[openstack-dev] Folsom Quantum: Unable to ping VM on its floating IP from external network

Dan Wendlandt dan at nicira.com
Sun Nov 25 22:15:06 UTC 2012 

Yes, packets being dropped by the security groups as Ravi suggests would be
my first guess.

Assuming you have not done anything special to put this VM in a specific
security group, it will be in the 'default' security group for that tenant.
 Running the following command using the same tenant as was used to create
the VM would create a security group rule would allow ICMP traffic
(including pings) to the VM:


nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0


On Fri, Nov 23, 2012 at 8:58 PM, Ravi Chunduru <ravivsn at gmail.com> wrote:

> Hi Shyam,
>  Make sure you have access control list configured for the VMs.
> You can configure it from the dashboard.
>
> Thanks,
> -Ravi.
>
>
> On Fri, Nov 23, 2012 at 12:34 PM, Shyam Goud <
> shyam.todeti at oneconvergence.com> wrote:
>
>>
>> Hello All,
>>
>> I am unable to ping VM on its floating IP from external network.
>> Interestingly I am able to ping external network from VM.
>> VM's: Fixed IP 10.0.0.3, Floating IP 192.168.2.161/24.
>>
>> Appreciate any inputs here.
>>
>>  #quantum router-list
>>
>> +--------------------------------------+---------+--------------------------------------------------------+
>> | id                                   | name    |
>> external_gateway_info                                  |
>>
>> +--------------------------------------+---------+--------------------------------------------------------+
>> | 27b3117b-1fe7-43b6-a1af-6c4cd54387bb | router1 | {"network_id":
>> "246f3475-1113-479a-a478-ee2b91c09b82"} |
>>
>> +--------------------------------------+---------+--------------------------------------------------------+
>>
>> root at controller-desktop:~#
>> root at controller-desktop:~# quantum port-list --
>> --27b3117b-1fe7-43b6-a1af-6c4cd54387bb
>>
>> +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
>> | id                                   | name | mac_address       |
>> fixed_ips
>> |
>>
>> +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
>> | 0e54497a-c4da-4d24-bdcf-50d9bc7349fc |      | fa:16:3e:7a:93:47 |
>> {"subnet_id": "78e72581-6079-4758-beb1-e35751c428f8", "ip_address":
>> "10.0.0.1"}      |
>> | 146fa6ef-4051-493f-a1f5-caaf7d6be106 |      | fa:16:3e:60:40:44 |
>> {"subnet_id": "b0955be1-cefe-4fb8-b607-01ff93af5753", "ip_address":
>> "192.168.2.161"} |
>> | 41d1f801-febd-4559-9253-b661623cdf95 |      | fa:16:3e:2a:40:2d |
>> {"subnet_id": "78e72581-6079-4758-beb1-e35751c428f8", "ip_address":
>> "10.0.0.3"}      |
>> | db7f14be-a460-4dfb-87df-8098cf16489f |      | fa:16:3e:f5:22:21 |
>> {"subnet_id": "78e72581-6079-4758-beb1-e35751c428f8", "ip_address":
>> "10.0.0.2"}      |
>> | ee9f258e-0f4a-463a-b2d8-738d00b246f7 |      | fa:16:3e:b1:c5:46 |
>> {"subnet_id": "b0955be1-cefe-4fb8-b607-01ff93af5753", "ip_address":
>> "192.168.2.160"} |
>>
>> +--------------------------------------+------+-------------------+--------------------------------------------------------------------------------------+
>>
>> root at controller-desktop:~# quantum floatingip-list
>>
>> +--------------------------------------+------------------+---------------------+--------------------------------------+
>> | id                                   | fixed_ip_address |
>> floating_ip_address | port_id                              |
>>
>> +--------------------------------------+------------------+---------------------+--------------------------------------+
>> | e045f346-a4f3-44c2-9c9e-0f02d95107a8 | 10.0.0.3         |
>> 192.168.2.161       | 41d1f801-febd-4559-9253-b661623cdf95 |
>>
>> +--------------------------------------+------------------+---------------------+--------------------------------------+
>> root at controller-desktop:~#
>>
>> +++++++++++ Routers Routing tables ++++++++++++
>> ~# ip netns exec qrouter-27b3117b-1fe7-43b6-a1af-6c4cd54387bb route -n
>> Kernel IP routing table
>> Destination     Gateway         Genmask         Flags Metric Ref    Use
>> Iface
>> 0.0.0.0         192.168.2.254   0.0.0.0         UG    0      0        0
>> qg-ee9f258e-0f
>> 10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0
>> qr-0e54497a-c4
>> 192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0
>> qg-ee9f258e-0f
>> root at controller-desktop:~#
>>
>>
>> +++++++++ Routers NAT policy +++++++++++++++++
>>
>> # ip netns exec qrouter-27b3117b-1fe7-43b6-a1af-6c4cd54387bb iptables -t
>> nat -L -vn
>> Chain PREROUTING (policy ACCEPT 5008 packets, 475K bytes)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>  5013  475K quantum-l3-agent-PREROUTING  all  --  *      *
>> 0.0.0.0/0            0.0.0.0/0
>>
>> Chain INPUT (policy ACCEPT 528 packets, 140K bytes)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>
>> Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>     1    84 quantum-l3-agent-OUTPUT  all  --  *      *       0.0.0.0/0
>> 0.0.0.0/0
>>
>> Chain POSTROUTING (policy ACCEPT 5 packets, 420 bytes)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>    10   840 quantum-l3-agent-POSTROUTING  all  --  *      *
>> 0.0.0.0/0            0.0.0.0/0
>>    10   840 quantum-postrouting-bottom  all  --  *      *       0.0.0.0/0
>> 0.0.0.0/0
>>
>> Chain quantum-l3-agent-OUTPUT (1 references)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>     1    84 DNAT       all  --  *      *       0.0.0.0/0
>> 192.168.2.161        to:10.0.0.3
>>
>> Chain quantum-l3-agent-POSTROUTING (1 references)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>     0     0 ACCEPT     all  --  !qg-ee9f258e-0f !qg-ee9f258e-0f
>> 0.0.0.0/0            0.0.0.0/0            ! ctstate DNAT
>>
>> Chain quantum-l3-agent-PREROUTING (1 references)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>     5   420 DNAT       all  --  *      *       0.0.0.0/0
>> 192.168.2.161        to:10.0.0.3
>>
>> Chain quantum-l3-agent-float-snat (1 references)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>     5   420 SNAT       all  --  *      *       10.0.0.3
>> 0.0.0.0/0            to:192.168.2.161
>>
>> Chain quantum-l3-agent-snat (1 references)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>    10   840 quantum-l3-agent-float-snat  all  --  *      *
>> 0.0.0.0/0            0.0.0.0/0
>>     0     0 SNAT       all  --  *      *       10.0.0.0/24
>> 0.0.0.0/0            to:192.168.2.160
>>
>> Chain quantum-postrouting-bottom (1 references)
>>  pkts bytes target     prot opt in     out     source
>> destination
>>    10   840 quantum-l3-agent-snat  all  --  *      *       0.0.0.0/0
>> 0.0.0.0/0
>> root at controller-desktop:~#
>>
>>
>> Following is the link which we used to create floating IPs.
>>
>> *
>> http://docs.openstack.org/trunk/openstack-network/admin/content/demo_logical_network_config.html
>> *
>>
>> Thanks,
>> Shyam.
>>
>>
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> Ravi
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dan Wendlandt
Nicira, Inc: www.nicira.com
twitter: danwendlandt
~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20121125/07f07795/attachment.html>

More information about the OpenStack-dev mailing list