<div dir="ltr">Here is the route -n and ifconfig output from the qdhcp namespace:<br><br>root@172-17-6-68:/var/log/neutron# ip netns exec qdhcp-a63f0950-cdea-4a6d-8312-1819113dc244 route -n<br>Kernel IP routing table<br>Destination Gateway Genmask Flags Metric Ref Use Iface<br>
0.0.0.0 10.0.1.1 0.0.0.0 UG 0 0 0 tap35a8ab42-4f<br>10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tap35a8ab42-4f<br>root@172-17-6-68:/var/log/neutron# ip netns exec qdhcp-a63f0950-cdea-4a6d-8312-1819113dc244 ifconfig<br>
lo Link encap:Local Loopback <br> inet addr:127.0.0.1 Mask:255.0.0.0<br> inet6 addr: ::1/128 Scope:Host<br> UP LOOPBACK RUNNING MTU:65536 Metric:1<br> RX packets:27 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:27 errors:0 dropped:0 overruns:0 carrier:0<br> collisions:0 txqueuelen:0 <br> RX bytes:4768 (4.7 KB) TX bytes:4768 (4.7 KB)<br><br>tap35a8ab42-4f Link encap:Ethernet HWaddr fa:16:3e:44:c2:0a <br>
inet addr:10.0.1.2 Bcast:10.0.1.255 Mask:255.255.255.0<br> inet6 addr: fe80::f816:3eff:fe44:c20a/64 Scope:Link<br> UP BROADCAST RUNNING MTU:1500 Metric:1<br> RX packets:50 errors:0 dropped:0 overruns:0 frame:0<br>
TX packets:36 errors:0 dropped:0 overruns:0 carrier:0<br> collisions:0 txqueuelen:0 <br> RX bytes:2624 (2.6 KB) TX bytes:2000 (2.0 KB)<br><br><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Mon, Nov 18, 2013 at 9:24 AM, sylecn <span dir="ltr"><<a href="mailto:sylecn@gmail.com" target="_blank">sylecn@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div>I have enabled namespace, but I did not use overlapping IP addresses so far.<br><br></div>Here is the result of the netns command:<br><br>root@172-17-6-68:/var/log/neutron# ip netns show<br>qrouter-c5b513fa-6d6a-476f-bfc0-2114954a15aa<br>
qdhcp-a63f0950-cdea-4a6d-8312-1819113dc244<br>root@172-17-6-68:/var/log/neutron# ip netns exec qdhcp-a63f0950-cdea-4a6d-8312-1819113dc244 ping 10.0.1.3<br>PING 10.0.1.3 (10.0.1.3) 56(84) bytes of data.<br>From 10.0.1.2 icmp_seq=1 Destination Host Unreachable<br>
>From 10.0.1.2 icmp_seq=2 Destination Host Unreachable<br>From 10.0.1.2 icmp_seq=3 Destination Host Unreachable<br>From 10.0.1.2 icmp_seq=4 Destination Host Unreachable<br>From 10.0.1.2 icmp_seq=5 Destination Host Unreachable<br>
>From 10.0.1.2 icmp_seq=6 Destination Host Unreachable<br>From 10.0.1.2 icmp_seq=7 Destination Host Unreachable<br>From 10.0.1.2 icmp_seq=8 Destination Host Unreachable<br>From 10.0.1.2 icmp_seq=9 Destination Host Unreachable<br>
>From 10.0.1.2 icmp_seq=10 Destination Host Unreachable<br>From 10.0.1.2 icmp_seq=11 Destination Host Unreachable<br>From 10.0.1.2 icmp_seq=12 Destination Host Unreachable<br>^C<br>--- 10.0.1.3 ping statistics ---<br>13 packets transmitted, 0 received, +12 errors, 100% packet loss, time 12061ms<br>
pipe 3<br>root@172-17-6-68:/var/log/neutron# <br><br>Using ip netns exec qdhcp-* ping, I can ping 10.0.1.1 and 10.0.1.2. However, ping 10.0.1.3 still fail.<br><br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra">
<br><br><div class="gmail_quote">
On Mon, Nov 18, 2013 at 12:59 AM, Kyle Mestery (kmestery) <span dir="ltr"><<a href="mailto:kmestery@cisco.com" target="_blank">kmestery@cisco.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>On Nov 17, 2013, at 2:45 AM, sylecn <<a href="mailto:sylecn@gmail.com" target="_blank">sylecn@gmail.com</a>> wrote:<br>
><br>
> Thanks for the information. Now I have configured a provider router based network, with Open vSwitch GRE tunnels.<br>
><br>
> Here is the network topology:<br>
><br>
> external network: <a href="http://172.17.0.0/16" target="_blank">172.17.0.0/16</a><br>
> external network physical router: 172.17.0.1<br>
> neutron node IP: 172.17.6.68<br>
><br>
> virtual provider router: 172.17.6.70<br>
><br>
> virtual subnet1: <a href="http://10.0.1.0/24" target="_blank">10.0.1.0/24</a><br>
><br>
> Now I can boot a vm instance and it got an IP from private IP pool (10.0.1.3). I can also associate a floating IP to it (172.17.6.71). But I can't ping the private ip nor the floating ip.<br>
><br>
> From the neutron node, I can ping 172.17.6.70, but can't ping 10.0.1.1, 10.0.1.3, 172.17.6.71.<br>
> So I can't ssh into the vm. My guess is something is wrong with the <a href="http://10.0.1.0/24" target="_blank">10.0.1.0/24</a> network, but I don't know what.<br>
><br>
</div>Are you setup to use network namespaces with overlapping IP addresses? If so, each tenant network will have it's own network namespace on the node running the Neutron L3 agent. To see these, run this command:<br>
<br>
ip netns show<br>
<br>
>From the qdhcp-* one, you can try to ping your tenant network address:<br>
<br>
ip netns exec qdhcp-* ping 10.0.1.3<br>
<br>
Let me know if that helps.<br>
<br>
Thanks,<br>
Kyle<br>
<div><div><br>
> I used the NoopFirewallDriver in OVS plugin, so icmp and tcp:22 are not blocked by security-group rules.<br>
><br>
> Here is the current setup:<br>
> (neutron) net-list<br>
> +--------------------------------------+--------+----------------------------------------------------+<br>
> | id | name | subnets |<br>
> +--------------------------------------+--------+----------------------------------------------------+<br>
> | a63f0950-cdea-4a6d-8312-1819113dc244 | net1 | 708f2a58-bd85-4493-b91c-a6d42c0db5e7 <a href="http://10.0.1.0/24" target="_blank">10.0.1.0/24</a> |<br>
> | ee318d0b-74e5-43c6-92bd-abb690df3334 | extnet | 4c111c62-50f2-4332-b635-57846cf1980c <a href="http://172.17.0.0/16" target="_blank">172.17.0.0/16</a> |<br>
> +--------------------------------------+--------+----------------------------------------------------+<br>
> (neutron) subnet-list<br>
> +--------------------------------------+---------+---------------+------------------------------------------------+<br>
> | id | name | cidr | allocation_pools |<br>
> +--------------------------------------+---------+---------------+------------------------------------------------+<br>
> | 4c111c62-50f2-4332-b635-57846cf1980c | extnet | <a href="http://172.17.0.0/16" target="_blank">172.17.0.0/16</a> | {"start": "172.17.6.70", "end": "172.17.6.75"} |<br>
> | 708f2a58-bd85-4493-b91c-a6d42c0db5e7 | subnet1 | <a href="http://10.0.1.0/24" target="_blank">10.0.1.0/24</a> | {"start": "10.0.1.2", "end": "10.0.1.254"} |<br>
> +--------------------------------------+---------+---------------+------------------------------------------------+<br>
> (neutron) port-list<br>
> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+<br>
> | id | name | mac_address | fixed_ips |<br>
> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+<br>
> | 234b4e76-7b7a-461f-8b61-2b7c58165fd2 | | fa:16:3e:86:95:d3 | {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address": "10.0.1.1"} |<br>
> | 35a8ab42-4f1a-4f1e-b656-ab4dd0e83725 | | fa:16:3e:44:c2:0a | {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address": "10.0.1.2"} |<br>
> | 85f4d2d7-c92b-4bc1-b080-2b1978bb6e17 | | fa:16:3e:cd:77:17 | {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address": "10.0.1.3"} |<br>
> | 9a24c2e9-a6da-4a24-93d4-9eef8cb0bcfa | | fa:16:3e:01:a2:ef | {"subnet_id": "4c111c62-50f2-4332-b635-57846cf1980c", "ip_address": "172.17.6.70"} |<br>
> | f508b629-6e95-4be4-89c0-b37be3907231 | | fa:16:3e:7c:41:0a | {"subnet_id": "4c111c62-50f2-4332-b635-57846cf1980c", "ip_address": "172.17.6.71"} |<br>
> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+<br>
> (neutron) port-show 234b4e76-7b7a-461f-8b61-2b7c58165fd2<br>
> +-----------------------+---------------------------------------------------------------------------------+<br>
> | Field | Value |<br>
> +-----------------------+---------------------------------------------------------------------------------+<br>
> | admin_state_up | True |<br>
> | allowed_address_pairs | |<br>
> | binding:capabilities | {"port_filter": false} |<br>
> | binding:host_id | <a href="http://172-17-6-68.yygamedev.com" target="_blank">172-17-6-68.yygamedev.com</a> |<br>
> | binding:vif_type | ovs |<br>
> | device_id | c5b513fa-6d6a-476f-bfc0-2114954a15aa |<br>
> | device_owner | network:router_interface |<br>
> | extra_dhcp_opts | |<br>
> | fixed_ips | {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address": "10.0.1.1"} |<br>
> | id | 234b4e76-7b7a-461f-8b61-2b7c58165fd2 |<br>
> | mac_address | fa:16:3e:86:95:d3 |<br>
> | name | |<br>
> | network_id | a63f0950-cdea-4a6d-8312-1819113dc244 |<br>
> | status | ACTIVE |<br>
> | tenant_id | 860483f3ceeb43aab4d1f0e8f76b4064 |<br>
> +-----------------------+---------------------------------------------------------------------------------+<br>
> (neutron)<br>
> root@172-17-6-68:/etc/neutron# nova list<br>
> +--------------------------------------+------+--------+------------+-------------+----------------------------+<br>
> | ID | Name | Status | Task State | Power State | Networks |<br>
> +--------------------------------------+------+--------+------------+-------------+----------------------------+<br>
> | ec214f0b-eede-421e-9036-a1b56bff3c37 | c1 | ACTIVE | None | Running | net1=10.0.1.3, 172.17.6.71 |<br>
> +--------------------------------------+------+--------+------------+-------------+----------------------------+<br>
><br>
><br>
<br>
<br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>