<div dir="ltr">This is how my iptable looks like <div><br></div><div><div># iptables -n -tnat --list </div><div>Chain PREROUTING (policy ACCEPT)</div><div>target prot opt source destination </div>
<div>nova-api-PREROUTING all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> </div><div><br></div><div>Chain INPUT (policy ACCEPT)</div><div>target prot opt source destination </div>
<div><br></div><div>Chain OUTPUT (policy ACCEPT)</div><div>target prot opt source destination </div><div>nova-api-OUTPUT all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> </div>
<div><br></div><div>Chain POSTROUTING (policy ACCEPT)</div><div>target prot opt source destination </div><div>nova-api-POSTROUTING all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> </div>
<div>nova-postrouting-bottom all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> </div><div><br></div><div>Chain nova-api-OUTPUT (1 references)</div><div>target prot opt source destination </div>
<div><br></div><div>Chain nova-api-POSTROUTING (1 references)</div><div>target prot opt source destination </div><div><br></div><div>Chain nova-api-PREROUTING (1 references)</div><div>target prot opt source destination </div>
<div><br></div><div>Chain nova-api-float-snat (1 references)</div><div>target prot opt source destination </div><div><br></div><div>Chain nova-api-snat (1 references)</div><div>target prot opt source destination </div>
<div>nova-api-float-snat all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> </div><div><br></div><div>Chain nova-postrouting-bottom (1 references)</div><div>target prot opt source destination </div>
<div>nova-api-snat all -- <a href="http://0.0.0.0/0">0.0.0.0/0</a> <a href="http://0.0.0.0/0">0.0.0.0/0</a> </div></div><div><br></div><div style>I do have rule in my default security group to allow tcp/udp/icmp traffic to my VM.</div>
<div style><br></div><div style>Apart from this, i do not see private IP address in the qdhcp name space </div><div style><div># ip netns exec qdhcp-593574c7-2a27-4b5e-bd6d-ebd7282ffc08 ip addr list</div><div>32: tapc7622702-f7: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN </div>
<div> link/ether fa:16:3e:ec:d7:b8 brd ff:ff:ff:ff:ff:ff</div><div> inet <a href="http://1.1.2.3/24">1.1.2.3/24</a> brd 1.1.2.255 scope global tapc7622702-f7</div><div> inet6 fe80::f816:3eff:feec:d7b8/64 scope link </div>
<div> valid_lft forever preferred_lft forever</div><div>33: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN </div><div> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00</div><div> inet <a href="http://127.0.0.1/8">127.0.0.1/8</a> scope host lo</div>
<div> inet6 ::1/128 scope host </div><div> valid_lft forever preferred_lft forever</div><div><br></div></div><div style>Can it cause any issue ? Will it be helpful if i configure use NoopFirewallDriver on controller/compute node ?</div>
<div style><br></div><div style>Please let me know if you need any other data.</div><div style><br></div><div style>Thanks</div><div style>Anil</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 30, 2013 at 7:13 PM, Salvatore Orlando <span dir="ltr"><<a href="mailto:sorlando@nicira.com" target="_blank">sorlando@nicira.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">We will need to look at iptables on your network node.<div>If you run iptables -n -tnat --list you should see a couple of DNAT/SNAT rules for forwarding traffic netween <a href="tel:9.126.108.127" value="+19126108127" target="_blank">9.126.108.127</a>.</div>
<div><br>
</div><div>In any case, bear in mind that the default security group does not allow ICMP. If you have not enabled it, it might as well be that this is reason for your issue.</div><div><br></div><div>Salvatore</div>
</div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">On 30 May 2013 15:36, Anil Vishnoi <span dir="ltr"><<a href="mailto:vishnoianil@gmail.com" target="_blank">vishnoianil@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr">Forwarding again with some hope for response :)<div><div><br><br><div class="gmail_quote">
---------- Forwarded message ----------<br>
From: <b class="gmail_sendername">Anil Vishnoi</b> <span dir="ltr"><<a href="mailto:vishnoianil@gmail.com" target="_blank">vishnoianil@gmail.com</a>></span><br>
Date: Thu, May 30, 2013 at 3:14 AM<br>Subject: [Grizzly][Quantum] Floating IP is not reachable<br>To: "<a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a>" <<a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a>><br>
<br><br><div dir="ltr"><br clear="all"><div>Hi All,</div><div><br></div><div>I have a setup where controller/network node is running on one server and i have another server as a compute node. I am able to launch the VM and VM gets its private IP from its respective DHCP server as well. VM is connected to its private network. Private network is attached to the router and external network is set as a gateway for the router. I am able to associate floating ip to the VM as well. </div>
<div><br></div><div>But when i ping this floating ip from internet, i am not able to ping. Although i am able to ping the gateway ip of the router. I checked the ARP entry for the floating ip, and its successfully resolving the arp for this floating ip. </div>
<div><br></div><div>I can see this address in the router name space as well.</div><div><br></div><div><div># ip netns exec qrouter-3d7dfce4-c19a-4448-b276-1631690a403c ip addr</div><div>14: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN </div>
<div> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00</div><div> inet <a href="http://127.0.0.1/8" target="_blank">127.0.0.1/8</a> scope host lo</div><div> inet6 ::1/128 scope host </div><div> valid_lft forever preferred_lft forever</div>
<div>15: qr-e018e6ed-37: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN </div><div> link/ether fa:16:3e:f5:73:c5 brd ff:ff:ff:ff:ff:ff</div><div> inet <a href="http://1.1.1.1/24" target="_blank">1.1.1.1/24</a> brd 1.1.1.255 scope global qr-e018e6ed-37</div>
<div> inet6 fe80::f816:3eff:fef5:73c5/64 scope link </div><div> valid_lft forever preferred_lft forever</div><div>19: qg-d75a619f-ac: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN </div>
<div> link/ether fa:16:3e:2e:c6:4b brd ff:ff:ff:ff:ff:ff</div><div> inet <a href="http://9.126.108.126/24" target="_blank">9.126.108.126/24</a> brd <a href="tel:9.126.108.255" value="+19126108255" target="_blank">9.126.108.255</a> scope global qg-d75a619f-ac</div>
<div> inet <a href="http://9.126.108.127/32" target="_blank">9.126.108.127/32</a> brd <a href="tel:9.126.108.127" value="+19126108127" target="_blank">9.126.108.127</a> scope global qg-d75a619f-ac <<</div>
<div> inet6 fe80::f816:3eff:fe2e:c64b/64 scope link </div><div> valid_lft forever preferred_lft forever</div><div><br></div><div><br></div><div>So i can ping <a href="tel:9.126.108.126" value="+19126108126" target="_blank">9.126.108.126</a> but i am not able to ping <a href="tel:9.126.108.127" value="+19126108127" target="_blank">9.126.108.127</a>. Also both of these IP actually resolves to the same MAC address, is it expected ? I added rules in the default security group to allow TCP/UDP/ICMP traffic.</div>
<div><br></div><div>Please let me know if anybody has any clue on whats going on here , and how can i further debug it. Please let me know if you need any other details.</div></div><span><font color="#888888">-- <br>
<div dir="ltr">Thanks<div>
Anil</div></div>
</font></span></div>
</div><br><br clear="all"><div><br></div></div></div><span><font color="#888888">-- <br><div dir="ltr">Thanks<div>Anil</div></div>
</font></span></div>
<br></div></div>_______________________________________________<br>
Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
Post to : <a href="mailto:openstack@lists.launchpad.net" target="_blank">openstack@lists.launchpad.net</a><br>
Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr">Thanks<div>Anil</div></div>
</div>