[Openstack-operators] floatin ip issue

Paras pradhan pradhanparas at gmail.com
Mon Nov 3 16:01:07 UTC 2014


George,

Disabled nat on the compute node and now I can ping/ssh to the instance
using the floating. Do you see anything wrong the nat rules here
http://paste.openstack.org/show/128754/ ?

Thanks
Paras.

On Fri, Oct 31, 2014 at 6:20 AM, George Shuklin <george.shuklin at gmail.com>
wrote:

>  I was wrong, sorry. Floatings assigned as /32 on external interface
> inside network namespace. The signle idea I have now - is try to remove all
> iptables with NAT (it's destructive up to moment of network node reboot or
> router delete/create), and check out if address will reply to ping.
>
> If 'yes' - means problems in routing/nat
> If 'no' - means problem are outside openstack router (external net,
> provider routing, etc).
>
>
> On 10/29/2014 06:23 PM, Paras pradhan wrote:
>
> Hi George,
>
>
>  You mean .193 and .194 should be in the different subnets?
> 192.168.122.193/24 reserved  from the allocation pool and
> 192.168.122.194/32 is the floating ip.
>
>  Here are the outputs for the commands
>
>
> *neutron port-list --device-id=8725dd16-8831-4a09-ae98-6c5342ea501f *
>
>
> +--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+
>
> | id                                   | name | mac_address       |
> fixed_ips
>             |
>
>
> +--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+
>
> | 6f835de4-c15b-44b8-9002-160ff4870643 |      | fa:16:3e:85:dc:ee |
> {"subnet_id": "0189699c-8ffc-44cb-aebc-054c8d6001ee", "ip_address":
> "192.168.122.193"} |
>
> | be3c4294-5f16-45b6-8c21-44b35247d102 |      | fa:16:3e:72:ae:da |
> {"subnet_id": "d01a6522-063d-40ba-b4dc-5843177aab51", "ip_address":
> "10.10.0.1"}       |
>
>
> +--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+
>
>  *neutron floatingip-list*
>
>
> +--------------------------------------+------------------+---------------------+--------------------------------------+
>
> | id                                   | fixed_ip_address |
> floating_ip_address | port_id                              |
>
>
> +--------------------------------------+------------------+---------------------+--------------------------------------+
>
> | 55b00e9c-5b79-4553-956b-e342ae0a430a | 10.10.0.9        |
> 192.168.122.194     | 82bcbb91-827a-41aa-9dd9-cb7a4f8e7166 |
>
>
> +--------------------------------------+------------------+---------------------+--------------------------------------+
>
>  *neutron net-list*
>
>
> +--------------------------------------+----------+-------------------------------------------------------+
>
> | id                                   | name     | subnets
>                                 |
>
>
> +--------------------------------------+----------+-------------------------------------------------------+
>
> | dabc2c18-da64-467b-a2ba-373e460444a7 | demo-net |
> d01a6522-063d-40ba-b4dc-5843177aab51 10.10.0.0/24     |
>
> | ceaaf189-5b6f-4215-8686-fbdeae87c12d | ext-net  |
> 0189699c-8ffc-44cb-aebc-054c8d6001ee 192.168.122.0/24 |
>
>
> +--------------------------------------+----------+-------------------------------------------------------+
>
>
>  *neutron subnet-list*
>
>
> +--------------------------------------+-------------+------------------+--------------------------------------------------------+
>
> | id                                   | name        | cidr             |
> allocation_pools                                       |
>
>
> +--------------------------------------+-------------+------------------+--------------------------------------------------------+
>
> | d01a6522-063d-40ba-b4dc-5843177aab51 | demo-subnet | 10.10.0.0/24     |
> {"start": "10.10.0.2", "end": "10.10.0.254"}           |
>
> | 0189699c-8ffc-44cb-aebc-054c8d6001ee | ext-subnet  | 192.168.122.0/24 |
> {"start": "192.168.122.193", "end": "192.168.122.222"} |
>
>
> +--------------------------------------+-------------+------------------+--------------------------------------------------------+
>
>
>  P.S: External subnet is 192.168.122.0/24 and internal vm instance's
> subnet is 10.10.0.0/24
>
>
>  Thanks
>
> Paras.
>
> On Mon, Oct 27, 2014 at 5:51 PM, George Shuklin <george.shuklin at gmail.com>
> wrote:
>
>>
>> I don't like this:
>>
>> 15: qg-d351f21a-08: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
>> UNKNOWN group default
>>     inet 192.168.122.193/24 brd 192.168.122.255 scope global
>> qg-d351f21a-08
>>        valid_lft forever preferred_lft forever
>>     inet 192.168.122.194/32 brd 192.168.122.194 scope global
>> qg-d351f21a-08
>>        valid_lft forever preferred_lft forever
>>
>>  Why you got two IPs on same interface with different netmasks?
>>
>> I just rechecked it on our installations - it should not be happens.
>>
>> Next: or this is a bug, or this is uncleaned network node (lesser bug),
>> or someone messing with neutron.
>>
>> Starts from neutron:
>>
>> show ports for router:
>>
>> neutron port-list --device-id=router-uuid-here
>> neutron floatingips-list
>> neutron net-list
>> neutron subnet-list
>> (trim to related only)
>>
>> (and please mark again who is 'internet' and who is 'internal' ips, i'm
>> kinda loosing in '192.168.*'.
>>
>>
>>
>> On 10/27/2014 04:47 PM, Paras pradhan wrote:
>>
>> *Yes it got its ip which is 192.168.122.194 in the paste below.*
>>
>>  --
>>
>>  root at juno2:~# ip netns exec
>> qrouter-34f3b828-b7b8-4f44-b430-14d9c5bd0d0c ip -4 a
>>
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
>> default
>>
>>     inet 127.0.0.1/8 scope host lo
>>
>>        valid_lft forever preferred_lft forever
>>
>> 14: qr-ac50d700-29: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
>> UNKNOWN group default
>>
>>     inet 50.50.50.1/24 brd 50.50.50.255 scope global qr-ac50d700-29
>>
>>        valid_lft forever preferred_lft forever
>>
>> 15: qg-d351f21a-08: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
>> UNKNOWN group default
>>
>>     inet 192.168.122.193/24 brd 192.168.122.255 scope global
>> qg-d351f21a-08
>>
>>        valid_lft forever preferred_lft forever
>>
>>     inet 192.168.122.194/32 brd 192.168.122.194 scope global
>> qg-d351f21a-08
>>
>>        valid_lft forever preferred_lft forever
>>
>> ---
>>
>>
>> *stdbuf -e0 -o0 ip net exec qrouter... /bin/bash give me the following *
>>
>>
>>  --
>>
>>
>>  root at juno2:~# ifconfig
>>
>> lo        Link encap:Local Loopback
>>
>>           inet addr:127.0.0.1  Mask:255.0.0.0
>>
>>           inet6 addr: ::1/128 Scope:Host
>>
>>           UP LOOPBACK RUNNING  MTU:65536  Metric:1
>>
>>           RX packets:2 errors:0 dropped:0 overruns:0 frame:0
>>
>>           TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
>>
>>           collisions:0 txqueuelen:0
>>
>>           RX bytes:168 (168.0 B)  TX bytes:168 (168.0 B)
>>
>>
>>  qg-d351f21a-08 Link encap:Ethernet  HWaddr fa:16:3e:79:0f:a2
>>
>>           inet addr:192.168.122.193  Bcast:192.168.122.255
>> Mask:255.255.255.0
>>
>>           inet6 addr: fe80::f816:3eff:fe79:fa2/64 Scope:Link
>>
>>           UP BROADCAST RUNNING  MTU:1500  Metric:1
>>
>>           RX packets:2673 errors:0 dropped:0 overruns:0 frame:0
>>
>>           TX packets:112 errors:0 dropped:0 overruns:0 carrier:0
>>
>>           collisions:0 txqueuelen:0
>>
>>           RX bytes:205377 (205.3 KB)  TX bytes:6537 (6.5 KB)
>>
>>
>>  qr-ac50d700-29 Link encap:Ethernet  HWaddr fa:16:3e:7e:6d:f3
>>
>>           inet addr:50.50.50.1  Bcast:50.50.50.255  Mask:255.255.255.0
>>
>>           inet6 addr: fe80::f816:3eff:fe7e:6df3/64 Scope:Link
>>
>>           UP BROADCAST RUNNING  MTU:1500  Metric:1
>>
>>           RX packets:345 errors:0 dropped:0 overruns:0 frame:0
>>
>>           TX packets:1719 errors:0 dropped:0 overruns:0 carrier:0
>>
>>           collisions:0 txqueuelen:0
>>
>>            RX bytes:27377 (27.3 KB)  TX bytes:164541 (164.5 KB)
>>
>> --
>>
>>
>>  Thanks
>>
>> Paras.
>>
>>
>>
>> On Sat, Oct 25, 2014 at 3:18 AM, George Shuklin <george.shuklin at gmail.com
>> > wrote:
>>
>>>  Check out if qrouter got floating inside network namespace  (ip net
>>> exec qrouter... ip -4 a), or just bash in to it (stdbuf -e0 -o0 ip net exec
>>> qrouter... /bin/bash) and play with it like with normal server.
>>>
>>>
>>>
>>> On 10/24/2014 07:38 PM, Paras pradhan wrote:
>>>
>>>  Hello,
>>>
>>>  Assigned a floating ip to an instance. But I can't ping the instance.
>>> This instance can reach internet with no problem. But I can't ssh or icmp
>>> to this instance. Its not a security group issue.
>>>
>>>  On my network node that runs l3, I can see qrouter. The extenel subnet
>>> looks like this:
>>>
>>>  allocation-pool start=192.168.122.193,end=192.168.122.222
>>> --disable-dhcp --gateway 192.168.122.1 192.168.122.0/24
>>>
>>> I can ping 192.168.122.193 using: ip netns exec
>>> qrouter-34f3b828-b7b8-4f44-b430-14d9c5bd0d0c ping 192.168.122.193
>>>
>>> but not 192.168.122.194 (which is the floating ip)
>>>
>>> Doing tcp dump on the interace that connects to the external world, I
>>> can see ICMP request but not reply from the interface :
>>>
>>>
>>>  11:36:40.360255 IP 192.168.122.1 > 192.168.122.194: ICMP echo request,
>>> id 2589, seq 312, length 64
>>>
>>>  11:36:41.360222 IP 192.168.122.1 > 192.168.122.194: ICMP echo request,
>>> id 2589, seq 313, length 64
>>>
>>>
>>>  Ideas?
>>>
>>> Thanks
>>>
>>> Paras.
>>>
>>>
>>>  _______________________________________________
>>> OpenStack-operators mailing listOpenStack-operators at lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>
>>>
>>>
>>> _______________________________________________
>>> OpenStack-operators mailing list
>>> OpenStack-operators at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>
>>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20141103/c48e0086/attachment.html>


More information about the OpenStack-operators mailing list