[openstack-dev] Couldn't ping/ssh cirros instance using its floating ip
Aishwarya Thangappa_Professional
aishwarya.thangappa at gmail.com
Tue Nov 10 01:23:33 UTC 2015
Thanks Assaf. Will post my question there.
> On Nov 9, 2015, at 5:07 PM, Assaf Muller <amuller at redhat.com> wrote:
>
> You will have a much better time on ask.openstack.org - It's a super
> active Q&A site
> for questions exactly like this one. You posted your question to a
> developers mailing list
> where we choose release names and make other ultra important mission
> critical decisions.
>
> On Mon, Nov 9, 2015 at 6:34 PM, Aishwarya Thangappa_Professional
> <aishwarya.thangappa at gmail.com> wrote:
>> Hi there,
>>
>> In a fresh devstack(master branch) install,
>>
>> 1. I booted up a cirros instance and associated it with a floating ip.
>> 2. Created a security group rule to allow tcp port 22 and associated it with
>> the nova instance
>> 3. From the qrouter namespace, I can ping both the private and fip address
>> of the instance.
>> 4. But, couldn’t ssh into the instance from the external network using its
>> fip.
>>
>>
>> neutron net-list
>> +--------------------------------------+---------+----------------------------------------------------------+
>> | id | name | subnets
>> |
>> +--------------------------------------+---------+----------------------------------------------------------+
>> | 376357b1-6abe-46c1-844b-548a051391d5 | public |
>> 41b86431-41d6-4503-8329-767f84bad4d5 172.24.4.0/24 |
>> | | |
>> 79f0bf72-8c98-478b-a463-b6e3a101e6b7 2001:db8::/64 |
>> | ebe713c9-5064-48ec-9094-e44e150d36ad | private |
>> c7ebd45c-5a1f-4d97-a90e-b221f19c7177 10.0.0.0/24 |
>> | | |
>> d7aac86f-0b2c-4dd4-88cf-246bfb58006e fd69:7a94:27b7::/64 |
>> +--------------------------------------+---------+—————————————————————————-----------------------------————+
>>
>> $ neutron router-list
>> +--------------------------------------+---------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
>> | id | name | external_gateway_info
>> | distributed | ha |
>> +--------------------------------------+---------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
>> | 46715086-3f9c-4fb1-91b4-b41da24baa2f | router1 | {"network_id":
>> "376357b1-6abe-46c1-844b-548a051391d5", "enable_snat": true,
>> "external_fixed_ips": [{"subnet_id": "41b86431-41d6-4503-8329-767f84bad4d5",
>> "ip_address": "172.24.4.2"}, {"subnet_id":
>> "79f0bf72-8c98-478b-a463-b6e3a101e6b7", "ip_address": "2001:db8::1"}]} |
>> True | False |
>> +--------------------------------------+---------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-------------+-------+
>>
>> $ neutron security-group-rule-list
>> +--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
>> | id | security_group | direction |
>> ethertype | protocol/port | remote |
>> +--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
>> | 1cfb9a69-61e0-4df3-b04c-f9f9f4a54cc3 | default | egress | IPv4
>> | any | any |
>> | 4afe5008-c192-4582-95c8-21b1f64ab2a5 | default | ingress | IPv6
>> | any | default (group) |
>> | 5ce1e34d-7b9d-41d8-9a15-94711824ae68 | secgroup1 | ingress | IPv4
>> | 22/tcp | any |
>> | 6b3a8008-b446-4004-a72a-6ea2c9bbf375 | default | egress | IPv6
>> | any | any |
>> | 7feb5969-5f9d-4525-93a3-a108db59f65b | default | egress | IPv6
>> | any | any |
>> | 7ff6a82f-6c8c-4bb5-b893-d06272b0d69b | default | ingress | IPv4
>> | any | default (group) |
>> | 90f385c9-de19-4ede-b4ef-bf199537b49b | secgroup1 | egress | IPv6
>> | any | any |
>> | c21ed80d-fbee-4db6-8518-60a1070aff20 | secgroup1 | egress | IPv4
>> | 22/tcp | any |
>> | c3d1f6ea-b7c4-47ea-ace3-f9b3b1bf8d25 | default | egress | IPv4
>> | any | any |
>> | dc09a10a-37db-4a33-9abc-00798221254e | secgroup1 | egress | IPv4
>> | any | any |
>> | df4d7930-6ce0-43c8-996f-ced126c7cba0 | default | ingress | IPv4
>> | any | default (group) |
>> | e0d84fea-e47c-48f6-a29b-d41231674256 | default | ingress | IPv6
>> | any | default (group) |
>> +--------------------------------------+----------------+-----------+-----------+---------------+-----------------+
>>
>> $ nova show node1
>> +--------------------------------------+-----------------------------------------------------------------+
>> | Property | Value
>> |
>> +--------------------------------------+-----------------------------------------------------------------+
>> | OS-DCF:diskConfig | MANUAL
>> |
>> | OS-EXT-AZ:availability_zone | nova
>> |
>> | OS-EXT-SRV-ATTR:host | ubuntu
>> |
>> | OS-EXT-SRV-ATTR:hostname | node1
>> |
>> | OS-EXT-SRV-ATTR:hypervisor_hostname | ubuntu
>> |
>> | OS-EXT-SRV-ATTR:instance_name | instance-00000002
>> |
>> | OS-EXT-SRV-ATTR:kernel_id |
>> |
>> | OS-EXT-SRV-ATTR:launch_index | 0
>> |
>> | OS-EXT-SRV-ATTR:ramdisk_id |
>> |
>> | OS-EXT-SRV-ATTR:reservation_id | r-nokf6xx0
>> |
>> | OS-EXT-SRV-ATTR:root_device_name | /dev/vda
>> |
>> | OS-EXT-SRV-ATTR:user_data | -
>> |
>> | OS-EXT-STS:power_state | 1
>> |
>> | OS-EXT-STS:task_state | -
>> |
>> | OS-EXT-STS:vm_state | active
>> |
>> | OS-SRV-USG:launched_at | 2015-11-09T21:59:13.000000
>> |
>> | OS-SRV-USG:terminated_at | -
>> |
>> | accessIPv4 |
>> |
>> | accessIPv6 |
>> |
>> | config_drive | True
>> |
>> | created | 2015-11-09T21:59:03Z
>> |
>> | flavor | m1.tiny (1)
>> |
>> | hostId |
>> 3cd3087bf1edbd27ef36a03a5b862b810aa8653fed924c9efd6dca8b |
>> | id |
>> c936d684-5a20-4842-b47d-f6c336eb4e96 |
>> | image | cirros-0.3.3-x86_64-disk
>> (cc56d0b4-d143-4859-971d-5ef6ba9e2820) |
>> | key_name | -
>> |
>> | metadata | {}
>> |
>> | name | node1
>> |
>> | os-extended-volumes:volumes_attached | []
>> |
>> | private network | 10.0.0.4,
>> fd69:7a94:27b7:0:f816:3eff:fe39:59ac, 172.24.4.5 |
>> | progress | 0
>> |
>> | security_groups | default, secgroup1
>> |
>> | status | ACTIVE
>> |
>> | tenant_id | 5a93452f68c04785aff04fb4572f7472
>> |
>> | updated | 2015-11-09T21:59:13Z
>> |
>> | user_id | 124d5155bc9742d2a3f7e018ada5bd07
>> |
>> +--------------------------------------+——————————————————————————---------------------------------——————+
>>
>> $ sudo ip route add 172.24.4.0/24 dev br-ex
>>
>> $ route -n
>> Kernel IP routing table
>> Destination Gateway Genmask Flags Metric Ref Use
>> Iface
>> 0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
>> 10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
>> 172.24.4.0 0.0.0.0 255.255.255.0 U 0 0 0
>> br-ex
>> 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0
>> virbr0
>>
>> $ ip netns
>> snat-46715086-3f9c-4fb1-91b4-b41da24baa2f
>> qrouter-46715086-3f9c-4fb1-91b4-b41da24baa2f
>> qdhcp-ebe713c9-5064-48ec-9094-e44e150d36ad
>>
>> $ sudo ip netns exec qrouter-46715086-3f9c-4fb1-91b4-b41da24baa2f ssh
>> cirros at 10.0.0.4
>> cirros at 10.0.0.4's password:
>> $ exit
>> Connection to 10.0.0.4 closed.
>>
>> $ sudo ip netns exec qrouter-46715086-3f9c-4fb1-91b4-b41da24baa2f ssh
>> cirros at 172.24.4.5
>> The authenticity of host '172.24.4.5 (172.24.4.5)' can't be established.
>> RSA key fingerprint is 4a:96:f0:ea:1f:d0:4e:bb:0f:3f:74:f8:b4:3c:7e:75.
>> Are you sure you want to continue connecting (yes/no)? yes
>> Warning: Permanently added '172.24.4.5' (RSA) to the list of known hosts.
>> cirros at 172.24.4.5's password:
>> $ exit
>> Connection to 172.24.4.5 closed.
>>
>> $ sudo ip netns exec qrouter-46715086-3f9c-4fb1-91b4-b41da24baa2f ip a
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
>> default
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> inet 127.0.0.1/8 scope host lo
>> valid_lft forever preferred_lft forever
>> inet6 ::1/128 scope host
>> valid_lft forever preferred_lft forever
>> 2: rfp-46715086-3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> pfifo_fast state UP group default qlen 1000
>> link/ether ca:fb:c6:7d:05:36 brd ff:ff:ff:ff:ff:ff
>> inet 169.254.31.28/31 scope global rfp-46715086-3
>> valid_lft forever preferred_lft forever
>> inet 172.24.4.5/32 brd 172.24.4.5 scope global rfp-46715086-3
>> valid_lft forever preferred_lft forever
>> inet6 fe80::c8fb:c6ff:fe7d:536/64 scope link
>> valid_lft forever preferred_lft forever
>> 6: qr-f97ba294-61: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
>> UNKNOWN group default
>> link/ether fa:16:3e:db:4e:c1 brd ff:ff:ff:ff:ff:ff
>> inet6 fd69:7a94:27b7::1/64 scope global
>> valid_lft forever preferred_lft forever
>> inet6 fe80::f816:3eff:fedb:4ec1/64 scope link
>> valid_lft forever preferred_lft forever
>> 8: qr-2eedb07a-73: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
>> UNKNOWN group default
>> link/ether fa:16:3e:36:70:4d brd ff:ff:ff:ff:ff:ff
>> inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-2eedb07a-73
>> valid_lft forever preferred_lft forever
>> inet6 fe80::f816:3eff:fe36:704d/64 scope link
>> valid_lft forever preferred_lft forever
>>
>> $ sudo ip netns exec qrouter-46715086-3f9c-4fb1-91b4-b41da24baa2f route -n
>> Kernel IP routing table
>> Destination Gateway Genmask Flags Metric Ref Use
>> Iface
>> 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0
>> qr-2eedb07a-73
>> 169.254.31.28 0.0.0.0 255.255.255.254 U 0 0 0
>> rfp-46715086-3
>>
>> Can some one please point out what is going wrong here? Thank you!
>>
>> -Aishwarya.
>>
>>
>>
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list