[Openstack] private network issue ( kola-ansible pike/stable deployment )
Bernd Bausch
berndbausch at gmail.com
Sat Apr 7 00:07:11 UTC 2018
So the situation is:
* VM1 has a floating IP and can be reached via floating IP
* VM1 can ping VM2
* VM2 can't ssh VM2
Useful additional information you may have gathered already:
* Does the ssh client issue any error message, and which?
* Is an sshd running on VM2?
* If yes, any error in the sshd log? I.e., does VM2 receive anything
at all, and how does it process what it receives
* Any /outgoing /connectivity problems from VM2?
Other things to do or check:
* Use debug options when running the ssh client and sshd
* packet tracing on both VMs
* ssh to VM2's private IP from the DHCP server's namespace
* When you ping VM2, are you sure it's really VM2 that responds?
Perhaps something else has the same IP, or even MAC.
You can check that by tracing ICMP on VM2.
Bernd
On 4/7/2018 2:56 AM, Brian Haley wrote:
> On 04/06/2018 01:28 PM, s serge wrote:
>> Hello,
>>
>> I'm evaluating an installation and everything from networking side
>> was looking good
>> until I tried to reach a VM host via private network from another VM
>> via ssh.
>>
>> In short:
>> 1. Spawn a VM
>> 2. Associate a floating IP
>> 3. Logon to VM via ssh on public network
>> 4. Spawn another VM
>> 5. Try to reach 1st VM via ssh private network IP - FAIL.
>> 6. ICMP to 1st VM IP via private network works well.
>>
>> Looks pretty weird for me as according to logs everything looks fine,
>> both VM got assigned a private IP and fetches metadata info.
>>
>> Some notes about setup:
>> Separate interfaces for management, private(VXLAN) and external network.
>> Dozen of similar servers.
>>
>> I'll continue to debug the issue, but appreciate any relevant feedback.
>
> I would check two things:
>
> 1. Security groups are allowing port 22
> 2. MTU is set correctly, should probably be 1450 if you're using
> VXLAN, which should have been set via the DHCP reply
>
> -Brian
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20180407/018781d2/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20180407/018781d2/attachment.sig>
More information about the Openstack
mailing list