[openstack-dev] Couldn't ping/ssh cirros instance using its floating ip

Aishwarya Thangappa_Professional aishwarya.thangappa at gmail.com
Tue Nov 10 01:23:33 UTC 2015


Thanks Assaf. Will post my question there.

> On Nov 9, 2015, at 5:07 PM, Assaf Muller <amuller at redhat.com> wrote:
> 
> You will have a much better time on ask.openstack.org - It's a super
> active Q&A site
> for questions exactly like this one. You posted your question to a
> developers mailing list
> where we choose release names and make other ultra important mission
> critical decisions.
> 
> On Mon, Nov 9, 2015 at 6:34 PM, Aishwarya Thangappa_Professional
> <aishwarya.thangappa at gmail.com> wrote:
>> Hi there,
>> 
>> In a fresh devstack(master branch) install,
>> 
>> 1. I booted up a cirros instance and associated it with a floating ip.
>> 2. Created a security group rule to allow tcp port 22 and associated it with
>> the nova instance
>> 3. From the qrouter namespace, I can ping both the private and fip address
>> of the instance.
>> 4. But, couldn’t ssh into the instance from the external network using its
>> fip.
>> 
>> 
>> neutron net-list
>> +--------------------------------------+---------+----------------------------------------------------------+
>> | id                                   | name    | subnets
>> |
>> +--------------------------------------+---------+----------------------------------------------------------+
>> | 376357b1-6abe-46c1-844b-548a051391d5 | public  |
>> 41b86431-41d6-4503-8329-767f84bad4d5 172.24.4.0/24       |
>> |                                      |         |
>> 79f0bf72-8c98-478b-a463-b6e3a101e6b7 2001:db8::/64       |
>> | ebe713c9-5064-48ec-9094-e44e150d36ad | private |
>> c7ebd45c-5a1f-4d97-a90e-b221f19c7177 10.0.0.0/24         |
>> |                                      |         |
>> d7aac86f-0b2c-4dd4-88cf-246bfb58006e fd69:7a94:27b7::/64 |
>> +--------------------------------------+---------+—————————————————————————-----------------------------————+
>> 
>> $ neutron router-list
>> +--------------------------------------+---------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
>> | id                                   | name    | external_gateway_info
>> | distributed | ha    |
>> +--------------------------------------+---------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
>> | 46715086-3f9c-4fb1-91b4-b41da24baa2f | router1 | {"network_id":
>> "376357b1-6abe-46c1-844b-548a051391d5", "enable_snat": true,
>> "external_fixed_ips": [{"subnet_id": "41b86431-41d6-4503-8329-767f84bad4d5",
>> "ip_address": "172.24.4.2"}, {"subnet_id":
>> "79f0bf72-8c98-478b-a463-b6e3a101e6b7", "ip_address": "2001:db8::1"}]} |
>> True        | False |
>> +--------------------------------------+---------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
>> 
>> $ neutron security-group-rule-list
>> +--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
>> | id                                   | security_group | direction |
>> ethertype | protocol/port | remote          |
>> +--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
>> | 1cfb9a69-61e0-4df3-b04c-f9f9f4a54cc3 | default        | egress    | IPv4
>> | any           | any             |
>> | 4afe5008-c192-4582-95c8-21b1f64ab2a5 | default        | ingress   | IPv6
>> | any           | default (group) |
>> | 5ce1e34d-7b9d-41d8-9a15-94711824ae68 | secgroup1      | ingress   | IPv4
>> | 22/tcp        | any             |
>> | 6b3a8008-b446-4004-a72a-6ea2c9bbf375 | default        | egress    | IPv6
>> | any           | any             |
>> | 7feb5969-5f9d-4525-93a3-a108db59f65b | default        | egress    | IPv6
>> | any           | any             |
>> | 7ff6a82f-6c8c-4bb5-b893-d06272b0d69b | default        | ingress   | IPv4
>> | any           | default (group) |
>> | 90f385c9-de19-4ede-b4ef-bf199537b49b | secgroup1      | egress    | IPv6
>> | any           | any             |
>> | c21ed80d-fbee-4db6-8518-60a1070aff20 | secgroup1      | egress    | IPv4
>> | 22/tcp        | any             |
>> | c3d1f6ea-b7c4-47ea-ace3-f9b3b1bf8d25 | default        | egress    | IPv4
>> | any           | any             |
>> | dc09a10a-37db-4a33-9abc-00798221254e | secgroup1      | egress    | IPv4
>> | any           | any             |
>> | df4d7930-6ce0-43c8-996f-ced126c7cba0 | default        | ingress   | IPv4
>> | any           | default (group) |
>> | e0d84fea-e47c-48f6-a29b-d41231674256 | default        | ingress   | IPv6
>> | any           | default (group) |
>> +--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
>> 
>> $ nova show node1
>> +--------------------------------------+-----------------------------------------------------------------+
>> | Property                             | Value
>> |
>> +--------------------------------------+-----------------------------------------------------------------+
>> | OS-DCF:diskConfig                    | MANUAL
>> |
>> | OS-EXT-AZ:availability_zone          | nova
>> |
>> | OS-EXT-SRV-ATTR:host                 | ubuntu
>> |
>> | OS-EXT-SRV-ATTR:hostname             | node1
>> |
>> | OS-EXT-SRV-ATTR:hypervisor_hostname  | ubuntu
>> |
>> | OS-EXT-SRV-ATTR:instance_name        | instance-00000002
>> |
>> | OS-EXT-SRV-ATTR:kernel_id            |
>> |
>> | OS-EXT-SRV-ATTR:launch_index         | 0
>> |
>> | OS-EXT-SRV-ATTR:ramdisk_id           |
>> |
>> | OS-EXT-SRV-ATTR:reservation_id       | r-nokf6xx0
>> |
>> | OS-EXT-SRV-ATTR:root_device_name     | /dev/vda
>> |
>> | OS-EXT-SRV-ATTR:user_data            | -
>> |
>> | OS-EXT-STS:power_state               | 1
>> |
>> | OS-EXT-STS:task_state                | -
>> |
>> | OS-EXT-STS:vm_state                  | active
>> |
>> | OS-SRV-USG:launched_at               | 2015-11-09T21:59:13.000000
>> |
>> | OS-SRV-USG:terminated_at             | -
>> |
>> | accessIPv4                           |
>> |
>> | accessIPv6                           |
>> |
>> | config_drive                         | True
>> |
>> | created                              | 2015-11-09T21:59:03Z
>> |
>> | flavor                               | m1.tiny (1)
>> |
>> | hostId                               |
>> 3cd3087bf1edbd27ef36a03a5b862b810aa8653fed924c9efd6dca8b        |
>> | id                                   |
>> c936d684-5a20-4842-b47d-f6c336eb4e96                            |
>> | image                                | cirros-0.3.3-x86_64-disk
>> (cc56d0b4-d143-4859-971d-5ef6ba9e2820) |
>> | key_name                             | -
>> |
>> | metadata                             | {}
>> |
>> | name                                 | node1
>> |
>> | os-extended-volumes:volumes_attached | []
>> |
>> | private network                      | 10.0.0.4,
>> fd69:7a94:27b7:0:f816:3eff:fe39:59ac, 172.24.4.5      |
>> | progress                             | 0
>> |
>> | security_groups                      | default, secgroup1
>> |
>> | status                               | ACTIVE
>> |
>> | tenant_id                            | 5a93452f68c04785aff04fb4572f7472
>> |
>> | updated                              | 2015-11-09T21:59:13Z
>> |
>> | user_id                              | 124d5155bc9742d2a3f7e018ada5bd07
>> |
>> +--------------------------------------+——————————————————————————---------------------------------——————+
>> 
>> $ sudo ip route add 172.24.4.0/24 dev br-ex
>> 
>> $ route -n
>> Kernel IP routing table
>> Destination     Gateway         Genmask         Flags Metric Ref    Use
>> Iface
>> 0.0.0.0         10.0.2.2        0.0.0.0         UG    0      0        0 eth0
>> 10.0.2.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0
>> 172.24.4.0      0.0.0.0         255.255.255.0   U     0      0        0
>> br-ex
>> 192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0
>> virbr0
>> 
>> $ ip netns
>> snat-46715086-3f9c-4fb1-91b4-b41da24baa2f
>> qrouter-46715086-3f9c-4fb1-91b4-b41da24baa2f
>> qdhcp-ebe713c9-5064-48ec-9094-e44e150d36ad
>> 
>> $ sudo ip netns exec qrouter-46715086-3f9c-4fb1-91b4-b41da24baa2f ssh
>> cirros at 10.0.0.4
>> cirros at 10.0.0.4's password:
>> $ exit
>> Connection to 10.0.0.4 closed.
>> 
>> $ sudo ip netns exec qrouter-46715086-3f9c-4fb1-91b4-b41da24baa2f ssh
>> cirros at 172.24.4.5
>> The authenticity of host '172.24.4.5 (172.24.4.5)' can't be established.
>> RSA key fingerprint is 4a:96:f0:ea:1f:d0:4e:bb:0f:3f:74:f8:b4:3c:7e:75.
>> Are you sure you want to continue connecting (yes/no)? yes
>> Warning: Permanently added '172.24.4.5' (RSA) to the list of known hosts.
>> cirros at 172.24.4.5's password:
>> $ exit
>> Connection to 172.24.4.5 closed.
>> 
>> $ sudo ip netns exec qrouter-46715086-3f9c-4fb1-91b4-b41da24baa2f ip a
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
>> default
>>    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>    inet 127.0.0.1/8 scope host lo
>>       valid_lft forever preferred_lft forever
>>    inet6 ::1/128 scope host
>>       valid_lft forever preferred_lft forever
>> 2: rfp-46715086-3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> pfifo_fast state UP group default qlen 1000
>>    link/ether ca:fb:c6:7d:05:36 brd ff:ff:ff:ff:ff:ff
>>    inet 169.254.31.28/31 scope global rfp-46715086-3
>>       valid_lft forever preferred_lft forever
>>    inet 172.24.4.5/32 brd 172.24.4.5 scope global rfp-46715086-3
>>       valid_lft forever preferred_lft forever
>>    inet6 fe80::c8fb:c6ff:fe7d:536/64 scope link
>>       valid_lft forever preferred_lft forever
>> 6: qr-f97ba294-61: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
>> UNKNOWN group default
>>    link/ether fa:16:3e:db:4e:c1 brd ff:ff:ff:ff:ff:ff
>>    inet6 fd69:7a94:27b7::1/64 scope global
>>       valid_lft forever preferred_lft forever
>>    inet6 fe80::f816:3eff:fedb:4ec1/64 scope link
>>       valid_lft forever preferred_lft forever
>> 8: qr-2eedb07a-73: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
>> UNKNOWN group default
>>    link/ether fa:16:3e:36:70:4d brd ff:ff:ff:ff:ff:ff
>>    inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-2eedb07a-73
>>       valid_lft forever preferred_lft forever
>>    inet6 fe80::f816:3eff:fe36:704d/64 scope link
>>       valid_lft forever preferred_lft forever
>> 
>> $ sudo ip netns exec qrouter-46715086-3f9c-4fb1-91b4-b41da24baa2f route -n
>> Kernel IP routing table
>> Destination     Gateway         Genmask         Flags Metric Ref    Use
>> Iface
>> 10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0
>> qr-2eedb07a-73
>> 169.254.31.28   0.0.0.0         255.255.255.254 U     0      0        0
>> rfp-46715086-3
>> 
>> Can some one please point out what is going wrong here? Thank you!
>> 
>> -Aishwarya.
>> 
>> 
>> 
>> 
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>> 
> 
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




More information about the OpenStack-dev mailing list