routable but not routable from the external network of the compute host, so it can't get back to the snatted ip
this is fixed by stopping snatting to the workstation by setting dmz_cidr to a value that includes your workstation network: (dmz_cidr=10.0.0.0/24 ?)
Vish
On Nov 9, 2012, at 9:14 AM, Joe Warren-Meeks <joe.warren.meeks at gmail.com> wrote:
> Hi all,
>
> I've managed to get Openstack pretty much up and running as I wanted it. I do have, however, a rather strange networking issue.
>
> I created the network with
> nova-manage network create --fixed_range_v4=10.0.41.0/24 --num_networks=1 --bridge=br41 --bridge_interface=eth0 --label=development --gateway=10.0.41.1 --dns1=10.0.0.2 --vlan=41 --project_id=XXXXXXX
>
> And i can boot instances fine. I've configured the default security group to allow port 22, 80 and ICMP -1 in and I can ping from my work station to the virtual instance ok:
>
> joe at kaneda:~$ ping 10.0.41.3
> PING 10.0.41.3 (10.0.41.3) 56(84) bytes of data.
> 64 bytes from 10.0.41.3: icmp_req=1 ttl=63 time=1.18 ms
>
> And i can ping from the virt back too:
> ubuntu at test:~$ ping 10.0.0.240
> PING 10.0.0.240 (10.0.0.240) 56(84) bytes of data.
> 64 bytes from 10.0.0.240: icmp_req=1 ttl=64 time=0.713 ms
>
>
> I can SSH out from the virt to a host in the outside world fine:
> ubuntu at test:~$ ssh joe at XXXXX
> joe at XXXXXX password:
> -bash: fortune: command not found
> joe at dixon:~ $
>
> BUT I can't ssh from the virt to my workstation, nor from my workstation to the Virt. Neither does http work.
>
> What I am seeing in Tcpdump is a lot of incorrect cksums. This happens with all Tcp connections.
>
> 17:12:38.539784 IP (tos 0x0, ttl 64, id 53611, offset 0, flags [DF], proto TCP (6), length 60)
> 10.0.0.240.56791 > 10.0.41.3.22: Flags [S], cksum 0x3e21 (incorrect -> 0x6de2), seq 2650163743, win 14600, options [mss 1460,sackOK,TS val 28089204 ecr 0,nop,wscale 6], length 0
>
>
> 17:12:38.585279 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
> 10.0.41.3.22 > 10.0.0.240.56791: Flags [S.], cksum 0x3e21 (incorrect -> 0xe5c5), seq 1530502549, ack 3098447117, win 14480, options [mss 1460,sackOK,TS val 340493 ecr 28089204,nop,wscale 3], length 0
>
> Anyone come across this before?
>
> -- joe.
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121109/eddb04de/attachment.html>
More information about the Openstack
mailing list