That worked great. What is going on there? If I run the VM on the same physical machine as the L3 agent I do not need to set the MTU. Interesting. Sam On Tue, Oct 1, 2013 at 11:02 AM, Darragh O'Reilly < dara2002-openstack at yahoo.com> wrote: > Sam, > > > being able to reach http but not https sites sounds like the mtu issue we > have seen before. As a quick test try reducing the mtu on the instance: > > $ sudo ip link set mtu 1400 dev eth0 > > and see if the wget to the https site works. > > > Re, Darragh. > > > >Hello, > > > > > >I have two external network hosts (test1 and test2) both running the l3 > agent on the same network (XXX.YYY.0.0/24). I am using OVS/namespace/gre > networking. When a neutron/quantum router is set to use the l3-agent on > test1 everything works fine. If I set the same router to use the l3-agent > on test2 I experience some odd problems: From within a VM using the router > on test2 I can wget files from http sites but not from https sites. I have > noticed that the iptables (not within any namespace) are VERY different for > the two servers: > > > > > >Working l3-agent (test1) iptables: http://paste.openstack.org/show/47695/ > >Non-working l3-agent (test2) iptables: > http://paste.openstack.org/show/47696/ > > > > > >Notice that the iptables for test1 contain chains for the security groups > such as quantum-openvswi-i435b8f52-6. I do not see anything like this on > test2. > > > > > > > > > >Does anyone have any idea what might be causing this issue? > > > > > >Thanks! > >Sam > > > > > > > > > >_______________________________________________ > >OpenStack-operators mailing list > >OpenStack-operators at lists.openstack.org > >http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20131001/24c89348/attachment.html>