[OpenStack-fr] 2 providers networks. VM using floating IP from one can reach the controleur and VM from the other network not .

Jerome Pansanel jerome.pansanel at iphc.cnrs.fr
Lun 13 Nov 14:07:32 UTC 2017


Hi Stephane,

Thanks for given us the solution :-)

Cheers,

Jerome

Le 13/11/2017 à 15:03, Stéphane Delmotte a écrit :
> Le 09/11/2017 à 21:16, Jerome Pansanel a écrit :
>> Hi Stéphane,
>>
>> Can you tell us if your VM are one the same host?
>>
>> Do you have two different (virtual) routers to access the 134.214.213.0
>> and 134.214.32.0 networks?
>>
>> Did you check the path of a ICMP packet with tcpdump?
>>
>> Cheers,
>>
>> Jerome
>>
>> Le 09/11/2017 à 16:29, Stéphane Delmotte a écrit :
>>> I have a problem with network on my cloud.
>>>
>>> Some VM (depends of project) use floating ip from public01 and other
>>> from public02
>>>
>>> My vm on the network public01 work perfectly and can reach the
>>> controleur (134.214.34.20) (it is on the same network in my case
>>> 134.214.32.0/22)
>>> (it  use floating ip)
>>>
>>> my vm on the network public02 work perfectly and can reach all host on
>>> the netwok 134.214.213.0/24 and 134.214.32.0/22 exept the controleur
>>> (134.214.34.20)
>>> why ?
>>>
>>>
>>>
>>> there is my configuration
>>> 2 providers networks public01 and public02
>>>
>>> Field                     | Value                                |
>>> +---------------------------+--------------------------------------+
>>> | admin_state_up            | UP |
>>> | availability_zone_hints   | |
>>> | availability_zones        | nova |
>>> | created_at                | 2017-09-18T14:20:12Z |
>>> | description               | |
>>> | dns_domain                | None |
>>> | id                        | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b |
>>> | ipv4_address_scope        | None |
>>> | ipv6_address_scope        | None |
>>> | is_default                | False |
>>> | mtu                       | 1400 |
>>> | name                      | public01 |
>>> | port_security_enabled     | False |
>>> | project_id                | 7a8caa84511d41a291f7b67ae8750eb6 |
>>> | provider:network_type     | flat |
>>> | provider:physical_network | extnet |
>>> | provider:segmentation_id  | None |
>>> | qos_policy_id             | None |
>>> | revision_number           | 12 |
>>> | router:external           | External |
>>> | segments                  | None |
>>> | shared                    | True |
>>> | status                    | ACTIVE |
>>> | subnets                   | 78c4021e-420f-4acc-a3d4-60232116281d |
>>> | updated_at                | 2017-09-20T12:23:03Z |
>>> +---------------------------+--------------------------------------+
>>>
>>>
>>> +---------------------------+--------------------------------------+
>>> | Field                     | Value |
>>> +---------------------------+--------------------------------------+
>>> | admin_state_up            | UP |
>>> | availability_zone_hints   | |
>>> | availability_zones        | nova |
>>> | created_at                | 2017-10-20T09:18:56Z |
>>> | description               | |
>>> | dns_domain                | None |
>>> | id                        | f5d0ece1-cd2d-463e-8352-dec298cd1993 |
>>> | ipv4_address_scope        | None |
>>> | ipv6_address_scope        | None |
>>> | is_default                | False |
>>> | mtu                       | 1400 |
>>> | name                      | public02 |
>>> | port_security_enabled     | False |
>>> | project_id                | 7a8caa84511d41a291f7b67ae8750eb6 |
>>> | provider:network_type     | flat |
>>> | provider:physical_network | prabi |
>>> | provider:segmentation_id  | None |
>>> | qos_policy_id             | None |
>>> | revision_number           | 6 |
>>> | router:external           | External |
>>> | segments                  | None |
>>> | shared                    | True |
>>> | status                    | ACTIVE |
>>> | subnets                   | 7a6df182-0754-4ebb-b93f-b57373328d16 |
>>> | updated_at                | 2017-10-20T11:45:40Z |
>>> +---------------------------+--------------------------------------+
>>>
>>>
>>>
>>> and public_subnet
>>>
>>> 78c4021e-420f-4acc-a3d4-60232116281d |
>>> public_subnet                                     |
>>> 146cf744-5cc2-4a2a-b67b-52c6e0222d6b | 134.214.32.0/22  |
>>> 7a6df182-0754-4ebb-b93f-b57373328d16 |
>>> public2_subnet                                    |
>>> f5d0ece1-cd2d-463e-8352-dec298cd1993 | 134.214.213.0/24 |
>>>
>>> subnet show public2_subnet
>>> +-------------------+--------------------------------------+
>>> | Field             | Value                                |
>>> +-------------------+--------------------------------------+
>>> | allocation_pools  | 134.214.213.3-134.214.213.252        |
>>> | cidr              | 134.214.213.0/24                     |
>>> | created_at        | 2017-10-20T09:30:03Z                 |
>>> | description       |                                      |
>>> | dns_nameservers   | 134.214.100.6                        |
>>> | enable_dhcp       | True                                 |
>>> | gateway_ip        | 134.214.213.1                        |
>>> | host_routes       |                                      |
>>> | id                | 7a6df182-0754-4ebb-b93f-b57373328d16 |
>>> | ip_version        | 4                                    |
>>> | ipv6_address_mode | None                                 |
>>> | ipv6_ra_mode      | None                                 |
>>> | name              | public2_subnet                       |
>>> | network_id        | f5d0ece1-cd2d-463e-8352-dec298cd1993 |
>>> | project_id        | 7a8caa84511d41a291f7b67ae8750eb6     |
>>> | revision_number   | 3                                    |
>>> | segment_id        | None                                 |
>>> | service_types     |                                      |
>>> | subnetpool_id     | None                                 |
>>> | updated_at        | 2017-10-20T11:45:40Z                 |
>>> +-------------------+--------------------------------------+
>>>
>>>
>>> subnet show public_subnet
>>> +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+
>>>
>>>
>>> | Field             | Value |
>>> +-------------------+---------------------------------------------------------------------------------------------------------------------------------------------------+
>>>
>>>
>>> | allocation_pools  |
>>> 134.214.34.141-134.214.34.141,134.214.35.208-134.214.35.208,134.214.34.25-134.214.34.27,134.214.34.22-134.214.34.23,134.214.35.183-134.214.35.183
>>>
>>> |
>>> | cidr              | 134.214.32.0/22 |
>>> | created_at        | 2017-09-18T14:20:26Z |
>>> | description | |
>>> | dns_nameservers   | 134.214.100.245, 134.214.100.6 |
>>> | enable_dhcp       | False |
>>> | gateway_ip        | 134.214.32.1 |
>>> | host_routes | |
>>> | id                | 78c4021e-420f-4acc-a3d4-60232116281d |
>>> | ip_version        | 4 |
>>> | ipv6_address_mode | None |
>>> | ipv6_ra_mode      | None |
>>> | name              | public_subnet |
>>> | network_id        | 146cf744-5cc2-4a2a-b67b-52c6e0222d6b |
>>> | project_id        | 7a8caa84511d41a291f7b67ae8750eb6 |
>>> | revision_number   | 9 |
>>> | segment_id        | None |
>>> | service_types | |
>>> | subnetpool_id     | None |
>>> | updated_at        | 2017-09-20T12:23:03Z
>>>
>>>
>>>
>>>
>>>
>>> I need my VM (ip form public02) can reach the controler because I use a
>>> cloud broker sleepstream and my vm (on the network 134.214.213.0/24 need
>>> connect the API 134.214.32.0/22 because some of them can be
>>> orchestrator).
>>>
>>> I need somme help
>>> thanks
>>> Stéphane
>>>
>>>
> Hi Jérome,
>>
>> VM are not on same host but in a compute (ifb-node07.univ-lyon1)
>>
>>
>>
>> VM from the other project run also on that compute.
>>
>>
>>
>> I have also try with a bar metal machine : I put one of our laptop on
>> the network 134.214.213.0 in that case I have the same problem
>>
>>
>>
>> ping laptop -> controleur  : no
>>
>>
>>
>> ping controleur > laptop  : yes
>>
>>
> I have found the solution,
> 
> On my controleur I have 2 net ns
> qrouter-a9f248e8-a8be-49a2-93c9-d9e779ae4d1f
> qrouter-12bf2dd0-de64-42c1-bb48-d1b94e03c3b1
> (one by provider network)
> 
> the name space where is attached my provider tenant (134.214.213.0/24) 
> is the second one.
> I put the route to my controler like this. (i'v found before the name of
> the veth)
> ip netns exec qrouter-12bf2dd0-de64-42c1-bb48-d1b94e03c3b1 route add
> 134.214.34.20 dev qg-e9bcd6a8-8f
> 
> it is ok now
> 
> 
> Thanks
> 
> Stéphane
> 


-- 
Jerome Pansanel, PhD
Technical Director at France Grilles
Grid & Cloud Computing Operations Manager at IPHC
IPHC                        ||  GSM: +33 (0)6 25 19 24 43
23 rue du Loess, BP 28      ||  Tel: +33 (0)3 88 10 66 24
F-67037 STRASBOURG Cedex 2  ||  Fax: +33 (0)3 88 10 62 34



Plus d'informations sur la liste de diffusion OpenStack-fr