neutron's OVS based VXLAN seems to be unable to access the network
I found that the cloud host I created cannot connect to the network. The network type is VXLAN, and it cannot even access cloud init I used this installation document (partially in Chinese) and it was normal around 2022, but it cannot be used after updating the software source recently. The use of VXLAN in cloud hosts has the following faults (1) Unable to access network resources other than ICMP (ping), and even curl http://169.254.169.254 (This also leads to the inability to use cloud init) (2) Sometimes unable to ping 169.254.169.254 for unknown reasons. (3)Any service other than ICMP service cannot be accessed, All firewalls and security groups are allowed or closed. My network situation is as follows Internal (vxlan) 10.0.0.0/24 Gateway 10.0.0.1 Router gateway 10.0.0.1 → 192.168.10.121 External (flat) 192.168.10.11.0/24 Gateway 192.168.10.1.1 If any other information is needed, I can provide it and hope to fix this error. system version:ubuntu 22.04 last version (online ) openstack Y version I used a command in the openstack routing host to check The specific details are as follows::(10.0.0.129 is cloud host,vxlan is port qr-4528fcca-21) ###start root@controller:~# ip netns qdhcp-2aa854ba-7fa6-43e4-989e-e97dafd777ee (id: 1) qdhcp-c7d9811d-1fcc-4aee-8f01-6f556fb56044 (id: 2) qrouter-48610214-6030-4e7e-8fe8-c60241e7c89c (id: 0) root@controller:~# ip netns exec qrouter-48610214-6030-4e7e-8fe8-c60241e7c89c bash root@controller:~# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 13: qr-4528fcca-21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether fa:16:3e:41:c8:47 brd ff:ff:ff:ff:ff:ff inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-4528fcca-21 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe41:c847/64 scope link valid_lft forever preferred_lft forever 14: qg-622550f9-80: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether fa:16:3e:31:eb:c2 brd ff:ff:ff:ff:ff:ff inet 192.168.101.121/24 brd 192.168.101.255 scope global qg-622550f9-80 valid_lft forever preferred_lft forever inet 192.168.101.177/32 brd 192.168.101.177 scope global qg-622550f9-80 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe31:ebc2/64 scope link valid_lft forever preferred_lft forever root@controller:~# tcpdump -i qr-4528fcca-21 -vvvvv tcpdump: listening on qr-4528fcca-21, link-type EN10MB (Ethernet), snapshot length 262144 bytes 17:36:02.295718 IP6 (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:02.371746 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from fa:16:3e:0f:28:ea (oui Unknown), length 300, xid 0xe07c1d6a, Flags [none] (0x0000) Client-Ethernet-Address fa:16:3e:0f:28:ea (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message (53), length 1: Discover Parameter-Request (55), length 13: Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121) Domain-Name (15), Domain-Name-Server (6), Hostname (12), YD (40) YS (41), NTP (42), MTU (26), Unknown (119) Default-Gateway (3) END (255), length 0 PAD (0), length 0, occurs 41 17:36:02.373214 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from fa:16:3e:0f:28:ea (oui Unknown), length 300, xid 0xe07c1d6a, Flags [none] (0x0000) Client-Ethernet-Address fa:16:3e:0f:28:ea (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message (53), length 1: Request Server-ID (54), length 4: 10.0.0.2 Requested-IP (50), length 4: 10.0.0.129 Parameter-Request (55), length 13: Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121) Domain-Name (15), Domain-Name-Server (6), Hostname (12), YD (40) YS (41), NTP (42), MTU (26), Unknown (119) Default-Gateway (3) END (255), length 0 PAD (0), length 0, occurs 29 17:36:02.402630 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:36:02.402639 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:36:02.403415 IP (tos 0x0, ttl 64, id 47481, offset 0, flags [DF], proto UDP (17), length 72) 10.0.0.129.46568 > 223.5.5.5.domain: [udp sum ok] 57238+ A? does-not-exist.example.com. (44) 17:36:02.403453 IP (tos 0x0, ttl 64, id 47482, offset 0, flags [DF], proto UDP (17), length 72) 10.0.0.129.46568 > 223.5.5.5.domain: [udp sum ok] 33458+ AAAA? does-not-exist.example.com. (44) 17:36:02.404176 IP (tos 0x0, ttl 253, id 44451, offset 0, flags [DF], proto UDP (17), length 104) 223.5.5.5.domain > 10.0.0.129.46568: [udp sum ok] 33458 q: AAAA? does-not-exist.example.com. 0/1/0 ns: does-not-exist.example.com. [5m] SOA <BAD PTR> [|domain] 17:36:02.568387 IP (tos 0x0, ttl 62, id 34373, offset 0, flags [DF], proto UDP (17), length 148) 223.5.5.5.domain > 10.0.0.129.46568: [udp sum ok] 57238 NXDomain- q: A? does-not-exist.example.com. 0/1/0 ns: example.com. [1s] SOA ns.icann.org. noc.dns.icann.org. 2024041801 7200 3600 1209600 3600 (120) 17:36:02.721968 IP6 (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:02.866526 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:ff0f:28ea: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::f816:3eff:fe0f:28ea unknown option (14), length 8 (1): 0x0000: b4d5 8b30 6d50 17:36:03.868276 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::f816:3eff:fe0f:28ea > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:03.868993 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe0f:28ea > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:0f:28:ea 0x0000: fa16 3e0f 28ea 17:36:04.038227 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::f816:3eff:fe0f:28ea > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:07.590618 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:36:07.591603 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:36:07.876243 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe0f:28ea > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:0f:28:ea 0x0000: fa16 3e0f 28ea 17:36:11.884088 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe0f:28ea > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:0f:28:ea 0x0000: fa16 3e0f 28ea 17:36:26.791124 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe37:6938 > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:37:69:38 0x0000: fa16 3e37 6938 17:36:34.348772 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:36:34.348788 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:36:43.071294 IP6 (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:43.139163 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from fa:16:3e:0f:28:ea (oui Unknown), length 300, xid 0x29d5e37d, Flags [none] (0x0000) Client-Ethernet-Address fa:16:3e:0f:28:ea (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message (53), length 1: Request Requested-IP (50), length 4: 10.0.0.129 Hostname (12), length 15: "host-10-0-0-129" Parameter-Request (55), length 13: Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121) Domain-Name (15), Domain-Name-Server (6), Hostname (12), YD (40) YS (41), NTP (42), MTU (26), Unknown (119) Default-Gateway (3) END (255), length 0 PAD (0), length 0, occurs 18 17:36:43.451136 IP6 (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:43.788779 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:ff0f:28ea: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::f816:3eff:fe0f:28ea unknown option (14), length 8 (1): 0x0000: eb9e aa08 ffc6 17:36:44.790128 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::f816:3eff:fe0f:28ea > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:44.791007 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe0f:28ea > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:0f:28:ea 0x0000: fa16 3e0f 28ea 17:36:45.433011 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::f816:3eff:fe0f:28ea > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:45.876227 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:36:45.876239 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:36:48.796920 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe0f:28ea > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:0f:28:ea 0x0000: fa16 3e0f 28ea 17:36:52.804263 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe0f:28ea > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:0f:28:ea 0x0000: fa16 3e0f 28ea 17:37:20.924762 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:37:20.924779 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:37:51.676660 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:37:51.676672 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:38:25.468636 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:38:25.468653 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:38:31.772908 IP (tos 0x0, ttl 64, id 19606, offset 0, flags [DF], proto ICMP (1), length 84) 10.0.0.129 > 8.8.8.8: ICMP echo request, id 1398, seq 1, length 64 17:38:31.783398 IP (tos 0x0, ttl 53, id 0, offset 0, flags [none], proto ICMP (1), length 84) 8.8.8.8 > 10.0.0.129: ICMP echo reply, id 1398, seq 1, length 64 17:38:32.774655 IP (tos 0x0, ttl 64, id 19790, offset 0, flags [DF], proto ICMP (1), length 84) 10.0.0.129 > 8.8.8.8: ICMP echo request, id 1398, seq 2, length 64 17:38:32.785097 IP (tos 0x0, ttl 53, id 0, offset 0, flags [none], proto ICMP (1), length 84) 8.8.8.8 > 10.0.0.129: ICMP echo reply, id 1398, seq 2, length 64 17:38:36.838640 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:38:36.839533 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:38:59.212868 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:38:59.212885 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:39:18.252924 IP (tos 0x0, ttl 64, id 29804, offset 0, flags [DF], proto TCP (6), length 60) 10.0.0.129.60668 > 169.254.169.254.http: Flags [S], cksum 0xd701 (correct), seq 3028122336, win 28200, options [mss 1410,sackOK,TS val 4294871008 ecr 0,nop,wscale 7], length 0 17:39:18.252998 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 169.254.169.254.http > 10.0.0.129.60668: Flags [S.], cksum 0x5eac (incorrect -> 0xfad3), seq 3154613265, ack 3028122337, win 64308, options [mss 1410,sackOK,TS val 3597215885 ecr 4294871008,nop,wscale 7], length 0 17:39:19.270668 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 169.254.169.254.http > 10.0.0.129.60668: Flags [S.], cksum 0x5eac (incorrect -> 0xf6d9), seq 3154613265, ack 3028122337, win 64308, options [mss 1410,sackOK,TS val 3597216903 ecr 4294871008,nop,wscale 7], length 0 17:39:21.286651 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 169.254.169.254.http > 10.0.0.129.60668: Flags [S.], cksum 0x5eac (incorrect -> 0xeef9), seq 3154613265, ack 3028122337, win 64308, options [mss 1410,sackOK,TS val 3597218919 ecr 4294871008,nop,wscale 7], length 0 17:39:23.430642 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:39:23.432189 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:39:25.478662 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 169.254.169.254.http > 10.0.0.129.60668: Flags [S.], cksum 0x5eac (incorrect -> 0xde99), seq 3154613265, ack 3028122337, win 64308, options [mss 1410,sackOK,TS val 3597223111 ecr 4294871008,nop,wscale 7], length 0 17:39:33.670667 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 169.254.169.254.http > 10.0.0.129.60668: Flags [S.], cksum 0x5eac (incorrect -> 0xbe99), seq 3154613265, ack 3028122337, win 64308, options [mss 1410,sackOK,TS val 3597231303 ecr 4294871008,nop,wscale 7], length 0 17:39:44.044984 IP (tos 0x0, ttl 64, id 29814, offset 0, flags [DF], proto TCP (6), length 131) 10.0.0.129.60668 > 169.254.169.254.http: Flags [P.], cksum 0x2428 (correct), seq 1:80, ack 1, win 221, options [nop,nop,TS val 4294896800 ecr 3597215885], length 79: HTTP, length: 79 GET / HTTP/1.1 User-Agent: curl/7.29.0 Host: 169.254.169.254 Accept: */* 17:39:44.086640 IP (tos 0x0, ttl 64, id 60194, offset 0, flags [DF], proto TCP (6), length 52) 169.254.169.254.http > 10.0.0.129.60668: Flags [.], cksum 0x5ea4 (incorrect -> 0x58b3), seq 1, ack 80, win 502, options [nop,nop,TS val 3597241719 ecr 4294896800], length 0 17:39:44.140919 IP (tos 0x0, ttl 64, id 60195, offset 0, flags [DF], proto TCP (6), length 267) 169.254.169.254.http > 10.0.0.129.60668: Flags [P.], cksum 0x5f7b (incorrect -> 0x1982), seq 1:216, ack 80, win 502, options [nop,nop,TS val 3597241773 ecr 4294896800], length 215: HTTP, length: 215 HTTP/1.1 200 OK content-type: text/plain; charset=UTF-8 content-length: 98 date: Mon, 29 Apr 2024 09:39:44 GMT 1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 2009-04-04 latest [|http] 17:39:49.053068 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:39:49.053086 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:39:49.286648 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:39:49.287162 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:40:14.170722 IP (tos 0x0, ttl 64, id 60196, offset 0, flags [DF], proto TCP (6), length 52) 169.254.169.254.http > 10.0.0.129.60668: Flags [F.], cksum 0x5ea4 (incorrect -> 0xe256), seq 216, ack 80, win 502, options [nop,nop,TS val 3597271803 ecr 4294896800], length 0 17:40:14.172246 IP (tos 0x0, ttl 64, id 29815, offset 0, flags [DF], proto TCP (6), length 64) 10.0.0.129.60668 > 169.254.169.254.http: Flags [.], cksum 0x0c22 (correct), seq 80, ack 1, win 221, options [nop,nop,TS val 4294926927 ecr 3597241719,nop,nop,sack 1 {216:217}], length 0 17:40:14.172294 IP (tos 0x0, ttl 64, id 60197, offset 0, flags [DF], proto TCP (6), length 267) 169.254.169.254.http > 10.0.0.129.60668: Flags [P.], cksum 0x5f7b (incorrect -> 0x2e83), seq 1:216, ack 80, win 502, options [nop,nop,TS val 3597271804 ecr 4294926927], length 215: HTTP, length: 215 HTTP/1.1 200 OK content-type: text/plain; charset=UTF-8 content-length: 98 date: Mon, 29 Apr 2024 09:39:44 GMT 1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 2009-04-04 latest [|http] 17:40:19.238647 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:40:19.240069 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:40:52.608165 IP (tos 0x0, ttl 64, id 24950, offset 0, flags [DF], proto UDP (17), length 67) 10.0.0.129.57838 > 223.5.5.5.domain: [udp sum ok] 18832+ A? 0.centos.pool.ntp.org. (39) 17:40:52.608222 IP (tos 0x0, ttl 64, id 24951, offset 0, flags [DF], proto UDP (17), length 67) 10.0.0.129.57838 > 223.5.5.5.domain: [udp sum ok] 12709+ AAAA? 0.centos.pool.ntp.org. (39) 17:40:52.608926 IP (tos 0x0, ttl 253, id 63426, offset 0, flags [DF], proto UDP (17), length 99) 223.5.5.5.domain > 10.0.0.129.57838: [udp sum ok] 12709 q: AAAA? 0.centos.pool.ntp.org. 0/1/0 ns: 0.centos.pool.ntp.org. [5m] SOA . ^@. [|domain] 17:40:52.621561 IP (tos 0x0, ttl 62, id 26683, offset 0, flags [DF], proto UDP (17), length 215) 223.5.5.5.domain > 10.0.0.129.57838: [udp sum ok] 18832- q: A? 0.centos.pool.ntp.org. 4/0/0 0.centos.pool.ntp.org. [5m] A 162.159.200.1, 0.centos.pool.ntp.org. [5m] A 193.182.111.14, 0.centos.pool.ntp.org. [5m] A 111.230.189.174, 0.centos.pool.ntp.org. [5m] A 193.182.111.12 (187) 17:40:57.612621 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129^C, length 28 17:40:57.612632 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:41:31.942692 IP (tos 0x0, ttl 64, id 60198, offset 0, flags [DF], proto TCP (6), length 267) 10.0.0.1.9697 > 10.0.0.129.60668: Flags [P.], cksum 0x157f (incorrect -> 0x2322), seq 3154613266:3154613481, ack 3028122416, win 502, options [nop,nop,TS val 3597349575 ecr 4294926927], length 215 17:41:31.944269 IP (tos 0x0, ttl 64, id 21103, offset 0, flags [DF], proto TCP (6), length 40) 10.0.0.129.60668 > 10.0.0.1.9697: Flags [R], cksum 0x58d3 (correct), seq 3028122416, win 0, length 0 17:41:32.668720 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:41:32.668750 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:41:37.062634 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:41:37.063306 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:42:43.622650 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe41:c847 > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:41:c8:47 0x0000: fa16 3e41 c847 17:42:54.604794 IP (tos 0x0, ttl 64, id 29817, offset 0, flags [DF], proto TCP (6), length 64) 10.0.0.129.60668 > 169.254.169.254.http: Flags [.], cksum 0x9970 (correct), seq 79, ack 1, win 221, options [nop,nop,TS val 120064 ecr 3597241719,nop,nop,sack 1 {216:217}], length 0 17:42:54.604842 IP (tos 0x0, ttl 64, id 60199, offset 0, flags [DF], proto TCP (6), length 52) 169.254.169.254.http > 10.0.0.129.60668: Flags [.], cksum 0x5ea4 (incorrect -> 0xf9f2), seq 217, ack 80, win 502, options [nop,nop,TS val 3597432237 ecr 4294926927], length 0 17:42:59.612900 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:42:59.612917 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:42:59.750644 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:42:59.751196 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:43:17.363162 IP (tos 0x0, ttl 64, id 49296, offset 0, flags [DF], proto UDP (17), length 76) 10.0.0.129.40786 > 162.159.200.1.ntp: [udp sum ok] NTPv4, Client, length 48 Leap indicator: (0), Stratum 0 (unspecified), poll 7 (128s), precision 32 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3841207700.761775004 (2021-09-21T10:08:20Z) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3841207700.761775004 (2021-09-21T10:08:20Z) 17:43:32.380593 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:43:32.380610 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:44:07.420619 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:44:07.420635 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:44:54.925246 IP (tos 0x0, ttl 64, id 29819, offset 0, flags [DF], proto TCP (6), length 64) 10.0.0.129.60668 > 169.254.169.254.http: Flags [.], cksum 0xc36e (correct), seq 79, ack 1, win 221, options [nop,nop,TS val 240384 ecr 3597241719,nop,nop,sack 1 {216:217}], length 0 17:44:54.925303 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40) 169.254.169.254.http > 10.0.0.129.60668: Flags [R], cksum 0x13fc (correct), seq 3154613266, win 0, length 0 17:44:59.932983 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:44:59.933001 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:45:00.070625 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:45:00.070993 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:47:38.400269 IP (tos 0x0, ttl 64, id 29403, offset 0, flags [DF], proto UDP (17), length 76) 10.0.0.129.57173 > 162.159.200.1.ntp: [udp sum ok] NTPv4, Client, length 48 Leap indicator: (0), Stratum 0 (unspecified), poll 8 (256s), precision 32 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3566054594.035896213 (2013-01-01T18:43:14Z) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3566054594.035896213 (2013-01-01T18:43:14Z) 17:47:43.405117 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:47:43.405133 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:48:21.491778 IP (tos 0x0, ttl 64, id 21240, offset 0, flags [DF], proto UDP (17), length 67) 10.0.0.129.60700 > 223.5.5.5.domain: [udp sum ok] 37019+ A? 1.centos.pool.ntp.org. (39) 17:48:21.491845 IP (tos 0x0, ttl 64, id 21241, offset 0, flags [DF], proto UDP (17), length 67) 10.0.0.129.60700 > 223.5.5.5.domain: [udp sum ok] 41914+ AAAA? 1.centos.pool.ntp.org. (39) 17:48:21.492638 IP (tos 0x0, ttl 253, id 58295, offset 0, flags [DF], proto UDP (17), length 99) 223.5.5.5.domain > 10.0.0.129.60700: [udp sum ok] 41914 q: AAAA? 1.centos.pool.ntp.org. 0/1/0 ns: 1.centos.pool.ntp.org. [5m] SOA . . [|domain] 17:48:21.504470 IP (tos 0x0, ttl 62, id 62111, offset 0, flags [DF], proto UDP (17), length 215) 223.5.5.5.domain > 10.0.0.129.60700: [udp sum ok] 37019- q: A? 1.centos.pool.ntp.org. 4/0/0 1.centos.pool.ntp.org. [5m] A 111.230.189.174, 1.centos.pool.ntp.org. [5m] A 193.182.111.14, 1.centos.pool.ntp.org. [5m] A 117.80.231.60, 1.centos.pool.ntp.org. [5m] A 110.42.98.138 (187) 17:48:26.508934 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:48:26.508951 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:48:26.662640 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:48:26.663269 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 107 packets captured 107 packets received by filter 0 packets dropped by kernel ###end Firstly, this is the situation of tcpdump from the beginning of creating the cloud host to the end of my following command execution The command is Ping 8.8.8.8 #Success Curl http://169.254.169.254 #Report the following errors Curl: (56) Recv failure: connection reset by peer That's all for these situations. If needed, I can provide the following content The situation and installation documents related to this environment Other documents that may help resolve this situation
Please note that this is completely normal when using a flat network. the neutron service status root@controller:~# openstack network agent list +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+ | 29d77da1-2a34-428d-9c35-3817b16e81ad | Open vSwitch agent | compute1 | None | :-) | UP | neutron-openvswitch-agent | | 45c711c9-fefe-47b1-9b5a-3229b62d055e | Open vSwitch agent | compute2 | None | :-) | UP | neutron-openvswitch-agent | | 9822aee6-2713-47a5-932e-d3b9832e993f | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent | | cc7a2afd-6f1b-41d1-9211-18a74185dd58 | Open vSwitch agent | controller | None | :-) | UP | neutron-openvswitch-agent | | f1dc53d2-22d8-48d1-b474-358aab4d186a | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent | | f9382f44-8082-4fec-9d26-1be9c6e0582f | L3 agent | controller | nova | :-) | UP | neutron-l3-agent | +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+ root@controller:~#
Hi, On 4/29/24 5:58 AM, 2292613444@qq.com wrote:
I found that the cloud host I created cannot connect to the network. The network type is VXLAN, and it cannot even access cloud init I used this installation document (partially in Chinese) and it was normal around 2022, but it cannot be used after updating the software source recently.
The use of VXLAN in cloud hosts has the following faults (1) Unable to access network resources other than ICMP (ping), and even curl http://169.254.169.254 (This also leads to the inability to use cloud init) (2) Sometimes unable to ping 169.254.169.254 for unknown reasons. (3)Any service other than ICMP service cannot be accessed,
All firewalls and security groups are allowed or closed.
First, since there was not a link (and it's partially in Chinese), I can't be sure the guide you followed is correct. The only supported guide to manually install Neutron is located at [0]. Given the failure you reported below:
Curl http://169.254.169.254 #Report the following errors Curl: (56) Recv failure: connection reset by peer
That shows you might have an iptables rule interfering with traffic. I would check all rules inside the router namespace to see if something is present by mistake. Thanks, -Brian [0] https://docs.openstack.org/neutron/latest/install/
My network situation is as follows Internal (vxlan) 10.0.0.0/24 Gateway 10.0.0.1 Router gateway 10.0.0.1 → 192.168.10.121 External (flat) 192.168.10.11.0/24 Gateway 192.168.10.1.1
If any other information is needed, I can provide it and hope to fix this error.
system version:ubuntu 22.04 last version (online ) openstack Y version
I used a command in the openstack routing host to check The specific details are as follows::(10.0.0.129 is cloud host,vxlan is port qr-4528fcca-21)
###start root@controller:~# ip netns qdhcp-2aa854ba-7fa6-43e4-989e-e97dafd777ee (id: 1) qdhcp-c7d9811d-1fcc-4aee-8f01-6f556fb56044 (id: 2) qrouter-48610214-6030-4e7e-8fe8-c60241e7c89c (id: 0) root@controller:~# ip netns exec qrouter-48610214-6030-4e7e-8fe8-c60241e7c89c bash root@controller:~# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 13: qr-4528fcca-21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether fa:16:3e:41:c8:47 brd ff:ff:ff:ff:ff:ff inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-4528fcca-21 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe41:c847/64 scope link valid_lft forever preferred_lft forever 14: qg-622550f9-80: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000 link/ether fa:16:3e:31:eb:c2 brd ff:ff:ff:ff:ff:ff inet 192.168.101.121/24 brd 192.168.101.255 scope global qg-622550f9-80 valid_lft forever preferred_lft forever inet 192.168.101.177/32 brd 192.168.101.177 scope global qg-622550f9-80 valid_lft forever preferred_lft forever inet6 fe80::f816:3eff:fe31:ebc2/64 scope link valid_lft forever preferred_lft forever root@controller:~# tcpdump -i qr-4528fcca-21 -vvvvv tcpdump: listening on qr-4528fcca-21, link-type EN10MB (Ethernet), snapshot length 262144 bytes 17:36:02.295718 IP6 (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:02.371746 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from fa:16:3e:0f:28:ea (oui Unknown), length 300, xid 0xe07c1d6a, Flags [none] (0x0000) Client-Ethernet-Address fa:16:3e:0f:28:ea (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message (53), length 1: Discover Parameter-Request (55), length 13: Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121) Domain-Name (15), Domain-Name-Server (6), Hostname (12), YD (40) YS (41), NTP (42), MTU (26), Unknown (119) Default-Gateway (3) END (255), length 0 PAD (0), length 0, occurs 41 17:36:02.373214 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from fa:16:3e:0f:28:ea (oui Unknown), length 300, xid 0xe07c1d6a, Flags [none] (0x0000) Client-Ethernet-Address fa:16:3e:0f:28:ea (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message (53), length 1: Request Server-ID (54), length 4: 10.0.0.2 Requested-IP (50), length 4: 10.0.0.129 Parameter-Request (55), length 13: Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121) Domain-Name (15), Domain-Name-Server (6), Hostname (12), YD (40) YS (41), NTP (42), MTU (26), Unknown (119) Default-Gateway (3) END (255), length 0 PAD (0), length 0, occurs 29 17:36:02.402630 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:36:02.402639 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:36:02.403415 IP (tos 0x0, ttl 64, id 47481, offset 0, flags [DF], proto UDP (17), length 72) 10.0.0.129.46568 > 223.5.5.5.domain: [udp sum ok] 57238+ A? does-not-exist.example.com. (44) 17:36:02.403453 IP (tos 0x0, ttl 64, id 47482, offset 0, flags [DF], proto UDP (17), length 72) 10.0.0.129.46568 > 223.5.5.5.domain: [udp sum ok] 33458+ AAAA? does-not-exist.example.com. (44) 17:36:02.404176 IP (tos 0x0, ttl 253, id 44451, offset 0, flags [DF], proto UDP (17), length 104) 223.5.5.5.domain > 10.0.0.129.46568: [udp sum ok] 33458 q: AAAA? does-not-exist.example.com. 0/1/0 ns: does-not-exist.example.com. [5m] SOA <BAD PTR> [|domain] 17:36:02.568387 IP (tos 0x0, ttl 62, id 34373, offset 0, flags [DF], proto UDP (17), length 148) 223.5.5.5.domain > 10.0.0.129.46568: [udp sum ok] 57238 NXDomain- q: A? does-not-exist.example.com. 0/1/0 ns: example.com. [1s] SOA ns.icann.org. noc.dns.icann.org. 2024041801 7200 3600 1209600 3600 (120) 17:36:02.721968 IP6 (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:02.866526 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:ff0f:28ea: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::f816:3eff:fe0f:28ea unknown option (14), length 8 (1): 0x0000: b4d5 8b30 6d50 17:36:03.868276 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::f816:3eff:fe0f:28ea > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:03.868993 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe0f:28ea > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:0f:28:ea 0x0000: fa16 3e0f 28ea 17:36:04.038227 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::f816:3eff:fe0f:28ea > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:07.590618 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:36:07.591603 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:36:07.876243 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe0f:28ea > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:0f:28:ea 0x0000: fa16 3e0f 28ea 17:36:11.884088 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe0f:28ea > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:0f:28:ea 0x0000: fa16 3e0f 28ea 17:36:26.791124 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe37:6938 > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:37:69:38 0x0000: fa16 3e37 6938 17:36:34.348772 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:36:34.348788 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:36:43.071294 IP6 (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:43.139163 IP (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328) 0.0.0.0.bootpc > 255.255.255.255.bootps: [udp sum ok] BOOTP/DHCP, Request from fa:16:3e:0f:28:ea (oui Unknown), length 300, xid 0x29d5e37d, Flags [none] (0x0000) Client-Ethernet-Address fa:16:3e:0f:28:ea (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message (53), length 1: Request Requested-IP (50), length 4: 10.0.0.129 Hostname (12), length 15: "host-10-0-0-129" Parameter-Request (55), length 13: Subnet-Mask (1), BR (28), Time-Zone (2), Classless-Static-Route (121) Domain-Name (15), Domain-Name-Server (6), Hostname (12), YD (40) YS (41), NTP (42), MTU (26), Unknown (119) Default-Gateway (3) END (255), length 0 PAD (0), length 0, occurs 18 17:36:43.451136 IP6 (hlim 1, next-header Options (0) payload length: 36) :: > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:43.788779 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) :: > ff02::1:ff0f:28ea: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::f816:3eff:fe0f:28ea unknown option (14), length 8 (1): 0x0000: eb9e aa08 ffc6 17:36:44.790128 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::f816:3eff:fe0f:28ea > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:44.791007 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe0f:28ea > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:0f:28:ea 0x0000: fa16 3e0f 28ea 17:36:45.433011 IP6 (hlim 1, next-header Options (0) payload length: 36) fe80::f816:3eff:fe0f:28ea > ff02::16: HBH (rtalert: 0x0000) (padn) [icmp6 sum ok] ICMP6, multicast listener report v2, 1 group record(s) [gaddr ff02::1:ff0f:28ea to_ex { }] 17:36:45.876227 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:36:45.876239 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:36:48.796920 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe0f:28ea > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:0f:28:ea 0x0000: fa16 3e0f 28ea 17:36:52.804263 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe0f:28ea > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:0f:28:ea 0x0000: fa16 3e0f 28ea 17:37:20.924762 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:37:20.924779 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:37:51.676660 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:37:51.676672 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:38:25.468636 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:38:25.468653 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:38:31.772908 IP (tos 0x0, ttl 64, id 19606, offset 0, flags [DF], proto ICMP (1), length 84) 10.0.0.129 > 8.8.8.8: ICMP echo request, id 1398, seq 1, length 64 17:38:31.783398 IP (tos 0x0, ttl 53, id 0, offset 0, flags [none], proto ICMP (1), length 84) 8.8.8.8 > 10.0.0.129: ICMP echo reply, id 1398, seq 1, length 64 17:38:32.774655 IP (tos 0x0, ttl 64, id 19790, offset 0, flags [DF], proto ICMP (1), length 84) 10.0.0.129 > 8.8.8.8: ICMP echo request, id 1398, seq 2, length 64 17:38:32.785097 IP (tos 0x0, ttl 53, id 0, offset 0, flags [none], proto ICMP (1), length 84) 8.8.8.8 > 10.0.0.129: ICMP echo reply, id 1398, seq 2, length 64 17:38:36.838640 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:38:36.839533 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:38:59.212868 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:38:59.212885 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:39:18.252924 IP (tos 0x0, ttl 64, id 29804, offset 0, flags [DF], proto TCP (6), length 60) 10.0.0.129.60668 > 169.254.169.254.http: Flags [S], cksum 0xd701 (correct), seq 3028122336, win 28200, options [mss 1410,sackOK,TS val 4294871008 ecr 0,nop,wscale 7], length 0 17:39:18.252998 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 169.254.169.254.http > 10.0.0.129.60668: Flags [S.], cksum 0x5eac (incorrect -> 0xfad3), seq 3154613265, ack 3028122337, win 64308, options [mss 1410,sackOK,TS val 3597215885 ecr 4294871008,nop,wscale 7], length 0 17:39:19.270668 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 169.254.169.254.http > 10.0.0.129.60668: Flags [S.], cksum 0x5eac (incorrect -> 0xf6d9), seq 3154613265, ack 3028122337, win 64308, options [mss 1410,sackOK,TS val 3597216903 ecr 4294871008,nop,wscale 7], length 0 17:39:21.286651 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 169.254.169.254.http > 10.0.0.129.60668: Flags [S.], cksum 0x5eac (incorrect -> 0xeef9), seq 3154613265, ack 3028122337, win 64308, options [mss 1410,sackOK,TS val 3597218919 ecr 4294871008,nop,wscale 7], length 0 17:39:23.430642 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:39:23.432189 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:39:25.478662 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 169.254.169.254.http > 10.0.0.129.60668: Flags [S.], cksum 0x5eac (incorrect -> 0xde99), seq 3154613265, ack 3028122337, win 64308, options [mss 1410,sackOK,TS val 3597223111 ecr 4294871008,nop,wscale 7], length 0 17:39:33.670667 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) 169.254.169.254.http > 10.0.0.129.60668: Flags [S.], cksum 0x5eac (incorrect -> 0xbe99), seq 3154613265, ack 3028122337, win 64308, options [mss 1410,sackOK,TS val 3597231303 ecr 4294871008,nop,wscale 7], length 0 17:39:44.044984 IP (tos 0x0, ttl 64, id 29814, offset 0, flags [DF], proto TCP (6), length 131) 10.0.0.129.60668 > 169.254.169.254.http: Flags [P.], cksum 0x2428 (correct), seq 1:80, ack 1, win 221, options [nop,nop,TS val 4294896800 ecr 3597215885], length 79: HTTP, length: 79 GET / HTTP/1.1 User-Agent: curl/7.29.0 Host: 169.254.169.254 Accept: */*
17:39:44.086640 IP (tos 0x0, ttl 64, id 60194, offset 0, flags [DF], proto TCP (6), length 52) 169.254.169.254.http > 10.0.0.129.60668: Flags [.], cksum 0x5ea4 (incorrect -> 0x58b3), seq 1, ack 80, win 502, options [nop,nop,TS val 3597241719 ecr 4294896800], length 0 17:39:44.140919 IP (tos 0x0, ttl 64, id 60195, offset 0, flags [DF], proto TCP (6), length 267) 169.254.169.254.http > 10.0.0.129.60668: Flags [P.], cksum 0x5f7b (incorrect -> 0x1982), seq 1:216, ack 80, win 502, options [nop,nop,TS val 3597241773 ecr 4294896800], length 215: HTTP, length: 215 HTTP/1.1 200 OK content-type: text/plain; charset=UTF-8 content-length: 98 date: Mon, 29 Apr 2024 09:39:44 GMT
1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 2009-04-04 latest [|http] 17:39:49.053068 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:39:49.053086 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:39:49.286648 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:39:49.287162 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:40:14.170722 IP (tos 0x0, ttl 64, id 60196, offset 0, flags [DF], proto TCP (6), length 52) 169.254.169.254.http > 10.0.0.129.60668: Flags [F.], cksum 0x5ea4 (incorrect -> 0xe256), seq 216, ack 80, win 502, options [nop,nop,TS val 3597271803 ecr 4294896800], length 0 17:40:14.172246 IP (tos 0x0, ttl 64, id 29815, offset 0, flags [DF], proto TCP (6), length 64) 10.0.0.129.60668 > 169.254.169.254.http: Flags [.], cksum 0x0c22 (correct), seq 80, ack 1, win 221, options [nop,nop,TS val 4294926927 ecr 3597241719,nop,nop,sack 1 {216:217}], length 0 17:40:14.172294 IP (tos 0x0, ttl 64, id 60197, offset 0, flags [DF], proto TCP (6), length 267) 169.254.169.254.http > 10.0.0.129.60668: Flags [P.], cksum 0x5f7b (incorrect -> 0x2e83), seq 1:216, ack 80, win 502, options [nop,nop,TS val 3597271804 ecr 4294926927], length 215: HTTP, length: 215 HTTP/1.1 200 OK content-type: text/plain; charset=UTF-8 content-length: 98 date: Mon, 29 Apr 2024 09:39:44 GMT
1.0 2007-01-19 2007-03-01 2007-08-29 2007-10-10 2007-12-15 2008-02-01 2008-09-01 2009-04-04 latest [|http] 17:40:19.238647 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:40:19.240069 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:40:52.608165 IP (tos 0x0, ttl 64, id 24950, offset 0, flags [DF], proto UDP (17), length 67) 10.0.0.129.57838 > 223.5.5.5.domain: [udp sum ok] 18832+ A? 0.centos.pool.ntp.org. (39) 17:40:52.608222 IP (tos 0x0, ttl 64, id 24951, offset 0, flags [DF], proto UDP (17), length 67) 10.0.0.129.57838 > 223.5.5.5.domain: [udp sum ok] 12709+ AAAA? 0.centos.pool.ntp.org. (39) 17:40:52.608926 IP (tos 0x0, ttl 253, id 63426, offset 0, flags [DF], proto UDP (17), length 99) 223.5.5.5.domain > 10.0.0.129.57838: [udp sum ok] 12709 q: AAAA? 0.centos.pool.ntp.org. 0/1/0 ns: 0.centos.pool.ntp.org. [5m] SOA . ^@. [|domain] 17:40:52.621561 IP (tos 0x0, ttl 62, id 26683, offset 0, flags [DF], proto UDP (17), length 215) 223.5.5.5.domain > 10.0.0.129.57838: [udp sum ok] 18832- q: A? 0.centos.pool.ntp.org. 4/0/0 0.centos.pool.ntp.org. [5m] A 162.159.200.1, 0.centos.pool.ntp.org. [5m] A 193.182.111.14, 0.centos.pool.ntp.org. [5m] A 111.230.189.174, 0.centos.pool.ntp.org. [5m] A 193.182.111.12 (187) 17:40:57.612621 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129^C, length 28 17:40:57.612632 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:41:31.942692 IP (tos 0x0, ttl 64, id 60198, offset 0, flags [DF], proto TCP (6), length 267) 10.0.0.1.9697 > 10.0.0.129.60668: Flags [P.], cksum 0x157f (incorrect -> 0x2322), seq 3154613266:3154613481, ack 3028122416, win 502, options [nop,nop,TS val 3597349575 ecr 4294926927], length 215 17:41:31.944269 IP (tos 0x0, ttl 64, id 21103, offset 0, flags [DF], proto TCP (6), length 40) 10.0.0.129.60668 > 10.0.0.1.9697: Flags [R], cksum 0x58d3 (correct), seq 3028122416, win 0, length 0 17:41:32.668720 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:41:32.668750 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:41:37.062634 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:41:37.063306 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:42:43.622650 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 16) fe80::f816:3eff:fe41:c847 > ip6-allrouters: [icmp6 sum ok] ICMP6, router solicitation, length 16 source link-address option (1), length 8 (1): fa:16:3e:41:c8:47 0x0000: fa16 3e41 c847 17:42:54.604794 IP (tos 0x0, ttl 64, id 29817, offset 0, flags [DF], proto TCP (6), length 64) 10.0.0.129.60668 > 169.254.169.254.http: Flags [.], cksum 0x9970 (correct), seq 79, ack 1, win 221, options [nop,nop,TS val 120064 ecr 3597241719,nop,nop,sack 1 {216:217}], length 0 17:42:54.604842 IP (tos 0x0, ttl 64, id 60199, offset 0, flags [DF], proto TCP (6), length 52) 169.254.169.254.http > 10.0.0.129.60668: Flags [.], cksum 0x5ea4 (incorrect -> 0xf9f2), seq 217, ack 80, win 502, options [nop,nop,TS val 3597432237 ecr 4294926927], length 0 17:42:59.612900 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:42:59.612917 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:42:59.750644 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:42:59.751196 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:43:17.363162 IP (tos 0x0, ttl 64, id 49296, offset 0, flags [DF], proto UDP (17), length 76) 10.0.0.129.40786 > 162.159.200.1.ntp: [udp sum ok] NTPv4, Client, length 48 Leap indicator: (0), Stratum 0 (unspecified), poll 7 (128s), precision 32 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3841207700.761775004 (2021-09-21T10:08:20Z) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3841207700.761775004 (2021-09-21T10:08:20Z) 17:43:32.380593 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:43:32.380610 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:44:07.420619 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:44:07.420635 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:44:54.925246 IP (tos 0x0, ttl 64, id 29819, offset 0, flags [DF], proto TCP (6), length 64) 10.0.0.129.60668 > 169.254.169.254.http: Flags [.], cksum 0xc36e (correct), seq 79, ack 1, win 221, options [nop,nop,TS val 240384 ecr 3597241719,nop,nop,sack 1 {216:217}], length 0 17:44:54.925303 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40) 169.254.169.254.http > 10.0.0.129.60668: Flags [R], cksum 0x13fc (correct), seq 3154613266, win 0, length 0 17:44:59.932983 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:44:59.933001 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:45:00.070625 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:45:00.070993 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28 17:47:38.400269 IP (tos 0x0, ttl 64, id 29403, offset 0, flags [DF], proto UDP (17), length 76) 10.0.0.129.57173 > 162.159.200.1.ntp: [udp sum ok] NTPv4, Client, length 48 Leap indicator: (0), Stratum 0 (unspecified), poll 8 (256s), precision 32 Root Delay: 0.000000, Root dispersion: 0.000000, Reference-ID: (unspec) Reference Timestamp: 0.000000000 Originator Timestamp: 0.000000000 Receive Timestamp: 0.000000000 Transmit Timestamp: 3566054594.035896213 (2013-01-01T18:43:14Z) Originator - Receive Timestamp: 0.000000000 Originator - Transmit Timestamp: 3566054594.035896213 (2013-01-01T18:43:14Z) 17:47:43.405117 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:47:43.405133 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:48:21.491778 IP (tos 0x0, ttl 64, id 21240, offset 0, flags [DF], proto UDP (17), length 67) 10.0.0.129.60700 > 223.5.5.5.domain: [udp sum ok] 37019+ A? 1.centos.pool.ntp.org. (39) 17:48:21.491845 IP (tos 0x0, ttl 64, id 21241, offset 0, flags [DF], proto UDP (17), length 67) 10.0.0.129.60700 > 223.5.5.5.domain: [udp sum ok] 41914+ AAAA? 1.centos.pool.ntp.org. (39) 17:48:21.492638 IP (tos 0x0, ttl 253, id 58295, offset 0, flags [DF], proto UDP (17), length 99) 223.5.5.5.domain > 10.0.0.129.60700: [udp sum ok] 41914 q: AAAA? 1.centos.pool.ntp.org. 0/1/0 ns: 1.centos.pool.ntp.org. [5m] SOA . . [|domain] 17:48:21.504470 IP (tos 0x0, ttl 62, id 62111, offset 0, flags [DF], proto UDP (17), length 215) 223.5.5.5.domain > 10.0.0.129.60700: [udp sum ok] 37019- q: A? 1.centos.pool.ntp.org. 4/0/0 1.centos.pool.ntp.org. [5m] A 111.230.189.174, 1.centos.pool.ntp.org. [5m] A 193.182.111.14, 1.centos.pool.ntp.org. [5m] A 117.80.231.60, 1.centos.pool.ntp.org. [5m] A 110.42.98.138 (187) 17:48:26.508934 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.1 tell 10.0.0.129, length 28 17:48:26.508951 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.1 is-at fa:16:3e:41:c8:47 (oui Unknown), length 28 17:48:26.662640 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.129 tell 10.0.0.1, length 28 17:48:26.663269 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.0.0.129 is-at fa:16:3e:0f:28:ea (oui Unknown), length 28
107 packets captured 107 packets received by filter 0 packets dropped by kernel
###end
Firstly, this is the situation of tcpdump from the beginning of creating the cloud host to the end of my following command execution
The command is Ping 8.8.8.8 #Success
Curl http://169.254.169.254 #Report the following errors Curl: (56) Recv failure: connection reset by peer
That's all for these situations. If needed, I can provide the following content The situation and installation documents related to this environment Other documents that may help resolve this situation
Dear Brian Haley I found several blocking rules in the namespace of the router. I tried to clean it up, (CMD: iptables - F) However, the current situation remains unchanged. Could you please tell me again what I can do. Thank you From SAM ##cmd,start root@controller:~# ip netns qrouter-48610214-6030-4e7e-8fe8-c60241e7c89c (id: 2) qdhcp-2aa854ba-7fa6-43e4-989e-e97dafd777ee (id: 0) qdhcp-c7d9811d-1fcc-4aee-8f01-6f556fb56044 (id: 1) root@controller:~# ip netns exec qrouter-48610214-6030-4e7e-8fe8-c60241e7c89c bash root@controller:~# root@controller:~# iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination neutron-l3-agent-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination neutron-filter-top all -- anywhere anywhere neutron-l3-agent-FORWARD all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination neutron-filter-top all -- anywhere anywhere neutron-l3-agent-OUTPUT all -- anywhere anywhere Chain neutron-filter-top (2 references) target prot opt source destination neutron-l3-agent-local all -- anywhere anywhere Chain neutron-l3-agent-FORWARD (1 references) target prot opt source destination neutron-l3-agent-scope all -- anywhere anywhere Chain neutron-l3-agent-INPUT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere mark match 0x1/0xffff DROP tcp -- anywhere anywhere tcp dpt:9697 Chain neutron-l3-agent-OUTPUT (1 references) target prot opt source destination Chain neutron-l3-agent-local (1 references) target prot opt source destination Chain neutron-l3-agent-scope (1 references) target prot opt source destination DROP all -- anywhere anywhere mark match ! 0x4000000/0xffff0000 ##(clear rule) root@controller:~# iptables -F root@controller:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain neutron-filter-top (0 references) target prot opt source destination Chain neutron-l3-agent-FORWARD (0 references) target prot opt source destination Chain neutron-l3-agent-INPUT (0 references) target prot opt source destination Chain neutron-l3-agent-OUTPUT (0 references) target prot opt source destination Chain neutron-l3-agent-local (0 references) target prot opt source destination Chain neutron-l3-agent-scope (0 references) target prot opt source destination ##cmd,stop
I found a very strange situation where all services except ICMP are not inaccessible and often times out. Basically, run curl http://169.254.169.254 It will take about one minute. Unable to access external networks (such as linux.com), DNS parsing is difficult, and ping commands can sometimes work. According to the latest documentation, the configuration has been adjusted and the Neutron database has been removed to truly update it
Sorry, this went to my spam folder. On 4/29/24 7:15 PM, 2292613444@qq.com wrote:
Dear Brian Haley I found several blocking rules in the namespace of the router. I tried to clean it up, (CMD: iptables - F) However, the current situation remains unchanged. Could you please tell me again what I can do. Thank you
From SAM
##cmd,start root@controller:~# ip netns qrouter-48610214-6030-4e7e-8fe8-c60241e7c89c (id: 2) qdhcp-2aa854ba-7fa6-43e4-989e-e97dafd777ee (id: 0) qdhcp-c7d9811d-1fcc-4aee-8f01-6f556fb56044 (id: 1) root@controller:~# ip netns exec qrouter-48610214-6030-4e7e-8fe8-c60241e7c89c bash root@controller:~#
All the rules below beginning with 'neutron' were added by the neutron-l3-agent. They should not be modified and unfortunately removing them will just make things worse. If you restart that agent they should get re-created. The important table for metadata would be the 'nat' table, as it will show the redirect rules. If you just use 'iptables-save -c' you will see all the tables as well as the packet counts for each chain. -Brian
root@controller:~# iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination neutron-l3-agent-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT) target prot opt source destination neutron-filter-top all -- anywhere anywhere neutron-l3-agent-FORWARD all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT) target prot opt source destination neutron-filter-top all -- anywhere anywhere neutron-l3-agent-OUTPUT all -- anywhere anywhere
Chain neutron-filter-top (2 references) target prot opt source destination neutron-l3-agent-local all -- anywhere anywhere
Chain neutron-l3-agent-FORWARD (1 references) target prot opt source destination neutron-l3-agent-scope all -- anywhere anywhere
Chain neutron-l3-agent-INPUT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere mark match 0x1/0xffff DROP tcp -- anywhere anywhere tcp dpt:9697
Chain neutron-l3-agent-OUTPUT (1 references) target prot opt source destination
Chain neutron-l3-agent-local (1 references) target prot opt source destination
Chain neutron-l3-agent-scope (1 references) target prot opt source destination DROP all -- anywhere anywhere mark match ! 0x4000000/0xffff0000
##(clear rule) root@controller:~# iptables -F root@controller:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination
Chain FORWARD (policy ACCEPT) target prot opt source destination
Chain OUTPUT (policy ACCEPT) target prot opt source destination
Chain neutron-filter-top (0 references) target prot opt source destination
Chain neutron-l3-agent-FORWARD (0 references) target prot opt source destination
Chain neutron-l3-agent-INPUT (0 references) target prot opt source destination
Chain neutron-l3-agent-OUTPUT (0 references) target prot opt source destination
Chain neutron-l3-agent-local (0 references) target prot opt source destination
Chain neutron-l3-agent-scope (0 references) target prot opt source destination
##cmd,stop
Confirm that the communication anomaly is caused by the UFW firewall of the Ubuntu system. There are several ways to solve communication anomalies. 1. Check if the ICMP, TCP, and UDP entrances and exits of the security group in OpenStack are open 2. Vxlan communication abnormalities caused by network card issues in openstack 3. Incorrect firewall strategy !!! The above operations are only for experimental or testing purposes. If in a production environment, it is necessary to adjust to the appropriate rules!!!! Also, how can the UFW firewall be configured in this situation? (I just closed it, I think it's not safe) What about the security group? Thank you Brian Haley for your help!
participants (2)
-
2292613444@qq.com
-
Brian Haley