<div dir="ltr">Hi Andreas,<br><br>Thank you for your response.<br>I think that the flat networking configuration is more appropriate when we need to enable the access from the controller to the VM and vice versa.<br><br>Best regards,<br>
Marouen<br><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-08-18 17:52 GMT+02:00 Andreas Scheuring <span dir="ltr"><<a href="mailto:scheuran@linux.vnet.ibm.com" target="_blank">scheuran@linux.vnet.ibm.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi Marouen,<br>
<br>
interesting setup that you're driving.<br>
Not sure if I can help you out but let's try.<br>
<br>
You're able to ping both feets of your router from within your vm -<br>
that's great!<br>
But you cannot ping the routers feets from your hypervisor, right?<br>
<br>
--> That makes sense to me.<br>
In general you will never be able to ping your instances private ip from<br>
the controller or from the hypervisor (this might change with dvr, but<br>
that's not yet released I guess). Cause neither the hypevisor nor the<br>
controller has a foot into the real tenant network (vlan or whatever).<br>
<br>
The only chance is via the network node, where the virtual router sits.<br>
Only there you can enter the tenant network. But this will not work<br>
while just pinging the guest. Let me tell you why:<br>
<br>
Routers are realized in network namespaces. So what you have to do is to<br>
switch to the network namespace and ping from there<br>
# ip netns show<br>
--> shows all network namespaces. There should be one with qrouter.xxxx<br>
# ip netns exec qrouter-xxxx ip a<br>
--> list all interfaces in that namespace. Here you should see 2 devices<br>
with your routers ip addresses<br>
# ip netns exec qrouter-xxxx ping <instance-ip><br>
--> ping should be possible.<br>
<br>
<br>
Then you also tried out with floating ip and SSH to the floating ip<br>
works from a remote host, but not from your openstack nodes, right?<br>
And from your openstack nodes you can also ping the instance, so<br>
connection might be there.<br>
I have no clue what this might be. Somehting with iptables? Floating IPs<br>
are realized with NAT. Maybe that gives you a hint where to debug...<br>
<br>
<br>
Regards<br>
<span class="HOEnZb"><font color="#888888">Andreas<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
<br>
<br>
<br>
On Fri, 2014-08-15 at 16:55 +0200, Marouen Mechtri wrote:<br>
> Another detail that can be useful.<br>
> I can ping the floating IP of my instance and I can telnet the port<br>
> 22 from the controller, compute and network nodes<br>
><br>
><br>
> Trying 192.168.100.121...<br>
> Connected to 192.168.100.121.<br>
> Escape character is '^]'.<br>
> SSH-2.0-dropbear_2012.55<br>
><br>
><br>
> but I can not ssh from the controller, compute and network nodes.<br>
> From an external host I can ssh my instance.<br>
><br>
><br>
><br>
><br>
> Thank you in advance.<br>
><br>
><br>
> Best regards,<br>
> Marouen<br>
><br>
><br>
> 2014-08-15 16:17 GMT+02:00 Marouen Mechtri <<a href="mailto:mechtri.marwen@gmail.com">mechtri.marwen@gmail.com</a>>:<br>
> Hi Andreas,<br>
><br>
><br>
> I setup OpenStack on multinode (like the picture you<br>
> sent <a href="http://docs.openstack.org/havana/install-guide/install/apt/content/figures/3/a/common/figures/Neutron-PhysNet-Diagram.png" target="_blank">http://docs.openstack.org/havana/install-guide/install/apt/content/figures/3/a/common/figures/Neutron-PhysNet-Diagram.png</a>)<br>
> and I'm using Icehouse release with openvswitch and GRE<br>
> tunnel.<br>
> For more detail about the network configuration:<br>
> <a href="https://raw.githubusercontent.com/ChaimaGhribi/OpenStack-Icehouse-Installation/master/images/network-topo.jpg" target="_blank">https://raw.githubusercontent.com/ChaimaGhribi/OpenStack-Icehouse-Installation/master/images/network-topo.jpg</a><br>
><br>
><br>
><br>
> I'm running the controller and network nodes on VMs (in the<br>
> compute node) and the compute node is my physical host.<br>
><br>
><br>
> Evry things are OK and I'm able to deploy instances and I can<br>
> ping from my instance the router gateways (connected to tenant<br>
> network and to the extenal nework)<br>
><br>
><br>
> The only issue I have I can not ping the tenant address of my<br>
> instance and the address of the tenant gateway from the<br>
> controller, network and compute nodes.<br>
> I can not also ping the controller node from my instance.<br>
><br>
><br>
> Could you please help me to solve this issue.<br>
><br>
><br>
> Thank you in advance.<br>
> Best regards,<br>
> Marouen<br>
><br>
><br>
> 2014-08-15 13:36 GMT+02:00 Andreas Scheuring<br>
> <<a href="mailto:scheuran@linux.vnet.ibm.com">scheuran@linux.vnet.ibm.com</a>>:<br>
><br>
> Hi,<br>
> just that we're on the same page. Please have a look<br>
> at this picture:<br>
> <a href="http://docs.openstack.org/havana/install-guide/install/apt/content/figures/3/a/common/figures/Neutron-PhysNet-Diagram.png" target="_blank">http://docs.openstack.org/havana/install-guide/install/apt/content/figures/3/a/common/figures/Neutron-PhysNet-Diagram.png</a><br>
><br>
> With the provider network you create a network that<br>
> matches the green<br>
> External & the purple api network (as you have a<br>
> combined controller +<br>
> network node). This is where you already have vlan,<br>
> right?<br>
><br>
> And on the green data network you try to use gre,<br>
> right?<br>
><br>
> Or does you controller only have one physical nic for<br>
> all kind of<br>
> traffic?<br>
><br>
><br>
> I'm sorry but I do not yet understand your setup and<br>
> what you're trying<br>
> to achieve.<br>
><br>
> Please keep always the mailing lists on cc, as others<br>
> might also be<br>
> interested.<br>
><br>
><br>
><br>
> Regards,<br>
> Andreas<br>
><br>
><br>
><br>
> On Fri, 2014-08-15 at 14:21 +0700, Nhan Cao wrote:<br>
> > hi,<br>
> > i deploy on multinode with neutron and openvswitch.<br>
> > My Infrastructure has a exists VLAN, now, i'm using<br>
> GRE type network.<br>
> > I found a article about that<br>
> ><br>
> <a href="http://trickycloud.wordpress.com/2013/11/12/setting-up-a-flat-network-with-neutron/" target="_blank">http://trickycloud.wordpress.com/2013/11/12/setting-up-a-flat-network-with-neutron/</a><br>
> > Could you give me a advice? i should choose VLAN or<br>
> GRE for best?<br>
> > Thanks<br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > 2014-08-15 13:46 GMT+07:00 Andreas Scheuring<br>
> > <<a href="mailto:scheuran@linux.vnet.ibm.com">scheuran@linux.vnet.ibm.com</a>>:<br>
> > Hi Nhan,<br>
> > I guess more information is required to help<br>
> you out there.<br>
> ><br>
> > It would be helpful to know which setup<br>
> you're using, e.g. a<br>
> > singlenode<br>
> > or multinode setup, openvswitch for network<br>
> virtualiation or<br>
> > something<br>
> > else? Are you using nova network or neutron<br>
> networking?<br>
> ><br>
> > If I got it right you created a tenant<br>
> network in openstack<br>
> > (in your<br>
> > case vm network). In addition your host<br>
> (hypervisor) has a an<br>
> > eth<br>
> > interface into the physical network, right?<br>
> ><br>
> > You also mentioned that your physical<br>
> network is a vlan<br>
> > network. Is your<br>
> > hypervisor aware of this vlan tagging or is<br>
> this done by a<br>
> > access port<br>
> > config in your switch?<br>
> ><br>
> ><br>
> > And what you want to achieve is to connect a<br>
> vm attached to<br>
> > the<br>
> > openstack vm network to your physical vlan<br>
> network. Did I get<br>
> > you right?<br>
> ><br>
> > Basically you would create a so called<br>
> "provider network" that<br>
> > represents your physical network and connect<br>
> this provider<br>
> > network via a<br>
> > virtual router to your vm network.<br>
> ><br>
> > More information you can find here:<br>
> ><br>
> <a href="http://docs.openstack.org/admin-guide-cloud/content/under_the_hood_openvswitch.html#under_the_hood_openvswitch_scenario1" target="_blank">http://docs.openstack.org/admin-guide-cloud/content/under_the_hood_openvswitch.html#under_the_hood_openvswitch_scenario1</a><br>
> ><br>
> ><br>
> > Regards,<br>
> > Andreas<br>
> ><br>
> ><br>
> ><br>
> > On Fri, 2014-08-15 at 00:00 +0700, Nhan Cao<br>
> wrote:<br>
> > > Hi<br>
> > > I have to network:<br>
> > > vm network: <a href="http://10.2.21.0/24" target="_blank">10.2.21.0/24</a><br>
> > > exist VLAN network: <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a><br>
> > > I want to connect from my VM network to<br>
> physic VLAN network.<br>
> > ><br>
> > > How i config to connect?<br>
> > ><br>
> > ><br>
> > ><br>
> > > Thanks :)<br>
> > ><br>
> > ><br>
> ><br>
> > ><br>
> _______________________________________________<br>
> > > Mailing list:<br>
> ><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
> > > Post to :<br>
> <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
> > > Unsubscribe :<br>
> ><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
> ><br>
> ><br>
> ><br>
> ><br>
> _______________________________________________<br>
><br>
> > OpenStack-operators mailing list<br>
> > <a href="mailto:OpenStack-operators@lists.openstack.org">OpenStack-operators@lists.openstack.org</a><br>
> ><br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators</a><br>
> ><br>
> ><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Mailing list:<br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
> Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
> Unsubscribe :<br>
> <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
><br>
><br>
><br>
><br>
><br>
<br>
<br>
</div></div></blockquote></div><br></div>