[openstack-dev] Folsom Quantum: Unable to ping VM on its floating IP from external network
Ravi Chunduru
ravivsn at gmail.com
Sat Nov 24 04:58:04 UTC 2012
Hi Shyam,
Make sure you have access control list configured for the VMs.
You can configure it from the dashboard.
Thanks,
-Ravi.
On Fri, Nov 23, 2012 at 12:34 PM, Shyam Goud <
shyam.todeti at oneconvergence.com> wrote:
>
> Hello All,
>
> I am unable to ping VM on its floating IP from external network.
> Interestingly I am able to ping external network from VM.
> VM's: Fixed IP 10.0.0.3, Floating IP 192.168.2.161/24.
>
> Appreciate any inputs here.
>
> #quantum router-list
>
> +--------------------------------------+---------+--------------------------------------------------------+
> | id | name |
> external_gateway_info |
>
> +--------------------------------------+---------+--------------------------------------------------------+
> | 27b3117b-1fe7-43b6-a1af-6c4cd54387bb | router1 | {"network_id":
> "246f3475-1113-479a-a478-ee2b91c09b82"} |
>
> +--------------------------------------+---------+--------------------------------------------------------+
>
> root at controller-desktop:~#
> root at controller-desktop:~# quantum port-list --
> --27b3117b-1fe7-43b6-a1af-6c4cd54387bb
>
> +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
> | id | name | mac_address |
> fixed_ips
> |
>
> +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
> | 0e54497a-c4da-4d24-bdcf-50d9bc7349fc | | fa:16:3e:7a:93:47 |
> {"subnet_id": "78e72581-6079-4758-beb1-e35751c428f8", "ip_address":
> "10.0.0.1"} |
> | 146fa6ef-4051-493f-a1f5-caaf7d6be106 | | fa:16:3e:60:40:44 |
> {"subnet_id": "b0955be1-cefe-4fb8-b607-01ff93af5753", "ip_address":
> "192.168.2.161"} |
> | 41d1f801-febd-4559-9253-b661623cdf95 | | fa:16:3e:2a:40:2d |
> {"subnet_id": "78e72581-6079-4758-beb1-e35751c428f8", "ip_address":
> "10.0.0.3"} |
> | db7f14be-a460-4dfb-87df-8098cf16489f | | fa:16:3e:f5:22:21 |
> {"subnet_id": "78e72581-6079-4758-beb1-e35751c428f8", "ip_address":
> "10.0.0.2"} |
> | ee9f258e-0f4a-463a-b2d8-738d00b246f7 | | fa:16:3e:b1:c5:46 |
> {"subnet_id": "b0955be1-cefe-4fb8-b607-01ff93af5753", "ip_address":
> "192.168.2.160"} |
>
> +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
>
> root at controller-desktop:~# quantum floatingip-list
>
> +--------------------------------------+------------------+---------------------+--------------------------------------+
> | id | fixed_ip_address |
> floating_ip_address | port_id |
>
> +--------------------------------------+------------------+---------------------+--------------------------------------+
> | e045f346-a4f3-44c2-9c9e-0f02d95107a8 | 10.0.0.3 |
> 192.168.2.161 | 41d1f801-febd-4559-9253-b661623cdf95 |
>
> +--------------------------------------+------------------+---------------------+--------------------------------------+
> root at controller-desktop:~#
>
> +++++++++++ Routers Routing tables ++++++++++++
> ~# ip netns exec qrouter-27b3117b-1fe7-43b6-a1af-6c4cd54387bb route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 0.0.0.0 192.168.2.254 0.0.0.0 UG 0 0 0
> qg-ee9f258e-0f
> 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0
> qr-0e54497a-c4
> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0
> qg-ee9f258e-0f
> root at controller-desktop:~#
>
>
> +++++++++ Routers NAT policy +++++++++++++++++
>
> # ip netns exec qrouter-27b3117b-1fe7-43b6-a1af-6c4cd54387bb iptables -t
> nat -L -vn
> Chain PREROUTING (policy ACCEPT 5008 packets, 475K bytes)
> pkts bytes target prot opt in out source
> destination
> 5013 475K quantum-l3-agent-PREROUTING all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain INPUT (policy ACCEPT 528 packets, 140K bytes)
> pkts bytes target prot opt in out source
> destination
>
> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
> 1 84 quantum-l3-agent-OUTPUT all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain POSTROUTING (policy ACCEPT 5 packets, 420 bytes)
> pkts bytes target prot opt in out source
> destination
> 10 840 quantum-l3-agent-POSTROUTING all -- * *
> 0.0.0.0/0 0.0.0.0/0
> 10 840 quantum-postrouting-bottom all -- * * 0.0.0.0/0
> 0.0.0.0/0
>
> Chain quantum-l3-agent-OUTPUT (1 references)
> pkts bytes target prot opt in out source
> destination
> 1 84 DNAT all -- * * 0.0.0.0/0
> 192.168.2.161 to:10.0.0.3
>
> Chain quantum-l3-agent-POSTROUTING (1 references)
> pkts bytes target prot opt in out source
> destination
> 0 0 ACCEPT all -- !qg-ee9f258e-0f !qg-ee9f258e-0f 0.0.0.0/0
> 0.0.0.0/0 ! ctstate DNAT
>
> Chain quantum-l3-agent-PREROUTING (1 references)
> pkts bytes target prot opt in out source
> destination
> 5 420 DNAT all -- * * 0.0.0.0/0
> 192.168.2.161 to:10.0.0.3
>
> Chain quantum-l3-agent-float-snat (1 references)
> pkts bytes target prot opt in out source
> destination
> 5 420 SNAT all -- * * 10.0.0.3
> 0.0.0.0/0 to:192.168.2.161
>
> Chain quantum-l3-agent-snat (1 references)
> pkts bytes target prot opt in out source
> destination
> 10 840 quantum-l3-agent-float-snat all -- * * 0.0.0.0/0
> 0.0.0.0/0
> 0 0 SNAT all -- * * 10.0.0.0/24
> 0.0.0.0/0 to:192.168.2.160
>
> Chain quantum-postrouting-bottom (1 references)
> pkts bytes target prot opt in out source
> destination
> 10 840 quantum-l3-agent-snat all -- * * 0.0.0.0/0
> 0.0.0.0/0
> root at controller-desktop:~#
>
>
> Following is the link which we used to create floating IPs.
>
> *
> http://docs.openstack.org/trunk/openstack-network/admin/content/demo_logical_network_config.html
> *
>
> Thanks,
> Shyam.
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
--
Ravi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121123/949e93eb/attachment.html>
More information about the OpenStack-dev
mailing list