[Openstack] [neutron] provider router with private networks, can not ping private IP and floating IP
sylecn
sylecn at gmail.com
Mon Nov 18 04:51:56 UTC 2013
Hi Remo,
That is a good point.
I am using the CirrOS 0.3.1 image to boot a vm. I notice in "nova
console-log" output, ifconfig eth0 did not get the fixed ip.
Does that mean dhcp-agent is not working correctly? I see no relavant error
log in dhcp-agent.
I have google this error log in dhcp-agent is harmless:
2013-11-18 10:13:35.379 7848 ERROR neutron.common.legacy [-] Skipping
unknown group key: firewall_driver
How can I make sure dhcp agent is working?
Here is part of the console log:
=====================
info: initramfs: up at 1.04
GROWROOT: CHANGED: partition=1 start=16065 old: size=64260 end=80325 new:
size=2072385,end=2088450
info: initramfs loading root from /dev/vda1
info: /etc/init.d/rc.sysinit: up at 1.39
Starting logging: OK
Initializing random number generator... done.
Starting acpid: OK
cirros-ds 'local' up at 1.69
no results found for mode=local. up 1.81. searched: nocloud configdrive ec2
Starting network...
udhcpc (v1.20.1) started
Sending discover...
Sending discover...
Sending discover...
No lease, failing
WARN: /etc/rc3.d/S40-network failed
cirros-ds 'net' up at 182.16
checking http://169.254.169.254/2009-04-04/instance-id
failed 1/20: up 182.21. request failed
failed 2/20: up 184.36. request failed
failed 3/20: up 186.38. request failed
failed 4/20: up 188.40. request failed
failed 5/20: up 190.42. request failed
failed 6/20: up 192.45. request failed
failed 7/20: up 194.47. request failed
failed 8/20: up 196.49. request failed
failed 9/20: up 198.51. request failed
failed 10/20: up 200.53. request failed
failed 11/20: up 202.55. request failed
failed 12/20: up 204.57. request failed
failed 13/20: up 206.59. request failed
failed 14/20: up 208.61. request failed
failed 15/20: up 210.63. request failed
failed 16/20: up 212.65. request failed
failed 17/20: up 214.67. request failed
failed 18/20: up 216.69. request failed
failed 19/20: up 218.71. request failed
failed 20/20: up 220.73. request failed
failed to read iid from metadata. tried 20
no results found for mode=net. up 222.75. searched: nocloud configdrive ec2
failed to get instance-id of datasource
Starting dropbear sshd: generating rsa key... generating dsa key... OK
=== network info ===
if-info: lo,up,127.0.0.1,8,::1
if-info: eth0,up,,8,fe80::f816:3eff:fe65:1633
=== datasource: None None ===
=== cirros: current=0.3.1 uptime=223.30 ===
route: fscanf
=== pinging gateway failed, debugging connection ===
############ debug start ##############
### /etc/init.d/sshd start
Starting dropbear sshd: OK
route: fscanf
### ifconfig -a
eth0 Link encap:Ethernet HWaddr FA:16:3E:65:16:33
inet6 addr: fe80::f816:3eff:fe65:1633/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2152 (2.1 KiB) TX bytes:902 (902.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:12 errors:0 dropped:0 overruns:0 frame:0
TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1020 (1020.0 B) TX bytes:1020 (1020.0 B)
### route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
route: fscanf
### cat /etc/resolv.conf
cat: can't open '/etc/resolv.conf': No such file or directory
### gateway not found
/sbin/cirros-status: line 1: can't open /etc/resolv.conf: no such file
### pinging nameservers
### uname -a
Linux cirros 3.2.0-37-virtual #58-Ubuntu SMP Thu Jan 24 15:48:03 UTC 2013
x86_64 GNU/Linux
On Mon, Nov 18, 2013 at 9:53 AM, Remo Mattei <remo at mattei.org> wrote:
> You could chk if your vm has the ip do not chk from the dashboard because
> you may see the ip but the vm may not have it.
>
> Let us know
>
> Inviato da iPhone ()
>
> Il giorno Nov 17, 2013, alle ore 17:24, sylecn <sylecn at gmail.com> ha
> scritto:
>
> I have enabled namespace, but I did not use overlapping IP addresses so
> far.
>
> Here is the result of the netns command:
>
> root at 172-17-6-68:/var/log/neutron# ip netns show
> qrouter-c5b513fa-6d6a-476f-bfc0-2114954a15aa
> qdhcp-a63f0950-cdea-4a6d-8312-1819113dc244
> root at 172-17-6-68:/var/log/neutron# ip netns exec
> qdhcp-a63f0950-cdea-4a6d-8312-1819113dc244 ping 10.0.1.3
> PING 10.0.1.3 (10.0.1.3) 56(84) bytes of data.
> From 10.0.1.2 icmp_seq=1 Destination Host Unreachable
> From 10.0.1.2 icmp_seq=2 Destination Host Unreachable
> From 10.0.1.2 icmp_seq=3 Destination Host Unreachable
> From 10.0.1.2 icmp_seq=4 Destination Host Unreachable
> From 10.0.1.2 icmp_seq=5 Destination Host Unreachable
> From 10.0.1.2 icmp_seq=6 Destination Host Unreachable
> From 10.0.1.2 icmp_seq=7 Destination Host Unreachable
> From 10.0.1.2 icmp_seq=8 Destination Host Unreachable
> From 10.0.1.2 icmp_seq=9 Destination Host Unreachable
> From 10.0.1.2 icmp_seq=10 Destination Host Unreachable
> From 10.0.1.2 icmp_seq=11 Destination Host Unreachable
> From 10.0.1.2 icmp_seq=12 Destination Host Unreachable
> ^C
> --- 10.0.1.3 ping statistics ---
> 13 packets transmitted, 0 received, +12 errors, 100% packet loss, time
> 12061ms
> pipe 3
> root at 172-17-6-68:/var/log/neutron#
>
> Using ip netns exec qdhcp-* ping, I can ping 10.0.1.1 and 10.0.1.2.
> However, ping 10.0.1.3 still fail.
>
>
>
> On Mon, Nov 18, 2013 at 12:59 AM, Kyle Mestery (kmestery) <
> kmestery at cisco.com> wrote:
>
>> On Nov 17, 2013, at 2:45 AM, sylecn <sylecn at gmail.com> wrote:
>> >
>> > Thanks for the information. Now I have configured a provider router
>> based network, with Open vSwitch GRE tunnels.
>> >
>> > Here is the network topology:
>> >
>> > external network: 172.17.0.0/16
>> > external network physical router: 172.17.0.1
>> > neutron node IP: 172.17.6.68
>> >
>> > virtual provider router: 172.17.6.70
>> >
>> > virtual subnet1: 10.0.1.0/24
>> >
>> > Now I can boot a vm instance and it got an IP from private IP pool
>> (10.0.1.3). I can also associate a floating IP to it (172.17.6.71). But I
>> can't ping the private ip nor the floating ip.
>> >
>> > From the neutron node, I can ping 172.17.6.70, but can't ping 10.0.1.1,
>> 10.0.1.3, 172.17.6.71.
>> > So I can't ssh into the vm. My guess is something is wrong with the
>> 10.0.1.0/24 network, but I don't know what.
>> >
>> Are you setup to use network namespaces with overlapping IP addresses? If
>> so, each tenant network will have it's own network namespace on the node
>> running the Neutron L3 agent. To see these, run this command:
>>
>> ip netns show
>>
>> From the qdhcp-* one, you can try to ping your tenant network address:
>>
>> ip netns exec qdhcp-* ping 10.0.1.3
>>
>> Let me know if that helps.
>>
>> Thanks,
>> Kyle
>>
>> > I used the NoopFirewallDriver in OVS plugin, so icmp and tcp:22 are not
>> blocked by security-group rules.
>> >
>> > Here is the current setup:
>> > (neutron) net-list
>> >
>> +--------------------------------------+--------+----------------------------------------------------+
>> > | id | name | subnets
>> |
>> >
>> +--------------------------------------+--------+----------------------------------------------------+
>> > | a63f0950-cdea-4a6d-8312-1819113dc244 | net1 |
>> 708f2a58-bd85-4493-b91c-a6d42c0db5e7 10.0.1.0/24 |
>> > | ee318d0b-74e5-43c6-92bd-abb690df3334 | extnet |
>> 4c111c62-50f2-4332-b635-57846cf1980c 172.17.0.0/16 |
>> >
>> +--------------------------------------+--------+----------------------------------------------------+
>> > (neutron) subnet-list
>> >
>> +--------------------------------------+---------+---------------+------------------------------------------------+
>> > | id | name | cidr |
>> allocation_pools |
>> >
>> +--------------------------------------+---------+---------------+------------------------------------------------+
>> > | 4c111c62-50f2-4332-b635-57846cf1980c | extnet | 172.17.0.0/16 |
>> {"start": "172.17.6.70", "end": "172.17.6.75"} |
>> > | 708f2a58-bd85-4493-b91c-a6d42c0db5e7 | subnet1 | 10.0.1.0/24 |
>> {"start": "10.0.1.2", "end": "10.0.1.254"} |
>> >
>> +--------------------------------------+---------+---------------+------------------------------------------------+
>> > (neutron) port-list
>> >
>> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
>> > | id | name | mac_address |
>> fixed_ips
>> |
>> >
>> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
>> > | 234b4e76-7b7a-461f-8b61-2b7c58165fd2 | | fa:16:3e:86:95:d3 |
>> {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address":
>> "10.0.1.1"} |
>> > | 35a8ab42-4f1a-4f1e-b656-ab4dd0e83725 | | fa:16:3e:44:c2:0a |
>> {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address":
>> "10.0.1.2"} |
>> > | 85f4d2d7-c92b-4bc1-b080-2b1978bb6e17 | | fa:16:3e:cd:77:17 |
>> {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address":
>> "10.0.1.3"} |
>> > | 9a24c2e9-a6da-4a24-93d4-9eef8cb0bcfa | | fa:16:3e:01:a2:ef |
>> {"subnet_id": "4c111c62-50f2-4332-b635-57846cf1980c", "ip_address":
>> "172.17.6.70"} |
>> > | f508b629-6e95-4be4-89c0-b37be3907231 | | fa:16:3e:7c:41:0a |
>> {"subnet_id": "4c111c62-50f2-4332-b635-57846cf1980c", "ip_address":
>> "172.17.6.71"} |
>> >
>> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
>> > (neutron) port-show 234b4e76-7b7a-461f-8b61-2b7c58165fd2
>> >
>> +-----------------------+---------------------------------------------------------------------------------+
>> > | Field | Value
>> |
>> >
>> +-----------------------+---------------------------------------------------------------------------------+
>> > | admin_state_up | True
>> |
>> > | allowed_address_pairs |
>> |
>> > | binding:capabilities | {"port_filter": false}
>> |
>> > | binding:host_id | 172-17-6-68.yygamedev.com
>> |
>> > | binding:vif_type | ovs
>> |
>> > | device_id | c5b513fa-6d6a-476f-bfc0-2114954a15aa
>> |
>> > | device_owner | network:router_interface
>> |
>> > | extra_dhcp_opts |
>> |
>> > | fixed_ips | {"subnet_id":
>> "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address": "10.0.1.1"} |
>> > | id | 234b4e76-7b7a-461f-8b61-2b7c58165fd2
>> |
>> > | mac_address | fa:16:3e:86:95:d3
>> |
>> > | name |
>> |
>> > | network_id | a63f0950-cdea-4a6d-8312-1819113dc244
>> |
>> > | status | ACTIVE
>> |
>> > | tenant_id | 860483f3ceeb43aab4d1f0e8f76b4064
>> |
>> >
>> +-----------------------+---------------------------------------------------------------------------------+
>> > (neutron)
>> > root at 172-17-6-68:/etc/neutron# nova list
>> >
>> +--------------------------------------+------+--------+------------+-------------+----------------------------+
>> > | ID | Name | Status | Task State |
>> Power State | Networks |
>> >
>> +--------------------------------------+------+--------+------------+-------------+----------------------------+
>> > | ec214f0b-eede-421e-9036-a1b56bff3c37 | c1 | ACTIVE | None |
>> Running | net1=10.0.1.3, 172.17.6.71 |
>> >
>> +--------------------------------------+------+--------+------------+-------------+----------------------------+
>> >
>> >
>>
>>
>>
> !DSPAM:2,528971b5319253744511446!
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> !DSPAM:2,528971b5319253744511446!
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131118/3fa3a29a/attachment.html>
More information about the Openstack
mailing list