[Openstack-operators] floatin ip issue

Tim Goddard timg at catalyst.net.nz
Wed Oct 29 22:56:44 UTC 2014


Not that well versed in Openstack routing, but noticing something odd here.

Why do you have a private IP address as a floating IP? While possible, of 
course you can't ping a 192.168.X.X address from outside.

Make sure your floating IP ranges and any other internal IP ranges don't 
overlap. You may well have problems with your gateway if they do.

On Wed, 29 Oct 2014 11:23:56 Paras pradhan wrote:
> correction:
> 
> *You mean .193 and .194 should be in the different interfaces?
> 192.168.122.193/24 reserved  from the allocation pool and
> 192.168.122.194/32 is the floating ip*
> 
> 
> On Wed, Oct 29, 2014 at 11:23 AM, Paras pradhan <pradhanparas at gmail.com>
> 
> wrote:
> > Hi George,
> > 
> > 
> > You mean .193 and .194 should be in the different subnets?
> > 192.168.122.193/24 reserved  from the allocation pool and
> > 192.168.122.194/32 is the floating ip.
> > 
> > Here are the outputs for the commands
> > 
> > 
> > *neutron port-list --device-id=8725dd16-8831-4a09-ae98-6c5342ea501f*
> > 
> > 
> > +--------------------------------------+------+-------------------+-------
> > --------------------------------------------------------------------------
> > -------+> 
> > | id                                   | name | mac_address       |
> > 
> > fixed_ips
> > 
> > 
> > 
> > +--------------------------------------+------+-------------------+-------
> > --------------------------------------------------------------------------
> > -------+> 
> > | 6f835de4-c15b-44b8-9002-160ff4870643 |      | fa:16:3e:85:dc:ee |
> > 
> > {"subnet_id": "0189699c-8ffc-44cb-aebc-054c8d6001ee", "ip_address":
> > "192.168.122.193"} |
> > 
> > | be3c4294-5f16-45b6-8c21-44b35247d102 |      | fa:16:3e:72:ae:da |
> > 
> > {"subnet_id": "d01a6522-063d-40ba-b4dc-5843177aab51", "ip_address":
> > "10.10.0.1"}       |
> > 
> > 
> > +--------------------------------------+------+-------------------+-------
> > --------------------------------------------------------------------------
> > -------+
> > 
> > *neutron floatingip-list*
> > 
> > 
> > +--------------------------------------+------------------+---------------
> > ------+--------------------------------------+> 
> > | id                                   | fixed_ip_address |
> > 
> > floating_ip_address | port_id                              |
> > 
> > 
> > +--------------------------------------+------------------+---------------
> > ------+--------------------------------------+> 
> > | 55b00e9c-5b79-4553-956b-e342ae0a430a | 10.10.0.9        |
> > 
> > 192.168.122.194     | 82bcbb91-827a-41aa-9dd9-cb7a4f8e7166 |
> > 
> > 
> > +--------------------------------------+------------------+---------------
> > ------+--------------------------------------+
> > 
> > *neutron net-list*
> > 
> > 
> > +--------------------------------------+----------+-----------------------
> > --------------------------------+> 
> > | id                                   | name     | subnets
> > 
> > +--------------------------------------+----------+-----------------------
> > --------------------------------+> 
> > | dabc2c18-da64-467b-a2ba-373e460444a7 | demo-net |
> > 
> > d01a6522-063d-40ba-b4dc-5843177aab51 10.10.0.0/24     |
> > 
> > | ceaaf189-5b6f-4215-8686-fbdeae87c12d | ext-net  |
> > 
> > 0189699c-8ffc-44cb-aebc-054c8d6001ee 192.168.122.0/24 |
> > 
> > 
> > +--------------------------------------+----------+-----------------------
> > --------------------------------+
> > 
> > 
> > *neutron subnet-list*
> > 
> > 
> > +--------------------------------------+-------------+------------------+-
> > -------------------------------------------------------+> 
> > | id                                   | name        | cidr             |
> > 
> > allocation_pools                                       |
> > 
> > 
> > +--------------------------------------+-------------+------------------+-
> > -------------------------------------------------------+> 
> > | d01a6522-063d-40ba-b4dc-5843177aab51 | demo-subnet | 10.10.0.0/24     |
> > 
> > {"start": "10.10.0.2", "end": "10.10.0.254"}           |
> > 
> > | 0189699c-8ffc-44cb-aebc-054c8d6001ee | ext-subnet  | 192.168.122.0/24 |
> > 
> > {"start": "192.168.122.193", "end": "192.168.122.222"} |
> > 
> > 
> > +--------------------------------------+-------------+------------------+-
> > -------------------------------------------------------+
> > 
> > 
> > P.S: External subnet is 192.168.122.0/24 and internal vm instance's
> > subnet is 10.10.0.0/24
> > 
> > 
> > Thanks
> > 
> > Paras.
> > 
> > On Mon, Oct 27, 2014 at 5:51 PM, George Shuklin <george.shuklin at gmail.com>
> > 
> > wrote:
> >> I don't like this:
> >> 
> >> 15: qg-d351f21a-08: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
> >> UNKNOWN group default
> >> 
> >>     inet 192.168.122.193/24 brd 192.168.122.255 scope global
> >> 
> >> qg-d351f21a-08
> >> 
> >>        valid_lft forever preferred_lft forever
> >>     
> >>     inet 192.168.122.194/32 brd 192.168.122.194 scope global
> >> 
> >> qg-d351f21a-08
> >> 
> >>        valid_lft forever preferred_lft forever
> >> 
> >> Why you got two IPs on same interface with different netmasks?
> >> 
> >> I just rechecked it on our installations - it should not be happens.
> >> 
> >> Next: or this is a bug, or this is uncleaned network node (lesser bug),
> >> or someone messing with neutron.
> >> 
> >> Starts from neutron:
> >> 
> >> show ports for router:
> >> 
> >> neutron port-list --device-id=router-uuid-here
> >> neutron floatingips-list
> >> neutron net-list
> >> neutron subnet-list
> >> (trim to related only)
> >> 
> >> (and please mark again who is 'internet' and who is 'internal' ips, i'm
> >> kinda loosing in '192.168.*'.
> >> 
> >> 
> >> 
> >> On 10/27/2014 04:47 PM, Paras pradhan wrote:
> >> 
> >> *Yes it got its ip which is 192.168.122.194 in the paste below.*
> >> 
> >>  --
> >>  
> >>  root at juno2:~# ip netns exec
> >> 
> >> qrouter-34f3b828-b7b8-4f44-b430-14d9c5bd0d0c ip -4 a
> >> 
> >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> >> default
> >> 
> >>     inet 127.0.0.1/8 scope host lo
> >>     
> >>        valid_lft forever preferred_lft forever
> >> 
> >> 14: qr-ac50d700-29: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
> >> UNKNOWN group default
> >> 
> >>     inet 50.50.50.1/24 brd 50.50.50.255 scope global qr-ac50d700-29
> >>     
> >>        valid_lft forever preferred_lft forever
> >> 
> >> 15: qg-d351f21a-08: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
> >> UNKNOWN group default
> >> 
> >>     inet 192.168.122.193/24 brd 192.168.122.255 scope global
> >> 
> >> qg-d351f21a-08
> >> 
> >>        valid_lft forever preferred_lft forever
> >>     
> >>     inet 192.168.122.194/32 brd 192.168.122.194 scope global
> >> 
> >> qg-d351f21a-08
> >> 
> >>        valid_lft forever preferred_lft forever
> >> 
> >> ---
> >> 
> >> 
> >> *stdbuf -e0 -o0 ip net exec qrouter... /bin/bash give me the following *
> >> 
> >>  --
> >>  
> >>  
> >>  root at juno2:~# ifconfig
> >> 
> >> lo        Link encap:Local Loopback
> >> 
> >>           inet addr:127.0.0.1  Mask:255.0.0.0
> >>           
> >>           inet6 addr: ::1/128 Scope:Host
> >>           
> >>           UP LOOPBACK RUNNING  MTU:65536  Metric:1
> >>           
> >>           RX packets:2 errors:0 dropped:0 overruns:0 frame:0
> >>           
> >>           TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
> >>           
> >>           collisions:0 txqueuelen:0
> >>           
> >>           RX bytes:168 (168.0 B)  TX bytes:168 (168.0 B)
> >>  
> >>  qg-d351f21a-08 Link encap:Ethernet  HWaddr fa:16:3e:79:0f:a2
> >>  
> >>           inet addr:192.168.122.193  Bcast:192.168.122.255
> >> 
> >> Mask:255.255.255.0
> >> 
> >>           inet6 addr: fe80::f816:3eff:fe79:fa2/64 Scope:Link
> >>           
> >>           UP BROADCAST RUNNING  MTU:1500  Metric:1
> >>           
> >>           RX packets:2673 errors:0 dropped:0 overruns:0 frame:0
> >>           
> >>           TX packets:112 errors:0 dropped:0 overruns:0 carrier:0
> >>           
> >>           collisions:0 txqueuelen:0
> >>           
> >>           RX bytes:205377 (205.3 KB)  TX bytes:6537 (6.5 KB)
> >>  
> >>  qr-ac50d700-29 Link encap:Ethernet  HWaddr fa:16:3e:7e:6d:f3
> >>  
> >>           inet addr:50.50.50.1  Bcast:50.50.50.255  Mask:255.255.255.0
> >>           
> >>           inet6 addr: fe80::f816:3eff:fe7e:6df3/64 Scope:Link
> >>           
> >>           UP BROADCAST RUNNING  MTU:1500  Metric:1
> >>           
> >>           RX packets:345 errors:0 dropped:0 overruns:0 frame:0
> >>           
> >>           TX packets:1719 errors:0 dropped:0 overruns:0 carrier:0
> >>           
> >>           collisions:0 txqueuelen:0
> >>           
> >>            RX bytes:27377 (27.3 KB)  TX bytes:164541 (164.5 KB)
> >> 
> >> --
> >> 
> >>  Thanks
> >> 
> >> Paras.
> >> 
> >> 
> >> 
> >> On Sat, Oct 25, 2014 at 3:18 AM, George Shuklin <george.shuklin at gmail.com
> >> 
> >> > wrote:
> >>>  Check out if qrouter got floating inside network namespace  (ip net
> >>> 
> >>> exec qrouter... ip -4 a), or just bash in to it (stdbuf -e0 -o0 ip net
> >>> exec
> >>> qrouter... /bin/bash) and play with it like with normal server.
> >>> 
> >>> On 10/24/2014 07:38 PM, Paras pradhan wrote:
> >>>  Hello,
> >>>  
> >>>  Assigned a floating ip to an instance. But I can't ping the instance.
> >>> 
> >>> This instance can reach internet with no problem. But I can't ssh or
> >>> icmp
> >>> to this instance. Its not a security group issue.
> >>> 
> >>>  On my network node that runs l3, I can see qrouter. The extenel subnet
> >>> 
> >>> looks like this:
> >>>  allocation-pool start=192.168.122.193,end=192.168.122.222
> >>> 
> >>> --disable-dhcp --gateway 192.168.122.1 192.168.122.0/24
> >>> 
> >>> I can ping 192.168.122.193 using: ip netns exec
> >>> qrouter-34f3b828-b7b8-4f44-b430-14d9c5bd0d0c ping 192.168.122.193
> >>> 
> >>> but not 192.168.122.194 (which is the floating ip)
> >>> 
> >>> Doing tcp dump on the interace that connects to the external world, I
> >>> 
> >>> can see ICMP request but not reply from the interface :
> >>>  11:36:40.360255 IP 192.168.122.1 > 192.168.122.194: ICMP echo request,
> >>> 
> >>> id 2589, seq 312, length 64
> >>> 
> >>>  11:36:41.360222 IP 192.168.122.1 > 192.168.122.194: ICMP echo request,
> >>> 
> >>> id 2589, seq 313, length 64
> >>> 
> >>>  Ideas?
> >>> 
> >>> Thanks
> >>> 
> >>> Paras.
> >>> 
> >>>  _______________________________________________
> >>> 
> >>> OpenStack-operators mailing
> >>> listOpenStack-operators at lists.openstack.orghttp://lists.openstack.org/c
> >>> gi-bin/mailman/listinfo/openstack-operators
> >>> 
> >>> 
> >>> 
> >>> _______________________________________________
> >>> OpenStack-operators mailing list
> >>> OpenStack-operators at lists.openstack.org
> >>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators




More information about the OpenStack-operators mailing list