<div dir="ltr"><div><div><div>Hi,<br><br></div>Thanks for your response.<br></div>I just disabled SEG function(deployed in compute nodes).<br>The ICMP packets even hadn't leave network node. I cannot tcpdump packet on qr-xx interface.<br>
<br></div><div>Can you introduce your demo? Havana or Icehouce? Network node kernel version? etc.<br></div><div><div><div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">2014-09-03 12:38 GMT+08:00 Akihiro Motoki <span dir="ltr"><<a href="mailto:amotoki@gmail.com" target="_blank">amotoki@gmail.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<div><br></div><div>I did the same in the past for demo, and it worked well.</div><div>Does secgroup of VM2 allow connections from VM1?</div>
<div><div class=""><br><br>2014年9月3日水曜日、Germy Lure<<a href="mailto:germy.lure@gmail.com" target="_blank">germy.lure@gmail.com</a>>さんは書きました:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Hi Stackers,<br><br></div><div><div class="h5">Network TOPO like this: VM1(net1)--Router1-------IPSec VPN tunnel-------Router2--VM2(net2)<br>
</div></div></div><div><div class="h5"><div>If
left and right side deploy on different OpenStack environments, it
works well. But in the same environment, Router1 and Router2 are
namespace implement in the same network node. I cannot ping from VM1 to
VM2.<br>
</div><div><br>In R2(Router2), tcpdump tool tells us that R2 receives ICMP echo request packets but doesnt send them out.<br><br><div style="margin-left:40px"><i><font size="1">7837C113-D21D-B211-9630-</font></i><i><font size="1">000000821800:~ # ip netns exec qrouter-4fd2e76e-37d0-4d05-</font></i><i><font size="1">b5a1-dd987c0231ef tcpdump -i any </font></i><br>
<i><font size="1">tcpdump: verbose output suppressed, use -v or -vv for full protocol decode</font></i><br><i><font size="1">listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes</font></i><br><i><font size="1">
11:50:14.853470 IP 10.10.5.2 > <a href="http://10.10.5.3" target="_blank">10.10.5.3</a>: ESP(spi=0xc6d65c02,seq=0x1e6), length 132</font></i><br><i><font size="1">11:50:14.853470 IP 128.6.25.2 > <a href="http://128.6.26.2" target="_blank">128.6.26.2</a>: ICMP echo request, id 44567, seq 486, length 64</font></i><br>
<i><font size="1">
11:50:15.853475 IP 10.10.5.2 > <a href="http://10.10.5.3" target="_blank">10.10.5.3</a>: ESP(spi=0xc6d65c02,seq=0x1e7), length 132</font></i><br><i><font size="1">11:50:15.853475 IP 128.6.25.2 > <a href="http://128.6.26.2" target="_blank">128.6.26.2</a>: ICMP echo request, id 44567, seq 487, length 64</font></i><br>
<i><font size="1">
11:50:16.853461 IP 10.10.5.2 > <a href="http://10.10.5.3" target="_blank">10.10.5.3</a>: ESP(spi=0xc6d65c02,seq=0x1e8), length 132</font></i><br><i><font size="1">11:50:16.853461 IP 128.6.25.2 > <a href="http://128.6.26.2" target="_blank">128.6.26.2</a>: ICMP echo request, id 44567, seq 488, length 64</font></i><br>
<i><font size="1">
11:50:17.853447 IP 10.10.5.2 > <a href="http://10.10.5.3" target="_blank">10.10.5.3</a>: ESP(spi=0xc6d65c02,seq=0x1e9), length 132</font></i><br><i><font size="1">11:50:17.853447 IP 128.6.25.2 > <a href="http://128.6.26.2" target="_blank">128.6.26.2</a>: ICMP echo request, id 44567, seq 489, length 64</font></i><br>
<i><font size="1">
^C</font></i><br><i><font size="1">8 packets captured</font></i><br><i><font size="1">8 packets received by filter</font></i><br><i><font size="1">0 packets dropped by kernel</font></i><br></div><br></div><div>ip addr in R2:<br>
</div><br><div style="margin-left:40px"><font size="1">7837C113-D21D-B211-9630-</font><font size="1">000000821800:~ # ip netns exec qrouter-4fd2e76e-37d0-4d05-</font><font size="1">b5a1-dd987c0231ef ip addr<br>
187: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN group default <br> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br> inet <a href="http://127.0.0.1/8" target="_blank">127.0.0.1/8</a> scope host lo<br>
inet6 ::1/128 scope host <br> valid_lft forever preferred_lft forever<br>206: qr-4bacb61c-72: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default <br> link/ether fa:16:3e:23:10:97 brd ff:ff:ff:ff:ff:ff<br>
inet <a href="http://128.6.26.1/24" target="_blank">128.6.26.1/24</a> brd 128.6.26.255 scope global qr-4bacb61c-72<br> inet6 fe80::f816:3eff:fe23:1097/64 scope link <br> valid_lft forever preferred_lft forever<br>
208: qg-4abd4bb0-21: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default <br>
link/ether fa:16:3e:e6:cd:1a brd ff:ff:ff:ff:ff:ff<br> inet <a href="http://10.10.5.3/24" target="_blank">10.10.5.3/24</a> brd 10.10.5.255 scope global qg-4abd4bb0-21<br> inet6 fe80::f816:3eff:fee6:cd1a/64 scope link <br>
valid_lft forever preferred_lft forever<br></font></div><br><br>In addition, the kernel counter "/proc/net/snmp" in namespace is unchanged. These couters do not work well with namespace?<br><div>
<br><br></div><div>BR,<br></div>Germy</div></div></div>
</blockquote></div>
<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div></div></div></div></div></div></div>