<div dir="ltr"><div><div>sorry for the noise - I've just forgot to define one more sec-rule.<br></div>Now it's working.<br><br></div>Cris<br><div><div><br><br><br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, May 3, 2015 at 9:44 PM, Cristina Aiftimiei <span dir="ltr"><<a href="mailto:caifti@gmail.com" target="_blank">caifti@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Hi James,<br><br></div>thank you very much for the answer!<br><div class="gmail_extra"><br><div class="gmail_quote"><span class="">On Sun, May 3, 2015 at 5:54 PM, James Denton <span dir="ltr"><<a href="mailto:james.denton@rackspace.com" target="_blank">james.denton@rackspace.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><div>Hi Christina,
</div><div><br></div><div>Is 131.X.Y.Z configured as a floating IP and associated with the LB VIP port? </div></div></blockquote><div> </div></span><div>yes<br># neutron floatingip-list<br> +--------------------------------------+------------------+---------------------+--------------------------------------+<br>| id | fixed_ip_address | floating_ip_address | port_id |<br>+--------------------------------------+------------------+---------------------+--------------------------------------+<br>| d04cb674-ae42-435f-be10-a66fd9f4ca4b | 10.0.1.10 | 131.X.Y.W | 3699ac91-6287-4b2b-a637-03eae03abde4 |<br>| e6448d37-3c26-4601-b4a5-a5e6b041af34 | 10.0.1.22 | 131.X.Y.Z | b003b440-a092-409e-b329-eca38eada1f4 |<span class=""><br><br>$ neutron lb-vip-list<br>+--------------------------------------+-------+-----------+----------+----------------+--------+<br>| id | name | address | protocol | admin_state_up | status |<br>+--------------------------------------+-------+-----------+----------+----------------+--------+<br>| 824c9ee7-c9bd-40fd-91ff-1f2b88372f95 | myvip | 10.0.1.22 | HTTP | True | ACTIVE |<br>+--------------------------------------+-------+-----------+----------+----------------+--------+<br><br></span>$ neutron port-list |grep 1.22<br>+--------------------------------------+------------------------------------------+-------------------+----------------------------------------------------------------------------------+<br>| id | name | mac_address | fixed_ips |<br>+--------------------------------------+------------------------------------------+-------------------+----------------------------------------------------------------------------------+<br>| b003b440-a092-409e-b329-eca38eada1f4 | vip-824c9ee7-c9bd-40fd-91ff-1f2b88372f95 | fa:16:3e:c9:58:a1 | {"subnet_id": "df1dd585-2c59-49c4-b995-53d6cfa26e3c", "ip_address": "10.0.1.22"} |<br><br><br></div><span class=""><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><div>The NAT is configured on the router connected to the VIP network, in this case private_net. </div></div></blockquote><div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><div>Can the router access the VIP 10.0.1.22? I’d start there.</div></div></blockquote><div> </div></span><div>how do I check this? <br></div><div>I can see:<br># ip netns exec qrouter-0af31338-5aba-4dd3-9af5-6ba0050bea93 ip a |grep inet<br> inet <a href="http://127.0.0.1/8" target="_blank">127.0.0.1/8</a> scope host lo<br> inet6 ::1/128 scope host <br> inet <a href="http://131.154.96.19/24" target="_blank">131.X.Y.U/24</a> brd 131.154.96.255 scope global qg-00604913-37<br> inet <a href="http://131.154.96.20/32" target="_blank">131.X.Y.W/32</a> brd 131.154.96.20 scope global qg-00604913-37<br> inet <a href="http://131.154.96.28/32" target="_blank">131.X.Y.Z/32</a> brd 131.154.96.28 scope global qg-00604913-37<br> inet6 fe80::f816:3eff:fe25:fb59/64 scope link <br> inet <a href="http://10.0.1.1/24" target="_blank">10.0.1.1/24</a> brd 10.0.1.255 scope global qr-3ed09227-5f<br> inet6 fe80::f816:3eff:feeb:f81c/64 scope link <br><br></div><div>Thanks again,<br></div><div>Cristina<br></div><div><div class="h5"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><div><br></div><div>James</div><div><br></div><div><br></div>
<br><div><blockquote type="cite"><div><div><div>On May 1, 2015, at 4:21 PM, Cristina Aiftimiei <<a href="mailto:caifti@gmail.com" target="_blank">caifti@gmail.com</a>> wrote:</div><br></div></div><div><div><div><div dir="ltr"><div><div><div><div><div><div><div>Dear all,<br><br></div>I have a problem when configuring LBaaS in Juno.<br></div>Our setup is an OpenStack Juno with 2 controller and 2 network nodes in HA, using HAproxy & Keepalived.<br></div><br>After playing with the Havana version, where services were not in HA (just 1 controller and 1 network-node) and where everything was working as explained in all posts and blogs that I found around (mainly based on <a href="https://wiki.openstack.org/wiki/Neutron/LBaaS/HowToRun" target="_blank">https://wiki.openstack.org/wiki/Neutron/LBaaS/HowToRun</a>) I went on configuring in a similar way the Juno version.<br><br></div><div>Everyting went fine until the last check "curl<vip-floating-ip>" that says "curl: (7) couldn't connect to host" (Connection timed out)<br><br></div>Some details:<br><br>$ neutron router-list<br>+--------------------------------------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br>| id | name | external_gateway_info |<br>+--------------------------------------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br>| 0af31338-5aba-4dd3-9af5-6ba0050bea93 | myrouter | {"network_id": "17d5949b-5694-4eab-abe0-c8039f0bd498", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "825bc708-c4f9-4684-8c20-8bddf7e5aa7b", "ip_address": "131.X.Y.U"}]} |<br>+--------------------------------------+----------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+<br><br>$ neutron lb-pool-list<br>+--------------------------------------+--------+----------+-------------+----------+----------------+--------+<br>| id | name | provider | lb_method | protocol | admin_state_up | status |<br>+--------------------------------------+--------+----------+-------------+----------+----------------+--------+<br>| 3ed76c5b-681b-46dc-80ac-83c6686adc18 | mypool | haproxy | ROUND_ROBIN | HTTP | True | ACTIVE |<br>+--------------------------------------+--------+----------+-------------+----------+----------------+--------+<br><br>$ neutron lb-vip-list<br>+--------------------------------------+-------+-----------+----------+----------------+--------+<br>| id | name | address | protocol | admin_state_up | status |<br>+--------------------------------------+-------+-----------+----------+----------------+--------+<br>| 824c9ee7-c9bd-40fd-91ff-1f2b88372f95 | myvip | 10.0.1.22 | HTTP | True | ACTIVE |<br>+--------------------------------------+-------+-----------+----------+----------------+--------+<br><br>$ nova list<br>+--------------------------------------+------------+--------+------------+-------------+--------------------------------------+<br>| ID | Name | Status | Task State | Power State | Networks |<br>+--------------------------------------+------------+--------+------------+-------------+--------------------------------------+<br>| 959f0059-f5a8-4085-b093-a1d30d22170c | jumphost | ACTIVE | - | Running | private_net=10.0.1.10, 131.X.Y.W |<br>| 0ecbe8de-8219-4c05-9198-ce0b8cca8bc5 | webserver1 | ACTIVE | - | Running | private_net=10.0.1.11 |<br>| ac62c3f3-5b2d-40f3-afb7-c83291541bf5 | webserver2 | ACTIVE | - | Running | private_net=10.0.1.12 |<br>+--------------------------------------+------------+--------+------------+-------------+--------------------------------------+<br><br># ip netns exec qlbaas-3ed76c5b-681b-46dc-80ac-83c6686adc18 curl <a href="http://10.0.1.22/" target="_blank">http://10.0.1.22</a><br>Welcome to webserver1<br># ip netns exec qlbaas-3ed76c5b-681b-46dc-80ac-83c6686adc18 curl <a href="http://10.0.1.22/" target="_blank">http://10.0.1.22</a><br>Welcome to webserver2<br><br>$ curl -vvv 131.X.Y.Z<br>* About to connect() to 131.X.Y.Z port 80 (#0)<br>* Trying 131.X.Y.Z... Connection timed out<br>* couldn't connect to host<br>* Closing connection #0<br>curl: (7) couldn't connect to host<br><br></div>Am I missing something? Where can I look for errors or missconfigurations?<br><br></div>Thank you very much,<br></div>Cristina<br><br></div></div></div>
_______________________________________________<br>Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br></div></blockquote></div><br></div></blockquote></div></div></div><br></div></div>
</blockquote></div><br></div></div></div>