[Openstack-operators] nova-network not forwarding traffic for floating IPs
Warren Wang
warren at wangspeed.com
Thu Mar 21 01:57:21 UTC 2013
You have rp_filter set to 0 or 1? In 12.04 it got disabled.
Should have known promisc wasn't going to fix it since you said you had a tcpdump of that interface. Sorry.
--
Warren
On Mar 20, 2013, at 9:38 PM, Lorin Hochstein <lorin at nimbisservices.com> wrote:
> Alas, that didn't fix the issue.
>
> Lorin
>
>
> On Wed, Mar 20, 2013 at 9:33 PM, Warren Wang <warren at wangspeed.com> wrote:
>> Try enabling promiscuous on br100. Had the same problem in no multi mode.
>>
>> --
>> Warren
>>
>> On Mar 20, 2013, at 9:24 PM, Lorin Hochstein <lorin at nimbisservices.com> wrote:
>>
>>> Hey all:
>>>
>>> I'm having some trouble getting floating IPs working on a new Folsom deployment (using nova-network, FlatDHCP, no-multihost, running on Ubuntu 12.04).
>>>
>>> The short version is that nova-network does not seem to be forwarding the traffic for a floating IP. I have a running instance with a fixed IP of 10.40.0.2 and a floating IP of 10.20.0.3:
>>>
>>> $ nova list
>>> +-------+---------+--------+------------------------------+
>>> | ID | Name | Status | Networks |
>>> +-------+---------+--------+------------------------------+
>>> | 3d292 | quantal | ACTIVE | private=10.40.0.2, 10.20.0.3 |
>>> +-------+---------+--------+------------------------------+
>>>
>>> The controller has a public IP address of 10.20.0.2
>>>
>>> If I'm logged in to the controller, I can ssh to the instance on both the floating and fixed IP. But if I try to connect from an external network, I can't connect to the floating IP (I'm using the no-op firewall so shouldn't be a securitiy group issue, although I've also configured to allow ping and ssh in the default group).
>>>
>>> If I do a tcpdump, I can confirm the ICMP packets destined for 10.20.0.3 are received by the controller on the public interface, but they never appear on br100, which is where they should get forwarded to. I've got IP forwarding enabled, and at this point I'm at a loss to try and dtermine what's happening.
>>>
>>> I posted lots of gory details on serverfault <http://serverfault.com/questions/489893> including a link to a dump of iptables <https://gist.github.com/lorin/5209761>, "ip a", routing tables, etc.
>>>
>>> Anybody have any insights here?
>>>
>>> --
>>> Lorin Hochstein
>>> Lead Architect - Cloud Services
>>> Nimbis Services, Inc.
>>> www.nimbisservices.com
>>> _______________________________________________
>>> OpenStack-operators mailing list
>>> OpenStack-operators at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
>
> --
> Lorin Hochstein
> Lead Architect - Cloud Services
> Nimbis Services, Inc.
> www.nimbisservices.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20130320/1d207ba7/attachment.html>
More information about the OpenStack-operators
mailing list