<div dir="ltr">Hi Ross,<br><br>1. Make sure you have enabled ping (ICMP) in security groups.<br> The default security groups does not allow ping.<br><br> neutron security-group-rule-create --direction ingress --protocol icmp $SG_ID<br>
<br> I suggest you explicitly create security group and use that when you<br> boot instance. In this case, I see two security groups named<br> "default". Better add that rule for both.<br><br>2. Check whether you can ping the fixed ip.<br>
Run on the neutron node:<br><br> sudo ip netns exec qrouter-43c596c4-65fe-4c22-a48a-0a6e200abf78 ping -c 4 10.0.1.2<br><br>3. Check console log of the vm. Did it boot correctly? Did it get IP from DHCP?<br><br> nova console-log tvm1<br>
<br>Thanks,<br>Yuanle<br><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Feb 11, 2014 at 8:52 AM, Lillie Ross-CDSR11 <span dir="ltr"><<a href="mailto:Ross.Lillie@motorolasolutions.com" target="_blank">Ross.Lillie@motorolasolutions.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div style="word-wrap:break-word">
If this issue has already been discussed, please excuse.<br>
<br>
I’m somewhat confused about neutron configuration and tenancy. Correct me if I’m wrong. <br>
<br>
First, I’ve create a private network under the ‘admin’ tenant named ‘admin-net'. I’ve associated a subnet named admin-net.1 with the admin-net with a CIDR of <a href="http://10.0.1.0/24" target="_blank">10.0.1.0/24</a>.<br>
<br>
Next, I created a network with router:external set to True associated with our campus network named ‘campus-net’. This network was created under the ‘service’ tenant’. I also create a router named ‘campus-gw’ under the ‘service’ tenant and set it’s gateway
to be the ‘campus-net’ network.<br>
<br>
Finally, I create a floating address pool under the ‘admin’ tenant named ‘admin-net.float', and add it as an interface to the ‘campus-gw’ router. I also create a default security group under the ‘admin’ tenant to allow SSH and ICMP access.<br>
<br>
When I boot an image, as a member of the admin tenant, the instance is correctly assigned an IP address from the admin tenant’s private network. I next allocate (nova floating-ip-create admin-net.float) a floating IP address and associated it my running instance.<br>
<br>
However, I’m unable to ping the running instance, and I see no indication of the end of the tunnel being established on the network/controller node.<br>
<br>
I’m not that well versed with network namespaces nor the openvswitch commands. <br>
<br>
2 questions. Does my overall configuration sound correct? And how best to diagnose what’s going on here? Any pointers would be helpful. Additional details can be provided as needed. Thanks loads in advance.<br>
<br>
Regards,<br>
/ross<br>
<br>
—<br>
<br>
(neutron) net-list<br>
+--------------------------------------+------------+----------------------------------------------------+<br>
| id | name | subnets |<br>
+--------------------------------------+------------+----------------------------------------------------+<br>
| 2426f4d8-a983-4f50-ab5a-fd2a37e5cd94 | campus-net | a948538d-c2c2-4c02-9116-b89a79f0c73a <a href="http://173.23.0.0/16" target="_blank">173.23.0.0/16</a> |<br>
| e6984375-f35b-4636-a293-43d0d296e0ff | admin-net | 2ced890b-944f-4f6e-8f7a-3f5a4d07c2bb <a href="http://10.0.1.0/24" target="_blank">10.0.1.0/24</a> |<br>
+--------------------------------------+------------+----------------------------------------------------+<br>
(neutron) subnet-list<br>
+--------------------------------------+--------------------+---------------+---------------------------------------------------+<br>
| id | name | cidr | allocation_pools |<br>
+--------------------------------------+--------------------+---------------+---------------------------------------------------+<br>
| 2ced890b-944f-4f6e-8f7a-3f5a4d07c2bb | admin-net.1 | <a href="http://10.0.1.0/24" target="_blank">10.0.1.0/24</a> | {"start": "10.0.1.2", "end": "10.0.1.254"} |<br>
| a948538d-c2c2-4c02-9116-b89a79f0c73a | admin-net.floating | <a href="http://173.23.0.0/16" target="_blank">173.23.0.0/16</a> | {"start": "173.23.182.2", "end": "173.23.182.15"} |<br>
+--------------------------------------+--------------------+---------------+---------------------------------------------------+<br>
(neutron) router-list<br>
+--------------------------------------+-----------+-----------------------------------------------------------------------------+<br>
| id | name | external_gateway_info |<br>
+--------------------------------------+-----------+-----------------------------------------------------------------------------+<br>
| 43c596c4-65fe-4c22-a48a-0a6e200abf78 | campus-gw | {"network_id": "2426f4d8-a983-4f50-ab5a-fd2a37e5cd94", "enable_snat": true} |<br>
+--------------------------------------+-----------+-----------------------------------------------------------------------------+<br>
(neutron) router-show campus-gw<br>
+-----------------------+-----------------------------------------------------------------------------+<br>
| Field | Value |<br>
+-----------------------+-----------------------------------------------------------------------------+<br>
| admin_state_up | True |<br>
| external_gateway_info | {"network_id": "2426f4d8-a983-4f50-ab5a-fd2a37e5cd94", "enable_snat": true} |<br>
| id | 43c596c4-65fe-4c22-a48a-0a6e200abf78 |<br>
| name | campus-gw |<br>
| routes | |<br>
| status | ACTIVE |<br>
| tenant_id | service |<br>
+-----------------------+-----------------------------------------------------------------------------+<br>
(neutron) security-group-list<br>
+--------------------------------------+---------+-------------+<br>
| id | name | description |<br>
+--------------------------------------+---------+-------------+<br>
| 0d66a3e2-7a0f-4caf-8b63-c3c8f3106242 | default | default |<br>
| c87230fa-9193-47a7-8ade-cec5f7f6b958 | default | default |<br>
+--------------------------------------+---------+-------------+<br>
(neutron)
<div>root@cirrus3:/var/log/neutron# nova list<br>
+--------------------------------------+------+--------+------------+-------------+----------------------------------+<br>
| ID | Name | Status | Task State | Power State | Networks |<br>
+--------------------------------------+------+--------+------------+-------------+----------------------------------+<br>
| ccdf7541-3a74-4289-a8ce-9fe5cffe9dbd | tvm1 | ACTIVE | None | Running | admin-net=10.0.1.2, 173.23.182.3 |<br>
+--------------------------------------+------+--------+------------+-------------+----------------------------------+<br>
root@cirrus3:/var/log/neutron# nova show tvm1<br>
+--------------------------------------+----------------------------------------------------------+<br>
| Property | Value |<br>
+--------------------------------------+----------------------------------------------------------+<br>
| status | ACTIVE |<br>
| updated | 2014-02-11T00:03:25Z |<br>
| OS-EXT-STS:task_state | None |<br>
| OS-EXT-SRV-ATTR:host | cn1 |<br>
| key_name | root |<br>
| image | cirros (57a9f5d6-8b07-4bdb-b8a0-900de339d804) |<br>
| admin-net network | 10.0.1.2, 173.23.182.3 |<br>
| hostId | 982cd20cde9c5f8514c95b5ca8530258fa9454cdc988a8b007a6d20b |<br>
| OS-EXT-STS:vm_state | active |<br>
| OS-EXT-SRV-ATTR:instance_name | instance-00000021 |<br>
| OS-SRV-USG:launched_at | 2014-02-11T00:03:25.000000 |<br>
| OS-EXT-SRV-ATTR:hypervisor_hostname | cn1 |<br>
| flavor | m1.tiny (1) |<br>
| id | ccdf7541-3a74-4289-a8ce-9fe5cffe9dbd |<br>
| security_groups | [{u'name': u'default'}] |<br>
| OS-SRV-USG:terminated_at | None |<br>
| user_id | 090a2de6e74b4573bd29318d4f494191 |<br>
| name | tvm1 |<br>
| created | 2014-02-11T00:02:47Z |<br>
| tenant_id | ec54b7cadcab4620bbb6d568be7bd4a8 |<br>
| OS-DCF:diskConfig | MANUAL |<br>
| metadata | {} |<br>
| os-extended-volumes:volumes_attached | [] |<br>
| accessIPv4 | |<br>
| accessIPv6 | |<br>
| progress | 0 |<br>
| OS-EXT-STS:power_state | 1 |<br>
| OS-EXT-AZ:availability_zone | nova |<br>
| config_drive | |<br>
+--------------------------------------+----------------------------------------------------------+<br>
root@cirrus3:/var/log/neutron# <br>
<br>
<div>--<br>
Ross Lillie<br>
Distinguished Member of Technical Staff<br>
Motorola Solutions, Inc.<br>
<br>
<a href="http://motorolasolutions.com" target="_blank">motorolasolutions.com</a><br>
O: <a href="tel:%2B1.847.576.0012" value="+18475760012" target="_blank">+1.847.576.0012</a><br>
M: <a href="tel:%2B1.847.980.2241" value="+18479802241" target="_blank">+1.847.980.2241</a><br>
E: <a href="mailto:ross.lillie@motorolasolutions.com" target="_blank">ross.lillie@motorolasolutions.com</a><br>
<br>
<br>
<span><img src="cid:75FF7557-F6FD-4406-A0BB-5CBD9BE3780A@comm.mot.com" height="33" width="277"></span><br>
</div>
<br>
</div>
</div>
<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div>