[Openstack] should instances be able to ping each other through a router?

Don Waterloo don.waterloo at gmail.com
Sun Aug 24 01:30:41 UTC 2014 

Sorry to follow-up my own question, but I find that the ICMP echo gets
to the host on which the destination instance is running, and, of the
following interfaces, all but the 'tap*' interface sees it.

qbr23bbb27b-2f Link encap:Ethernet  HWaddr 26:cb:b8:4c:12:1c
qvb23bbb27b-2f Link encap:Ethernet  HWaddr 26:cb:b8:4c:12:1c
qvo23bbb27b-2f Link encap:Ethernet  HWaddr 12:e1:8a:e6:22:69
tap23bbb27b-2f Link encap:Ethernet  HWaddr fe:16:3e:5a:39:d9

so i guess i need to understand why the q? -> tap path drops my ICMP echo.

On 23 August 2014 21:09, Don Waterloo <don.waterloo at gmail.com> wrote:
> I have the below heat template instantiated.
>
> Each instance (h1/h2/h3) can ping out to the world just fine.
> In addition, h1 can ping h2 & h3, and they it. e.g. everyone can ping
> everyone on its own subnet.
> But h2 and h3 cannot ping each other (this is a routing function
> rather than local net).
>
> I am using vxlan with neutron, ovs ml2 on icehouse ubuntu 14.04.
>
> I have port_security disabled (and iptables -L shows this to be true
> in the router namespace).
>
> what is happening is the ping hits the router port, and stops.
> e.g. 172.16.1.X sends ICMP to 172.16.2.1, and its never seen again.
>
> Should I be expecting this to work? It seems that this should not be
> an SNAT issue, its all inside my private networking space.
>
> From the host, if I 'ip netns exec qrouter-<...>' i can ping each
> interface inside each vm, so i know the host can reach them.
>
> So, uh, suggestions on how to debug this? My 'trusty' image below is
> ubuntu 14.04, but it also happens w/ cirros fwiw.
>
> --------------<snip>--------------
> heat_template_version: 2013-05-23
>
> description: >
>
> resources:
>   key:
>     type: OS::Nova::KeyPair
>     properties:
>       name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-key' } }
>       save_private_key: True
>
>   rtr:
>     type: OS::Neutron::Router
>     properties:
>       admin_state_up: True
>       name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-rtr' } }
>       external_gateway_info:
>         network: "ext-net"
>
>   ctrl_net:
>     type: OS::Neutron::Net
>     properties:
>       name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-data-ctrl-net' } }
>
>   ctrl_subnet:
>     type: OS::Neutron::Subnet
>     properties:
>       name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-data-ctrl-subnet' } }
>       enable_dhcp: True
>       network_id: { get_resource: ctrl_net }
>       cidr: 172.16.1/24
>       allocation_pools:
>         - start: 172.16.1.10
>           end: 172.16.1.254
>
>   router_i0:
>     type: OS::Neutron::RouterInterface
>     properties:
>       router_id: { get_resource: rtr }
>       subnet_id: { get_resource: ctrl_subnet }
>
>   router_i1:
>     type: OS::Neutron::RouterInterface
>     properties:
>       router_id: { get_resource: rtr }
>       subnet_id: { get_resource: data_int_subnet }
>
>   int_net:
>     type: OS::Neutron::Net
>     properties:
>       name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-int-net' } }
>
>   data_int_subnet:
>     type: OS::Neutron::Subnet
>     properties:
>       name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-data-int-subnet' } }
>       enable_dhcp: True
>       network_id: { get_resource: int_net }
>       cidr: 172.16.2/24
>       allocation_pools:
>         - start: 172.16.2.10
>           end: 172.16.2.254
>
>
>   h1:
>     type: OS::Nova::Server
>     properties:
>       name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-h1' } }
>       key_name: { get_resource: key }
>       image: "trusty"
>       flavor: "m1.tiny"
>       config_drive: "true"
>       networks:
>         - network: { get_resource: ctrl_net }
>         - network: { get_resource: int_net }
>       user_data_format: RAW
>       user_data: |
>         #!/bin/bash
>         ifup eth1
>         dhclient eth1
>
>   h2:
>     type: OS::Nova::Server
>     properties:
>       name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-h2' } }
>       key_name: { get_resource: key }
>       image: "trusty"
>       flavor: "m1.tiny"
>       config_drive: "true"
>       networks:
>         - network: { get_resource: ctrl_net }
>
>   h3:
>     type: OS::Nova::Server
>     properties:
>       name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-h3' } }
>       key_name: { get_resource: key }
>       image: "trusty"
>       flavor: "m1.tiny"
>       config_drive: "true"
>       networks:
>         - network: { get_resource: int_net }
>
> outputs:
>     key:
>         description: The private key to login to these images with
> (try heat output-show <NAME> key | sed -e 's?"??g' -e 's?\\n?\n?g' >
> ~/.ssh/<NAME>_rsa)
>         value: { get_attr: [ key, private_key] }
>
> --------------<snip>--------------

More information about the Openstack mailing list