<div dir="ltr">Yes, I am able to ping the gateway address from within the snat namespace:<div><br></div><div>--</div><div>$ sudo ip netns exec snat-9e849e49-ed36-4280-a53c-47d6f5afbea2 ping 10.36.7.253<br>PING 10.36.7.253 (10.36.7.253) 56(84) bytes of data.<br>64 bytes from <a href="http://10.36.7.253">10.36.7.253</a>: icmp_seq=1 ttl=255 time=1.42 ms<br>64 bytes from <a href="http://10.36.7.253">10.36.7.253</a>: icmp_seq=2 ttl=255 time=0.685 ms<br>64 bytes from <a href="http://10.36.7.253">10.36.7.253</a>: icmp_seq=3 ttl=255 time=0.439 ms<br>^C<br>--- 10.36.7.253 ping statistics ---<br>3 packets transmitted, 3 received, 0% packet loss, time 2000ms<br>rtt min/avg/max/mdev = 0.439/0.850/1.426/0.419 ms</div><div>--</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 2, 2016 at 10:46 PM, Dileep Varma Bairraju <span dir="ltr"><<a href="mailto:varma123@gmail.com" target="_blank">varma123@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">It seems like you have 5 tenants, correlating to 5 snat namespaces. Your 'qg-' interfaces have proper ip configured, within the snat namespaces, verify if you are able to resolve arp for '<span style="font-size:12.8px">10.36.7.253'. From within the namespace try pinging gw. </span><span class="HOEnZb"><font color="#888888"><div><br></div><div>-Dileep</div></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 2, 2016 at 10:30 PM, Jagga Soorma <span dir="ltr"><<a href="mailto:jagga13@gmail.com" target="_blank">jagga13@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">We us a external vm network of <span style="font-size:13px;color:rgb(0,0,0);font-family:Arial"><a href="http://10.36.6.0/23" target="_blank">10.36.6.0/23</a>. </span>Looks like I do have some snat rules but no idea what I should be specifically looking for in here:<br><br>$ ip netns | grep -i snat<br>snat-9e849e49-ed36-4280-a53c-47d6f5afbea2<br>snat-716dc7bd-9d6b-41da-aa6a-a484398785b1<br>snat-bece0591-c55b-4a48-bc2b-77873a3ebce1<br>snat-803e06a4-4499-4ce0-bda6-fb158e717b9e<br>snat-6e4669f9-0b63-4b60-bdf6-94037b4c1e23<br><br><br>$ sudo ip netns exec snat-9e849e49-ed36-4280-a53c-47d6f5afbea2 ip a | grep "inet"<br> inet <a href="http://127.0.0.1/8" target="_blank">127.0.0.1/8</a> scope host lo<br> inet6 ::1/128 scope host <br> inet <a href="http://192.168.5.4/24" target="_blank">192.168.5.4/24</a> brd 192.168.5.255 scope global sg-86abc456-8d<br> inet6 fe80::f816:3eff:fe23:7166/64 scope link <br> inet <a href="http://10.36.6.240/23" target="_blank">10.36.6.240/23</a> brd 10.36.7.255 scope global qg-09e400d1-28<br> inet6 fe80::f816:3eff:fe52:dc9a/64 scope link <br><br><br>$ sudo ip netns exec snat-bece0591-c55b-4a48-bc2b-77873a3ebce1 ip a | grep "inet"<br> inet <a href="http://127.0.0.1/8" target="_blank">127.0.0.1/8</a> scope host lo<br> inet6 ::1/128 scope host <br> inet <a href="http://192.168.8.4/24" target="_blank">192.168.8.4/24</a> brd 192.168.8.255 scope global sg-ec9b41fe-3b<br> inet6 fe80::f816:3eff:feb5:a225/64 scope link <br> inet <a href="http://10.36.6.79/23" target="_blank">10.36.6.79/23</a> brd 10.36.7.255 scope global qg-b1f38a3f-0b<br> inet6 fe80::f816:3eff:fe4b:4a1e/64 scope link <br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 2, 2016 at 10:09 PM, Remo Mattei <span dir="ltr"><<a href="mailto:remo@italy1.com" target="_blank">remo@italy1.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">not sure how you build your public network.. but usually it does not do dhcp. So those are details that are needed in order for us to give you solutions / options / checking etc based on what you are running, how it was configured etc.. <div><br></div><div>CentOS, Ubuntu, scripting just as an example..</div><div><br></div><div>Remo <br><div><blockquote type="cite"><div><div><div>On May 2, 2016, at 22:02, Jagga <<a href="mailto:jagga13@gmail.com" target="_blank">jagga13@gmail.com</a>> wrote:</div><br></div></div><div><div dir="auto"><div><div><div>That is what I thought but it does not seem to be working this way. How would I check our snat namespace and what specifically should I be looking for? My apologies but am very new to openstack.</div><div><br></div><div>Thanks.<br><br></div><div><br>On May 2, 2016, at 9:51 PM, Dileep Varma Bairraju <<a href="mailto:varma123@gmail.com" target="_blank">varma123@gmail.com</a>> wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr">Hi Jagga,<div><br></div><div>I don't think that's the right approach.Floating ip will effectively do a 1:1 NAT for a given a vm to reach external resources. But, there should be a ip from the external network that gets assigned to SNAT namespace on network node, this effectively will let all vm's (without floating ip) access external resources.</div><div><br></div><div>I'd suggest you check at your snat namespace for possible issues, as you seem to have patched the problem for that vm with floating ip's.</div><div><br></div><div>> <span style="font-family:arial,helvetica,sans-serif;line-height:22px">Is that by design or is there something wrong with our configuration?</span></div><div><span style="font-family:arial,helvetica,sans-serif;line-height:22px">As per design, you don't need to assign floating ip's for your vm's to get out, this should be done by SNAT by default as mentioned earlier, where all the vm's internal ip space maps one external ip.</span></div><div><br></div><div>Regards,</div><div>Dileep</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, May 2, 2016 at 8:32 PM, Jagga Soorma <span dir="ltr"><<a href="mailto:jagga13@gmail.com" target="_blank">jagga13@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><font size="2"><span style="font-family:arial,helvetica,sans-serif">Hi Guys,<br><br><span style="font-style:normal;font-weight:normal;letter-spacing:normal;line-height:22px;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;float:none;background-color:rgb(255,255,255);display:inline!important">Need some clarification regarding routing for instances without a floating ip address. Basically we have instances connected to a priv network that is also connected to our external network and our security group allows all egress traffic. However, we can't seem to get to any resource on our external network till a floating ip address is assigned. Once we assign a floating ip address we can get out. Is that by design or is there something wrong with our configuration?</span></span></font><br><br></div>Thanks.<br></div>
<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Regards,<br>Dileep V Bairraju</div>
</div>
</div></blockquote></div></div>
!DSPAM:1,572831b2317776163816806!
</div><span>
_______________________________________________<br>Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>Post to : <a href="mailto:openstack@lists.openstack.org" target="_blank">openstack@lists.openstack.org</a><br>Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br><br><br></span>!DSPAM:1,572831b2317776163816806!<br></div></blockquote></div><br></div></div></blockquote></div><br></div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Regards,<br>Dileep V Bairraju</div>
</div>
</div></div></blockquote></div><br></div>