<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=gb2312"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:宋体;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:宋体;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"\@宋体";
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:"Courrier New";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.hoenzb
{mso-style-name:hoenzb;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Aaron,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks for helping.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Actually I already have had this rule:<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>(quantum) security-group-rule-list<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>+--------------------------------------+----------------+-----------+----------+------------------+--------------+<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| id | security_group | direction | protocol | remote_ip_prefix | remote_group |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>+--------------------------------------+----------------+-----------+----------+------------------+--------------+<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| 1a5867db-864b-4ae9-a423-092f3c25d710 | default | ingress | | | default |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| 5449c312-00ba-4625-813f-1d7f06bb8259 | default | ingress | tcp | 0.0.0.0/0 | |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| 59166d99-0901-4c58-8bf3-ff46cfd4bb01 | default | egress | | | |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| 79708fb2-50b1-4c7b-82a5-5cd0275603ad | default | egress | | | |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| 940a2743-859a-444c-9c3c-0204995e87ba | default | ingress | | | default |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| a7812053-a913-4288-bbd3-c5f225f38d13 | default | ingress | | | default |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| b160a8cf-7ca0-4da6-b238-68315b199314 | default | egress | | | |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| bce886e7-74d2-46bc-aba6-5928a17b2c74 | default | ingress | | | default |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| c3ccbe23-5d44-4cbc-991d-a5df29aa5300 | default | ingress | | | default |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| c86af4d4-d6eb-4b15-a23c-1d84d8b27716 | default | egress | | | |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| c9b96941-c652-4b24-9162-4a1dcd999088 | default | ingress | icmp | 0.0.0.0/0 | |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| dd26aab7-7641-4ad8-ac53-fe443f41ab5f | default | ingress | | | default |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| f87eeaea-4b97-4995-968e-34f127d09bd3 | default | egress | | | |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>| fc7d35d0-d2b6-4df1-a03b-ca28c5e5c487 | default | egress | | | |<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>+--------------------------------------+----------------+-----------+----------+------------------+--------------+<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>(quantum) security-group-rule-create --protocol icmp --direction ingress default<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>Multiple security_group matches found for name 'default', use an ID to be more specific.<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><span style='font-size:9.0pt;font-family:"Courrier New"'>(quantum)<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Actualy my first tenant’s several VMs don’t have network issue. Can ping their’s floating IP from Internet.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>However my second tenant’s several VMs have same network issue: can ping Internet from vm, but can’t ping their floating IP from Internet.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Leon<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Aaron Rosen [mailto:arosen@nicira.com] <br><b>Sent:</b> 2013</span><span lang=ZH-CN style='font-size:10.0pt;font-family:宋体'>年</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>6</span><span lang=ZH-CN style='font-size:10.0pt;font-family:宋体'>月</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>4</span><span lang=ZH-CN style='font-size:10.0pt;font-family:宋体'>日</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> 9:03<br><b>To:</b> Li, Leon<br><b>Cc:</b> openstack-operators@lists.openstack.org; openstack@lists.launchpad.net (openstack@lists.launchpad.net)<br><b>Subject:</b> Re: [Openstack] [Quantum] second tenant VM's floating ip can't be accessed.<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Hi Li, <o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>If you can ping out to the internet from your second vm but not back in it's most likely related to security groups. <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I'd try running: quantum security-group-rule-create --protocol icmp --direction ingress default <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>and see if that allows ping from the internet to be received. <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Aaron<o:p></o:p></p></div></div><div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p><div><p class=MsoNormal>On Mon, Jun 3, 2013 at 2:43 AM, Li, Leon <<a href="mailto:Leon.Li2@emc.com" target="_blank">Leon.Li2@emc.com</a>> wrote:<o:p></o:p></p><div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Hi all,<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'> <o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>I set up an openstack recently. My first tenant’s VMs’ floating IP work fine. All of them is pingable from “Internet”.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>However on second tenant, via GUI or CLI I can successfully assign floating IPs to VMs, but they are not pingable. Meanwhile, I can ping Internet from VM’s private network(IP).<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>My environment: Grizzly. Quantum. 3 physical servers. One is controller; one is network; and the other is compute node. GRE tunnel.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'>Anyone has idea? Thanks for your help.<o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#888888'> <o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='color:#888888'>Leon<o:p></o:p></span></p></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><br>_______________________________________________<br>Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div></div></body></html>