2 providers networks. VM using floating IP from one can reach the controleur and VM from the other network not .
I have a problem with network on my cloud. Some VM (depends of project) use floating ip from public01 and other from public02 My vm on the network public01 work perfectly and can reach the controleur (134.214.34.20) (it is on the same network in my case 134.214.32.0/22) (it use floating ip) my vm on the network public02 work perfectly and can reach all host on the netwok 134.214.213.0/24 and 134.214.32.0/22 exept the controleur (134.214.34.20) why ? there is my configuration 2 providers networks public01 and public02 Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | nova | | created_at | 2017-09-18T14:20:12Z | | description | | | dns_domain | None | | id | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | mtu | 1400 | | name | public01 | | port_security_enabled | False | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | provider:network_type | flat | | provider:physical_network | extnet | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 12 | | router:external | External | | segments | None | | shared | True | | status | ACTIVE | | subnets | 78c4021e-420f-4acc-a3d4-60232116281d | | updated_at | 2017-09-20T12:23:03Z | +---------------------------+--------------------------------------+ +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | nova | | created_at | 2017-10-20T09:18:56Z | | description | | | dns_domain | None | | id | f5d0ece1-cd2d-463e-8352-dec298cd1993 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | mtu | 1400 | | name | public02 | | port_security_enabled | False | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | provider:network_type | flat | | provider:physical_network | prabi | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 6 | | router:external | External | | segments | None | | shared | True | | status | ACTIVE | | subnets | 7a6df182-0754-4ebb-b93f-b57373328d16 | | updated_at | 2017-10-20T11:45:40Z | +---------------------------+--------------------------------------+ and public_subnet 78c4021e-420f-4acc-a3d4-60232116281d | public_subnet | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b | 134.214.32.0/22 | 7a6df182-0754-4ebb-b93f-b57373328d16 | public2_subnet | f5d0ece1-cd2d-463e-8352-dec298cd1993 | 134.214.213.0/24 | subnet show public2_subnet +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 134.214.213.3-134.214.213.252 | | cidr | 134.214.213.0/24 | | created_at | 2017-10-20T09:30:03Z | | description | | | dns_nameservers | 134.214.100.6 | | enable_dhcp | True | | gateway_ip | 134.214.213.1 | | host_routes | | | id | 7a6df182-0754-4ebb-b93f-b57373328d16 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | public2_subnet | | network_id | f5d0ece1-cd2d-463e-8352-dec298cd1993 | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | revision_number | 3 | | segment_id | None | | service_types | | | subnetpool_id | None | | updated_at | 2017-10-20T11:45:40Z | +-------------------+--------------------------------------+ subnet show public_subnet +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+ | allocation_pools | 134.214.34.141-134.214.34.141,134.214.35.208-134.214.35.208,134.214.34.25-134.214.34.27,134.214.34.22-134.214.34.23,134.214.35.183-134.214.35.183 | | cidr | 134.214.32.0/22 | | created_at | 2017-09-18T14:20:26Z | | description | | | dns_nameservers | 134.214.100.245, 134.214.100.6 | | enable_dhcp | False | | gateway_ip | 134.214.32.1 | | host_routes | | | id | 78c4021e-420f-4acc-a3d4-60232116281d | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | public_subnet | | network_id | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | revision_number | 9 | | segment_id | None | | service_types | | | subnetpool_id | None | | updated_at | 2017-09-20T12:23:03Z I need my VM (ip form public02) can reach the controler because I use a cloud broker sleepstream and my vm (on the network 134.214.213.0/24 need connect the API 134.214.32.0/22 because some of them can be orchestrator). I need somme help thanks Stéphane -- Delmotte Stéphane UMR CNRS 5558 Biometrie et Biologie Evolutive Bat 711 | Universite Claude Bernard - Lyon I | Tel : +33 04 72 43 11 68 43, Bd du 11 Novembre 1918 | Fax : 04 72 43 13 88 69622 Villeurbanne cedex FRANCE
Hi Stéphane, Can you tell us if your VM are one the same host? Do you have two different (virtual) routers to access the 134.214.213.0 and 134.214.32.0 networks? Did you check the path of a ICMP packet with tcpdump? Cheers, Jerome Le 09/11/2017 à 16:29, Stéphane Delmotte a écrit :
I have a problem with network on my cloud.
Some VM (depends of project) use floating ip from public01 and other from public02
My vm on the network public01 work perfectly and can reach the controleur (134.214.34.20) (it is on the same network in my case 134.214.32.0/22) (it use floating ip)
my vm on the network public02 work perfectly and can reach all host on the netwok 134.214.213.0/24 and 134.214.32.0/22 exept the controleur (134.214.34.20) why ?
there is my configuration 2 providers networks public01 and public02
Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | nova | | created_at | 2017-09-18T14:20:12Z | | description | | | dns_domain | None | | id | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | mtu | 1400 | | name | public01 | | port_security_enabled | False | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | provider:network_type | flat | | provider:physical_network | extnet | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 12 | | router:external | External | | segments | None | | shared | True | | status | ACTIVE | | subnets | 78c4021e-420f-4acc-a3d4-60232116281d | | updated_at | 2017-09-20T12:23:03Z | +---------------------------+--------------------------------------+
+---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | nova | | created_at | 2017-10-20T09:18:56Z | | description | | | dns_domain | None | | id | f5d0ece1-cd2d-463e-8352-dec298cd1993 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | mtu | 1400 | | name | public02 | | port_security_enabled | False | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | provider:network_type | flat | | provider:physical_network | prabi | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 6 | | router:external | External | | segments | None | | shared | True | | status | ACTIVE | | subnets | 7a6df182-0754-4ebb-b93f-b57373328d16 | | updated_at | 2017-10-20T11:45:40Z | +---------------------------+--------------------------------------+
and public_subnet
78c4021e-420f-4acc-a3d4-60232116281d | public_subnet | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b | 134.214.32.0/22 | 7a6df182-0754-4ebb-b93f-b57373328d16 | public2_subnet | f5d0ece1-cd2d-463e-8352-dec298cd1993 | 134.214.213.0/24 |
subnet show public2_subnet +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 134.214.213.3-134.214.213.252 | | cidr | 134.214.213.0/24 | | created_at | 2017-10-20T09:30:03Z | | description | | | dns_nameservers | 134.214.100.6 | | enable_dhcp | True | | gateway_ip | 134.214.213.1 | | host_routes | | | id | 7a6df182-0754-4ebb-b93f-b57373328d16 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | public2_subnet | | network_id | f5d0ece1-cd2d-463e-8352-dec298cd1993 | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | revision_number | 3 | | segment_id | None | | service_types | | | subnetpool_id | None | | updated_at | 2017-10-20T11:45:40Z | +-------------------+--------------------------------------+
subnet show public_subnet +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value | +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+
| allocation_pools | 134.214.34.141-134.214.34.141,134.214.35.208-134.214.35.208,134.214.34.25-134.214.34.27,134.214.34.22-134.214.34.23,134.214.35.183-134.214.35.183 | | cidr | 134.214.32.0/22 | | created_at | 2017-09-18T14:20:26Z | | description | | | dns_nameservers | 134.214.100.245, 134.214.100.6 | | enable_dhcp | False | | gateway_ip | 134.214.32.1 | | host_routes | | | id | 78c4021e-420f-4acc-a3d4-60232116281d | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | public_subnet | | network_id | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | revision_number | 9 | | segment_id | None | | service_types | | | subnetpool_id | None | | updated_at | 2017-09-20T12:23:03Z
I need my VM (ip form public02) can reach the controler because I use a cloud broker sleepstream and my vm (on the network 134.214.213.0/24 need connect the API 134.214.32.0/22 because some of them can be orchestrator).
I need somme help thanks Stéphane
-- Jerome Pansanel, PhD Technical Director at France Grilles Grid & Cloud Computing Operations Manager at IPHC IPHC || GSM: +33 (0)6 25 19 24 43 23 rue du Loess, BP 28 || Tel: +33 (0)3 88 10 66 24 F-67037 STRASBOURG Cedex 2 || Fax: +33 (0)3 88 10 62 34
Le 09/11/2017 à 21:16, Jerome Pansanel a écrit :
Hi Stéphane,
Can you tell us if your VM are one the same host?
Do you have two different (virtual) routers to access the 134.214.213.0 and 134.214.32.0 networks?
Did you check the path of a ICMP packet with tcpdump?
Cheers,
Jerome
Le 09/11/2017 à 16:29, Stéphane Delmotte a écrit :
I have a problem with network on my cloud.
Some VM (depends of project) use floating ip from public01 and other from public02
My vm on the network public01 work perfectly and can reach the controleur (134.214.34.20) (it is on the same network in my case 134.214.32.0/22) (it use floating ip)
my vm on the network public02 work perfectly and can reach all host on the netwok 134.214.213.0/24 and 134.214.32.0/22 exept the controleur (134.214.34.20) why ?
there is my configuration 2 providers networks public01 and public02
Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | nova | | created_at | 2017-09-18T14:20:12Z | | description | | | dns_domain | None | | id | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | mtu | 1400 | | name | public01 | | port_security_enabled | False | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | provider:network_type | flat | | provider:physical_network | extnet | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 12 | | router:external | External | | segments | None | | shared | True | | status | ACTIVE | | subnets | 78c4021e-420f-4acc-a3d4-60232116281d | | updated_at | 2017-09-20T12:23:03Z | +---------------------------+--------------------------------------+
+---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | nova | | created_at | 2017-10-20T09:18:56Z | | description | | | dns_domain | None | | id | f5d0ece1-cd2d-463e-8352-dec298cd1993 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | mtu | 1400 | | name | public02 | | port_security_enabled | False | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | provider:network_type | flat | | provider:physical_network | prabi | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 6 | | router:external | External | | segments | None | | shared | True | | status | ACTIVE | | subnets | 7a6df182-0754-4ebb-b93f-b57373328d16 | | updated_at | 2017-10-20T11:45:40Z | +---------------------------+--------------------------------------+
and public_subnet
78c4021e-420f-4acc-a3d4-60232116281d | public_subnet | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b | 134.214.32.0/22 | 7a6df182-0754-4ebb-b93f-b57373328d16 | public2_subnet | f5d0ece1-cd2d-463e-8352-dec298cd1993 | 134.214.213.0/24 |
subnet show public2_subnet +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 134.214.213.3-134.214.213.252 | | cidr | 134.214.213.0/24 | | created_at | 2017-10-20T09:30:03Z | | description | | | dns_nameservers | 134.214.100.6 | | enable_dhcp | True | | gateway_ip | 134.214.213.1 | | host_routes | | | id | 7a6df182-0754-4ebb-b93f-b57373328d16 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | public2_subnet | | network_id | f5d0ece1-cd2d-463e-8352-dec298cd1993 | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | revision_number | 3 | | segment_id | None | | service_types | | | subnetpool_id | None | | updated_at | 2017-10-20T11:45:40Z | +-------------------+--------------------------------------+
subnet show public_subnet +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value | +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+
| allocation_pools | 134.214.34.141-134.214.34.141,134.214.35.208-134.214.35.208,134.214.34.25-134.214.34.27,134.214.34.22-134.214.34.23,134.214.35.183-134.214.35.183 | | cidr | 134.214.32.0/22 | | created_at | 2017-09-18T14:20:26Z | | description | | | dns_nameservers | 134.214.100.245, 134.214.100.6 | | enable_dhcp | False | | gateway_ip | 134.214.32.1 | | host_routes | | | id | 78c4021e-420f-4acc-a3d4-60232116281d | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | public_subnet | | network_id | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | revision_number | 9 | | segment_id | None | | service_types | | | subnetpool_id | None | | updated_at | 2017-09-20T12:23:03Z
I need my VM (ip form public02) can reach the controler because I use a cloud broker sleepstream and my vm (on the network 134.214.213.0/24 need connect the API 134.214.32.0/22 because some of them can be orchestrator).
I need somme help thanks Stéphane
Hi Jérome,
VM are not on same host but in a compute (ifb-node07.univ-lyon1)
VM from the other project run also on that compute.
I have also try with a bar metal machine : I put one of our laptop on the network 134.214.213.0 in that case I have the same problem
ping laptop -> controleur : no
ping controleur > laptop : yes
I have found the solution, On my controleur I have 2 net ns qrouter-a9f248e8-a8be-49a2-93c9-d9e779ae4d1f qrouter-12bf2dd0-de64-42c1-bb48-d1b94e03c3b1 (one by provider network) the name space where is attached my provider tenant (134.214.213.0/24) is the second one. I put the route to my controler like this. (i'v found before the name of the veth) ip netns exec qrouter-12bf2dd0-de64-42c1-bb48-d1b94e03c3b1 route add 134.214.34.20 dev qg-e9bcd6a8-8f it is ok now Thanks Stéphane -- Delmotte Stéphane UMR CNRS 5558 Biometrie et Biologie Evolutive Bat 711 | Universite Claude Bernard - Lyon I | Tel : +33 04 72 43 11 68 43, Bd du 11 Novembre 1918 | Fax : 04 72 43 13 88 69622 Villeurbanne cedex FRANCE
Hi Stephane, Thanks for given us the solution :-) Cheers, Jerome Le 13/11/2017 à 15:03, Stéphane Delmotte a écrit :
Le 09/11/2017 à 21:16, Jerome Pansanel a écrit :
Hi Stéphane,
Can you tell us if your VM are one the same host?
Do you have two different (virtual) routers to access the 134.214.213.0 and 134.214.32.0 networks?
Did you check the path of a ICMP packet with tcpdump?
Cheers,
Jerome
Le 09/11/2017 à 16:29, Stéphane Delmotte a écrit :
I have a problem with network on my cloud.
Some VM (depends of project) use floating ip from public01 and other from public02
My vm on the network public01 work perfectly and can reach the controleur (134.214.34.20) (it is on the same network in my case 134.214.32.0/22) (it use floating ip)
my vm on the network public02 work perfectly and can reach all host on the netwok 134.214.213.0/24 and 134.214.32.0/22 exept the controleur (134.214.34.20) why ?
there is my configuration 2 providers networks public01 and public02
Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | nova | | created_at | 2017-09-18T14:20:12Z | | description | | | dns_domain | None | | id | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | mtu | 1400 | | name | public01 | | port_security_enabled | False | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | provider:network_type | flat | | provider:physical_network | extnet | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 12 | | router:external | External | | segments | None | | shared | True | | status | ACTIVE | | subnets | 78c4021e-420f-4acc-a3d4-60232116281d | | updated_at | 2017-09-20T12:23:03Z | +---------------------------+--------------------------------------+
+---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | UP | | availability_zone_hints | | | availability_zones | nova | | created_at | 2017-10-20T09:18:56Z | | description | | | dns_domain | None | | id | f5d0ece1-cd2d-463e-8352-dec298cd1993 | | ipv4_address_scope | None | | ipv6_address_scope | None | | is_default | False | | mtu | 1400 | | name | public02 | | port_security_enabled | False | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | provider:network_type | flat | | provider:physical_network | prabi | | provider:segmentation_id | None | | qos_policy_id | None | | revision_number | 6 | | router:external | External | | segments | None | | shared | True | | status | ACTIVE | | subnets | 7a6df182-0754-4ebb-b93f-b57373328d16 | | updated_at | 2017-10-20T11:45:40Z | +---------------------------+--------------------------------------+
and public_subnet
78c4021e-420f-4acc-a3d4-60232116281d | public_subnet | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b | 134.214.32.0/22 | 7a6df182-0754-4ebb-b93f-b57373328d16 | public2_subnet | f5d0ece1-cd2d-463e-8352-dec298cd1993 | 134.214.213.0/24 |
subnet show public2_subnet +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | allocation_pools | 134.214.213.3-134.214.213.252 | | cidr | 134.214.213.0/24 | | created_at | 2017-10-20T09:30:03Z | | description | | | dns_nameservers | 134.214.100.6 | | enable_dhcp | True | | gateway_ip | 134.214.213.1 | | host_routes | | | id | 7a6df182-0754-4ebb-b93f-b57373328d16 | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | public2_subnet | | network_id | f5d0ece1-cd2d-463e-8352-dec298cd1993 | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | revision_number | 3 | | segment_id | None | | service_types | | | subnetpool_id | None | | updated_at | 2017-10-20T11:45:40Z | +-------------------+--------------------------------------+
subnet show public_subnet +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value | +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+
| allocation_pools | 134.214.34.141-134.214.34.141,134.214.35.208-134.214.35.208,134.214.34.25-134.214.34.27,134.214.34.22-134.214.34.23,134.214.35.183-134.214.35.183
| | cidr | 134.214.32.0/22 | | created_at | 2017-09-18T14:20:26Z | | description | | | dns_nameservers | 134.214.100.245, 134.214.100.6 | | enable_dhcp | False | | gateway_ip | 134.214.32.1 | | host_routes | | | id | 78c4021e-420f-4acc-a3d4-60232116281d | | ip_version | 4 | | ipv6_address_mode | None | | ipv6_ra_mode | None | | name | public_subnet | | network_id | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b | | project_id | 7a8caa84511d41a291f7b67ae8750eb6 | | revision_number | 9 | | segment_id | None | | service_types | | | subnetpool_id | None | | updated_at | 2017-09-20T12:23:03Z
I need my VM (ip form public02) can reach the controler because I use a cloud broker sleepstream and my vm (on the network 134.214.213.0/24 need connect the API 134.214.32.0/22 because some of them can be orchestrator).
I need somme help thanks Stéphane
Hi Jérome,
VM are not on same host but in a compute (ifb-node07.univ-lyon1)
VM from the other project run also on that compute.
I have also try with a bar metal machine : I put one of our laptop on the network 134.214.213.0 in that case I have the same problem
ping laptop -> controleur : no
ping controleur > laptop : yes
I have found the solution,
On my controleur I have 2 net ns qrouter-a9f248e8-a8be-49a2-93c9-d9e779ae4d1f qrouter-12bf2dd0-de64-42c1-bb48-d1b94e03c3b1 (one by provider network)
the name space where is attached my provider tenant (134.214.213.0/24) is the second one. I put the route to my controler like this. (i'v found before the name of the veth) ip netns exec qrouter-12bf2dd0-de64-42c1-bb48-d1b94e03c3b1 route add 134.214.34.20 dev qg-e9bcd6a8-8f
it is ok now
Thanks
Stéphane
-- Jerome Pansanel, PhD Technical Director at France Grilles Grid & Cloud Computing Operations Manager at IPHC IPHC || GSM: +33 (0)6 25 19 24 43 23 rue du Loess, BP 28 || Tel: +33 (0)3 88 10 66 24 F-67037 STRASBOURG Cedex 2 || Fax: +33 (0)3 88 10 62 34
participants (2)
-
Jerome Pansanel
-
Stéphane Delmotte