[Openstack] [neutron] provider router with private networks, can not ping private IP and floating IP
Kyle Mestery (kmestery)
kmestery at cisco.com
Sun Nov 17 16:59:01 UTC 2013
On Nov 17, 2013, at 2:45 AM, sylecn <sylecn at gmail.com> wrote:
>
> Thanks for the information. Now I have configured a provider router based network, with Open vSwitch GRE tunnels.
>
> Here is the network topology:
>
> external network: 172.17.0.0/16
> external network physical router: 172.17.0.1
> neutron node IP: 172.17.6.68
>
> virtual provider router: 172.17.6.70
>
> virtual subnet1: 10.0.1.0/24
>
> Now I can boot a vm instance and it got an IP from private IP pool (10.0.1.3). I can also associate a floating IP to it (172.17.6.71). But I can't ping the private ip nor the floating ip.
>
> From the neutron node, I can ping 172.17.6.70, but can't ping 10.0.1.1, 10.0.1.3, 172.17.6.71.
> So I can't ssh into the vm. My guess is something is wrong with the 10.0.1.0/24 network, but I don't know what.
>
Are you setup to use network namespaces with overlapping IP addresses? If so, each tenant network will have it's own network namespace on the node running the Neutron L3 agent. To see these, run this command:
ip netns show
>From the qdhcp-* one, you can try to ping your tenant network address:
ip netns exec qdhcp-* ping 10.0.1.3
Let me know if that helps.
Thanks,
Kyle
> I used the NoopFirewallDriver in OVS plugin, so icmp and tcp:22 are not blocked by security-group rules.
>
> Here is the current setup:
> (neutron) net-list
> +--------------------------------------+--------+----------------------------------------------------+
> | id | name | subnets |
> +--------------------------------------+--------+----------------------------------------------------+
> | a63f0950-cdea-4a6d-8312-1819113dc244 | net1 | 708f2a58-bd85-4493-b91c-a6d42c0db5e7 10.0.1.0/24 |
> | ee318d0b-74e5-43c6-92bd-abb690df3334 | extnet | 4c111c62-50f2-4332-b635-57846cf1980c 172.17.0.0/16 |
> +--------------------------------------+--------+----------------------------------------------------+
> (neutron) subnet-list
> +--------------------------------------+---------+---------------+------------------------------------------------+
> | id | name | cidr | allocation_pools |
> +--------------------------------------+---------+---------------+------------------------------------------------+
> | 4c111c62-50f2-4332-b635-57846cf1980c | extnet | 172.17.0.0/16 | {"start": "172.17.6.70", "end": "172.17.6.75"} |
> | 708f2a58-bd85-4493-b91c-a6d42c0db5e7 | subnet1 | 10.0.1.0/24 | {"start": "10.0.1.2", "end": "10.0.1.254"} |
> +--------------------------------------+---------+---------------+------------------------------------------------+
> (neutron) port-list
> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
> | id | name | mac_address | fixed_ips |
> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
> | 234b4e76-7b7a-461f-8b61-2b7c58165fd2 | | fa:16:3e:86:95:d3 | {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address": "10.0.1.1"} |
> | 35a8ab42-4f1a-4f1e-b656-ab4dd0e83725 | | fa:16:3e:44:c2:0a | {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address": "10.0.1.2"} |
> | 85f4d2d7-c92b-4bc1-b080-2b1978bb6e17 | | fa:16:3e:cd:77:17 | {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address": "10.0.1.3"} |
> | 9a24c2e9-a6da-4a24-93d4-9eef8cb0bcfa | | fa:16:3e:01:a2:ef | {"subnet_id": "4c111c62-50f2-4332-b635-57846cf1980c", "ip_address": "172.17.6.70"} |
> | f508b629-6e95-4be4-89c0-b37be3907231 | | fa:16:3e:7c:41:0a | {"subnet_id": "4c111c62-50f2-4332-b635-57846cf1980c", "ip_address": "172.17.6.71"} |
> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
> (neutron) port-show 234b4e76-7b7a-461f-8b61-2b7c58165fd2
> +-----------------------+---------------------------------------------------------------------------------+
> | Field | Value |
> +-----------------------+---------------------------------------------------------------------------------+
> | admin_state_up | True |
> | allowed_address_pairs | |
> | binding:capabilities | {"port_filter": false} |
> | binding:host_id | 172-17-6-68.yygamedev.com |
> | binding:vif_type | ovs |
> | device_id | c5b513fa-6d6a-476f-bfc0-2114954a15aa |
> | device_owner | network:router_interface |
> | extra_dhcp_opts | |
> | fixed_ips | {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address": "10.0.1.1"} |
> | id | 234b4e76-7b7a-461f-8b61-2b7c58165fd2 |
> | mac_address | fa:16:3e:86:95:d3 |
> | name | |
> | network_id | a63f0950-cdea-4a6d-8312-1819113dc244 |
> | status | ACTIVE |
> | tenant_id | 860483f3ceeb43aab4d1f0e8f76b4064 |
> +-----------------------+---------------------------------------------------------------------------------+
> (neutron)
> root at 172-17-6-68:/etc/neutron# nova list
> +--------------------------------------+------+--------+------------+-------------+----------------------------+
> | ID | Name | Status | Task State | Power State | Networks |
> +--------------------------------------+------+--------+------------+-------------+----------------------------+
> | ec214f0b-eede-421e-9036-a1b56bff3c37 | c1 | ACTIVE | None | Running | net1=10.0.1.3, 172.17.6.71 |
> +--------------------------------------+------+--------+------------+-------------+----------------------------+
>
>
More information about the Openstack
mailing list