[Openstack] Icehouse installation with a single NIC: VMs do not have Internet
Marc ST
mst4086 at gmail.com
Sat Jul 26 20:46:34 UTC 2014
Hi,
I am trying to install a 3 node Icehouse cluster. Each node has a *single
NIC*. For now, I just need nova-network, but I plan to use neutron in a
couple of months.
I created the network with:
nova network-create vmnet --fixed-range-v4=203.0.113.1/24
<http://203.0.113.24/24> --bridge-interface=br100 --multi-host=T​
Currently, I am able to ping any host in my local network from a Cirros VM
with no floating IP assigned:
-Controller:
$ ping 192.168.1.10
PING 192.168.1.10 (192.168.1.10): 56 data bytes
64 bytes from 192.168.1.10: seq=0 ttl=64 time=0.205 ms
-Gateway (D-Link DSL-2770L):
$ ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: seq=0 ttl=63 time=0.933 ms
It also seems to resolve DNS correctly, but it gets no response:
-Google:
$ ping google.com
PING google.com (173.194.41.7): 56 data bytes
^C
--- google.com ping statistics ---
10 packets transmitted, 0 packets received, 100% packet loss
-tcpdump from the controller on the interface em1 when pinging google.com:
22:05:39.005097 IP controller.38302 > 192.168.1.1.domain: 42711+ PTR?
7.41.194.173.in-addr.arpa. (43)
22:05:39.006571 IP 192.168.1.1.domain > controller.38302: 42711 1/0/0 PTR
mad01s14-in-f7.1e100.net. (81)
22:05:39.006871 IP controller.55511 > 192.168.1.1.domain: 10714+ PTR?
2.113.0.203.in-addr.arpa. (42)
22:05:39.156593 IP 192.168.1.1.domain > controller.55511: 10714 NXDomain
0/1/0 (131)
22:05:39.693543 IP 203.0.113.2 > mad01s14-in-f7.1e100.net: ICMP echo
request, id 1560, seq 100, length 64
22:05:40.693714 IP 203.0.113.2 > mad01s14-in-f7.1e100.net: ICMP echo
request, id 1560, seq 101, length 64
22:05:41.693826 IP 203.0.113.2 > mad01s14-in-f7.1e100.net: ICMP echo
request, id 1560, seq 102, length 64
22:05:42.694046 IP 203.0.113.2 > mad01s14-in-f7.1e100.net: ICMP echo
request, id 1560, seq 103, length 64
Any help would be greatly appreciated.
Thanks in advance,
Marc
--------------------------------------------------------------------
*Here are more details about my installation (controller):*
*-ifconfig:*
br100 Link encap:Ethernet HWaddr c0:3f:d5:65:f0:28
inet addr:203.0.113.1 Bcast:203.0.113.255 Mask:255.255.255.0
inet6 addr: fe80::a032:c2ff:fec7:1af5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:184840961 errors:0 dropped:0 overruns:0 frame:0
TX packets:10086 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13348355562 (13.3 GB) TX bytes:2167190 (2.1 MB)
em1 Link encap:Ethernet HWaddr c0:3f:d5:65:f0:28
inet6 addr: fe80::c23f:d5ff:fe65:f028/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:184836802 errors:0 dropped:0 overruns:0 frame:0
TX packets:22617 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16674408339 (16.6 GB) TX bytes:3501369 (3.5 MB)
Interrupt:20 Memory:f7c00000-f7c20000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:3439965 errors:0 dropped:0 overruns:0 frame:0
TX packets:3439965 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1123075242 (1.1 GB) TX bytes:1123075242 (1.1 GB)
virbr0 Link encap:Ethernet HWaddr da:96:05:3b:24:7f
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vnet0 Link encap:Ethernet HWaddr fe:16:3e:8d:41:c1
inet6 addr: fe80::fc16:3eff:fe8d:41c1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18885 errors:0 dropped:0 overruns:0 frame:0
TX packets:183785348 errors:0 dropped:3296 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:2487670 (2.4 MB) TX bytes:15842302413 (15.8 GB)
* nova.conf:*
[...]
network_api_class = nova.network.api.API
security_group_api = nova
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
network_manager = nova.network.manager.FlatDHCPManager
network_size = 254
allow_same_net_traffic = False
multi_host = True
send_arp_for_ha = True
share_dhcp_address = True
force_dhcp_release = True
flat_network_bridge = br100
flat_interface = em1
public_interface = em1
[...]
* /etc/network/interfaces:*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto em1
iface em1 inet dhcp
auto em1:0
iface em1:0 inet static
name em1 Alias
address 192.168.1.10
netmask 255.255.255.0
gateway 192.168.1.1
*IPTABLES:*
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
nova-compute-INPUT all -- anywhere anywhere
nova-network-INPUT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
nova-api-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
nova-filter-top all -- anywhere anywhere
nova-compute-FORWARD all -- anywhere anywhere
nova-network-FORWARD all -- anywhere anywhere
ACCEPT all -- anywhere 192.168.122.0/24 ctstate
RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with
icmp-port-unreachable
nova-api-FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
nova-filter-top all -- anywhere anywhere
nova-compute-OUTPUT all -- anywhere anywhere
nova-network-OUTPUT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
nova-api-OUTPUT all -- anywhere anywhere
Chain nova-api-FORWARD (1 references)
target prot opt source destination
Chain nova-api-INPUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere controller tcp dpt:8775
Chain nova-api-OUTPUT (1 references)
target prot opt source destination
Chain nova-api-local (1 references)
target prot opt source destination
Chain nova-compute-FORWARD (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0 255.255.255.255 udp
spt:bootpc dpt:bootps
Chain nova-compute-INPUT (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0 255.255.255.255 udp
spt:bootpc dpt:bootps
Chain nova-compute-OUTPUT (1 references)
target prot opt source destination
Chain nova-compute-inst-4 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
nova-compute-provider all -- anywhere anywhere
ACCEPT udp -- 203.0.113.1 anywhere udp
spt:bootps dpt:bootpc
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere multiport
dports tcpmux:65535
ACCEPT udp -- anywhere anywhere multiport
dports 1:65535
nova-compute-sg-fallback all -- anywhere anywhere
Chain nova-compute-local (1 references)
target prot opt source destination
nova-compute-inst-4 all -- anywhere 203.0.113.2
Chain nova-compute-provider (1 references)
target prot opt source destination
Chain nova-compute-sg-fallback (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain nova-filter-top (2 references)
target prot opt source destination
nova-compute-local all -- anywhere anywhere
nova-network-local all -- anywhere anywhere
nova-api-local all -- anywhere anywhere
Chain nova-network-FORWARD (1 references)
target prot opt source destination
DROP udp -- anywhere 255.255.255.255 PHYSDEV match
--physdev-in em1 udp dpt:bootps
DROP udp -- anywhere 255.255.255.255 PHYSDEV match
--physdev-out em1 udp dpt:bootps
DROP all -- anywhere 203.0.113.1 PHYSDEV match
--physdev-in em1
DROP all -- 203.0.113.1 anywhere PHYSDEV match
--physdev-out em1
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain nova-network-INPUT (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
Chain nova-network-OUTPUT (1 references)
target prot opt source destination
Chain nova-network-local (1 references)
target prot opt source destination
* EBTABLES:*
ebtables -L
Bridge table: filter
Bridge chain: INPUT, entries: 1, policy: ACCEPT
-p ARP -i em1 --arp-ip-dst 203.0.113.1 -j DROP
Bridge chain: FORWARD, entries: 0, policy: ACCEPT
Bridge chain: OUTPUT, entries: 1, policy: ACCEPT
-p ARP -o em1 --arp-ip-src 203.0.113.1 -j DROP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140726/e5f91f7c/attachment.html>
More information about the Openstack
mailing list