Re: Unable to access Internet from an instance and accessing instance using floating-point IPs from external network
Hi,
if you want people to reply you should keep the mailing list in the loop. Also please don't paste pictures but terminal output as plain text so it won't get lost.
From my controller site: External-internet = 192.168.1.118 Internal-network = 10.42.0.189
Seems like you meant it the other way around looking at the other networks.
My external network details is shown below
I don't see a segmentation ID for the external network, we create provider (external) networks with the same segmentation ID as the corresponding VLAN in our environment has. The rest of the information on the pictures is not readable to me, please paste the security-group rules as text.
Apart from all the above information, I will briefly talk about what I have enabled in my global.yml file. I have set the kolla_internal_vip_address to "192168.1.200", kolla_external_vip_address to "10.42.0.200", enable_haproxy to "yes" and other core components of openstack was enabled.
I'm not familiar with kolla so I can't really say what else could be missing or not. You could disable the port security for your instance to see if that helps, otherwise use tcpdump on control and compute node to see where the packets get lost and which vlans are in use. I'm not sure if that will resolve it but I believe your external network should have a segmentation ID.
Zitat von vincent lee vincentlee676@gmail.com:
Hi, one last thing I would like to add on is the setting of my openvswitch configuration. [image: image.png] [image: image.png]
On Wed, Nov 30, 2022 at 1:39 PM vincent lee vincentlee676@gmail.com wrote:
Hi Eugen, Sorry for causing any confusion in my previous emails and I will summarize the main issue here. After deploying openstack from a fresh installation, I have not modified the security group when working creating an instance or a container.
From my controller site: External-internet = 192.168.1.118 Internal-network = 10.42.0.189
For my compute host 1: Internal-network = 192.168.1.115
For my compute host 2: Internal-network = 192.168.1.108
My current issue is that when I created an instance which ran successfully, I was not able to ping that instance from my controller via the external network. Besides, I was also not able to ping the internet (8.8.8.8) inside of the instance.
However, I was able to ping to the external network (10.42.0.67) from inside of the newly created instance itself. In other words, the router is communicating correctly. I have attached an image of my network topology as shown below. [image: image.png] Inside of my instance [image: image.png] I have attached an image of my router details as shown below [image: image.png] My external network details is shown below [image: image.png] external network's subnet detail is shown below [image: image.png] My internal network details is shown below [image: image.png] internal network's subnet is shown below [image: image.png] My floating IPs is shown below [image: image.png] My current security group rules is shown below [image: image.png] My system information is shown below [image: image.png] Apart from all the above information, I will briefly talk about what I have enabled in my global.yml file. I have set the kolla_internal_vip_address to "192168.1.200", kolla_external_vip_address to "10.42.0.200", enable_haproxy to "yes" and other core components of openstack was enabled.
Best, Vincent
On Wed, Nov 30, 2022 at 2:30 AM Eugen Block eblock@nde.ag wrote:
So you did modify the default security-group, ports 8000 and 8080 are not open by default. Anyway, can you please clarify what doesn't work exactly? Does the instance have an IP in the public network but the router is not pingeable (but that is not necessarily an issue) and you can't access it via which protocols? Does SSH work? Is the access blocked by a http_proxy?
Zitat von vincent lee vincentlee676@gmail.com:
To add on to my previous email, I have attached an image of my security group as shown below.
Best regards, Vincent
On Tue, Nov 22, 2022 at 3:58 AM Eugen Block eblock@nde.ag wrote:
Just one more thing to check, did you edit the security-group rules to allow access to the outside world?
Zitat von Adivya Singh adivya1.singh@gmail.com:
it should be missing a default route most of the time. or check IP tables on router namespace the DNAT and SNAT are working properly
On Tue, Nov 22, 2022 at 9:40 AM Tobias McNulty <
tobias@caktusgroup.com>
wrote:
> On Mon, Nov 21, 2022 at 7:39 PM vincent lee <
vincentlee676@gmail.com>
> wrote: > >> After reviewing the post you shared, I believe that we have the
correct
>> subnet. Besides, we did not modify anything related to the
cloud-init
for
>> openstack. >> > > I didn't either. But I found it's a good test of the network! If
you are
> using an image that doesn't rely on it you might not notice (but I > would not recommend that). > > >> After launching the instances, we are able to ping between the
instances
>> of the same subnet. However, we are not able to receive any
internet
>> connection within those instances. From the instance, we are able
to
ping
>> the router IP addresses 10.42.0.56 and 10.0.0.1. >> > > To make sure I understand: > - 10.42.0.56 is the IP of the router external to OpenStack that
provides
> internet access > - This router is tested and working for devices outside of OpenStack > - OpenStack compute instances can ping this router > - OpenStack compute instances cannot reach the internet > > If that is correct, it does not sound like an OpenStack issue
necessarily,
> but perhaps a missing default route on your compute instances. I
would
> check that DHCP is enabled on the internal subnet and that it's
providing
> everything necessary for an internet connection to the instances. > > Tobias > > >
-- thanks you. vincentleezihong 2garnet form2
-- thanks you. vincentleezihong 2garnet form2
-- thanks you. vincentleezihong 2garnet form2
Thank you all for the suggestions; I have managed to resolve this issue by adding eth1 as a port to the bridge (br-ex) in the openvswitch container. However, even after being able to ping from outside of the container (controller), I am still not able to access the internet. Once again, thank you for all your help.
Best regards, Vincent
participants (2)
-
Eugen Block
-
vincent lee