[Openstack-operators] floatin ip issue
George Shuklin
george.shuklin at gmail.com
Fri Oct 31 11:20:01 UTC 2014
I was wrong, sorry. Floatings assigned as /32 on external interface
inside network namespace. The signle idea I have now - is try to remove
all iptables with NAT (it's destructive up to moment of network node
reboot or router delete/create), and check out if address will reply to
ping.
If 'yes' - means problems in routing/nat
If 'no' - means problem are outside openstack router (external net,
provider routing, etc).
On 10/29/2014 06:23 PM, Paras pradhan wrote:
> Hi George,
>
>
> You mean .193 and .194 should be in the different subnets?
> 192.168.122.193/24 <http://192.168.122.193/24> reserved from the
> allocation pool and 192.168.122.194/32 <http://192.168.122.194/32> is
> the floating ip.
>
> Here are the outputs for the commands
>
> *neutron port-list --device-id=8725dd16-8831-4a09-ae98-6c5342ea501f
> *
>
> +--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+
>
> | id | name | mac_address |
> fixed_ips |
>
> +--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+
>
> | 6f835de4-c15b-44b8-9002-160ff4870643 | | fa:16:3e:85:dc:ee |
> {"subnet_id": "0189699c-8ffc-44cb-aebc-054c8d6001ee", "ip_address":
> "192.168.122.193"} |
>
> | be3c4294-5f16-45b6-8c21-44b35247d102 | | fa:16:3e:72:ae:da |
> {"subnet_id": "d01a6522-063d-40ba-b4dc-5843177aab51", "ip_address":
> "10.10.0.1"} |
>
> +--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+
>
>
> *neutron floatingip-list*
>
> +--------------------------------------+------------------+---------------------+--------------------------------------+
>
> | id | fixed_ip_address |
> floating_ip_address | port_id |
>
> +--------------------------------------+------------------+---------------------+--------------------------------------+
>
> | 55b00e9c-5b79-4553-956b-e342ae0a430a | 10.10.0.9 |
> 192.168.122.194 | 82bcbb91-827a-41aa-9dd9-cb7a4f8e7166 |
>
> +--------------------------------------+------------------+---------------------+--------------------------------------+
>
>
> *neutron net-list*
>
> +--------------------------------------+----------+-------------------------------------------------------+
>
> | id | name | subnets
> |
>
> +--------------------------------------+----------+-------------------------------------------------------+
>
> | dabc2c18-da64-467b-a2ba-373e460444a7 | demo-net |
> d01a6522-063d-40ba-b4dc-5843177aab51 10.10.0.0/24
> <http://10.10.0.0/24> |
>
> | ceaaf189-5b6f-4215-8686-fbdeae87c12d | ext-net |
> 0189699c-8ffc-44cb-aebc-054c8d6001ee 192.168.122.0/24
> <http://192.168.122.0/24> |
>
> +--------------------------------------+----------+-------------------------------------------------------+
>
>
> *neutron subnet-list*
>
> +--------------------------------------+-------------+------------------+--------------------------------------------------------+
>
> | id | name | cidr |
> allocation_pools |
>
> +--------------------------------------+-------------+------------------+--------------------------------------------------------+
>
> | d01a6522-063d-40ba-b4dc-5843177aab51 | demo-subnet | 10.10.0.0/24
> <http://10.10.0.0/24> | {"start": "10.10.0.2", "end":
> "10.10.0.254"} |
>
> | 0189699c-8ffc-44cb-aebc-054c8d6001ee | ext-subnet |
> 192.168.122.0/24 <http://192.168.122.0/24> | {"start":
> "192.168.122.193", "end": "192.168.122.222"} |
>
> +--------------------------------------+-------------+------------------+--------------------------------------------------------+
>
>
> P.S: External subnet is 192.168.122.0/24 <http://192.168.122.0/24> and
> internal vm instance's subnet is 10.10.0.0/24 <http://10.10.0.0/24>
>
>
> Thanks
>
> Paras.
>
>
> On Mon, Oct 27, 2014 at 5:51 PM, George Shuklin
> <george.shuklin at gmail.com <mailto:george.shuklin at gmail.com>> wrote:
>
>
> I don't like this:
>
> 15: qg-d351f21a-08: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UNKNOWN group default
> inet 192.168.122.193/24 <http://192.168.122.193/24> brd
> 192.168.122.255 scope global qg-d351f21a-08
> valid_lft forever preferred_lft forever
> inet 192.168.122.194/32 <http://192.168.122.194/32> brd
> 192.168.122.194 scope global qg-d351f21a-08
> valid_lft forever preferred_lft forever
>
> Why you got two IPs on same interface with different netmasks?
>
> I just rechecked it on our installations - it should not be happens.
>
> Next: or this is a bug, or this is uncleaned network node (lesser
> bug), or someone messing with neutron.
>
> Starts from neutron:
>
> show ports for router:
>
> neutron port-list --device-id=router-uuid-here
> neutron floatingips-list
> neutron net-list
> neutron subnet-list
> (trim to related only)
>
> (and please mark again who is 'internet' and who is 'internal'
> ips, i'm kinda loosing in '192.168.*'.
>
>
>
> On 10/27/2014 04:47 PM, Paras pradhan wrote:
>> *Yes it got its ip which is 192.168.122.194 in the paste below.*
>>
>> --
>>
>> root at juno2:~# ip netns exec
>> qrouter-34f3b828-b7b8-4f44-b430-14d9c5bd0d0c ip -4 a
>>
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
>> UNKNOWN group default
>>
>> inet 127.0.0.1/8 <http://127.0.0.1/8> scope host lo
>>
>> valid_lft forever preferred_lft forever
>>
>> 14: qr-ac50d700-29: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc
>> noqueue state UNKNOWN group default
>>
>> inet 50.50.50.1/24 <http://50.50.50.1/24> brd 50.50.50.255
>> scope global qr-ac50d700-29
>>
>> valid_lft forever preferred_lft forever
>>
>> 15: qg-d351f21a-08: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc
>> noqueue state UNKNOWN group default
>>
>> inet 192.168.122.193/24 <http://192.168.122.193/24> brd
>> 192.168.122.255 scope global qg-d351f21a-08
>>
>> valid_lft forever preferred_lft forever
>>
>> inet 192.168.122.194/32 <http://192.168.122.194/32> brd
>> 192.168.122.194 scope global qg-d351f21a-08
>>
>> valid_lft forever preferred_lft forever
>>
>> ---
>>
>> *stdbuf -e0 -o0 ip net exec qrouter... /bin/bash give me the
>> following
>> *
>>
>>
>> --
>>
>>
>> root at juno2:~# ifconfig
>>
>> lo Link encap:Local Loopback
>>
>> inet addr:127.0.0.1 Mask:255.0.0.0
>>
>> inet6 addr: ::1/128 Scope:Host
>>
>> UP LOOPBACK RUNNING MTU:65536 Metric:1
>>
>> RX packets:2 errors:0 dropped:0 overruns:0 frame:0
>>
>> TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
>>
>> collisions:0 txqueuelen:0
>>
>> RX bytes:168 (168.0 B) TX bytes:168 (168.0 B)
>>
>>
>> qg-d351f21a-08 Link encap:Ethernet HWaddr fa:16:3e:79:0f:a2
>>
>> inet addr:192.168.122.193 Bcast:192.168.122.255
>> Mask:255.255.255.0
>>
>> inet6 addr: fe80::f816:3eff:fe79:fa2/64 Scope:Link
>>
>> UP BROADCAST RUNNING MTU:1500 Metric:1
>>
>> RX packets:2673 errors:0 dropped:0 overruns:0 frame:0
>>
>> TX packets:112 errors:0 dropped:0 overruns:0 carrier:0
>>
>> collisions:0 txqueuelen:0
>>
>> RX bytes:205377 (205.3 KB) TX bytes:6537 (6.5 KB)
>>
>>
>> qr-ac50d700-29 Link encap:Ethernet HWaddr fa:16:3e:7e:6d:f3
>>
>> inet addr:50.50.50.1 Bcast:50.50.50.255 Mask:255.255.255.0
>>
>> inet6 addr: fe80::f816:3eff:fe7e:6df3/64 Scope:Link
>>
>> UP BROADCAST RUNNING MTU:1500 Metric:1
>>
>> RX packets:345 errors:0 dropped:0 overruns:0 frame:0
>>
>> TX packets:1719 errors:0 dropped:0 overruns:0 carrier:0
>>
>> collisions:0 txqueuelen:0
>>
>> RX bytes:27377 (27.3 KB) TX bytes:164541 (164.5 KB)
>>
>> --
>>
>>
>> Thanks
>>
>> Paras.
>>
>>
>>
>> On Sat, Oct 25, 2014 at 3:18 AM, George Shuklin
>> <george.shuklin at gmail.com <mailto:george.shuklin at gmail.com>> wrote:
>>
>> Check out if qrouter got floating inside network namespace
>> (ip net exec qrouter... ip -4 a), or just bash in to it
>> (stdbuf -e0 -o0 ip net exec qrouter... /bin/bash) and play
>> with it like with normal server.
>>
>>
>>
>> On 10/24/2014 07:38 PM, Paras pradhan wrote:
>>> Hello,
>>>
>>> Assigned a floating ip to an instance. But I can't ping the
>>> instance. This instance can reach internet with no problem.
>>> But I can't ssh or icmp to this instance. Its not a security
>>> group issue.
>>>
>>> On my network node that runs l3, I can see qrouter. The
>>> extenel subnet looks like this:
>>>
>>> allocation-pool start=192.168.122.193,end=192.168.122.222
>>> --disable-dhcp --gateway 192.168.122.1 192.168.122.0/24
>>> <http://192.168.122.0/24>
>>>
>>> I can ping 192.168.122.193 using: ip netns exec
>>> qrouter-34f3b828-b7b8-4f44-b430-14d9c5bd0d0c ping
>>> 192.168.122.193
>>>
>>> but not 192.168.122.194 (which is the floating ip)
>>>
>>> Doing tcp dump on the interace that connects to the external
>>> world, I can see ICMP request but not reply from the interface :
>>>
>>>
>>> 11:36:40.360255 IP 192.168.122.1 > 192.168.122.194
>>> <http://192.168.122.194>: ICMP echo request, id 2589, seq
>>> 312, length 64
>>>
>>> 11:36:41.360222 IP 192.168.122.1 > 192.168.122.194
>>> <http://192.168.122.194>: ICMP echo request, id 2589, seq
>>> 313, length 64
>>>
>>>
>>> Ideas?
>>>
>>> Thanks
>>>
>>> Paras.
>>>
>>>
>>>
>>> _______________________________________________
>>> OpenStack-operators mailing list
>>> OpenStack-operators at lists.openstack.org <mailto:OpenStack-operators at lists.openstack.org>
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> <mailto:OpenStack-operators at lists.openstack.org>
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20141031/560183bb/attachment.html>
More information about the OpenStack-operators
mailing list