[Openstack-operators] [neutron] Interesting networking issue - need help
Dan Sneddon
dsneddon at redhat.com
Thu Mar 31 18:00:43 UTC 2016
On 03/31/2016 10:36 AM, Christopher Hull wrote:
> Hi all;
> Was originally DNS issue, but that was a downstream symptom.
>
> Instances on Private net can't access internet TCP, but CAN ICMP. ping all.
> Details:
> 1. Instances on Public net work perfectly.
> 2. Instances on Private net can fully access Public net instances, both
> virtual and physical boxes.
> ssh from Private to Public instance works.
> http to OpenStack dashboard (physical box) from Private instance works.
> 3. Private instances can ping everything, including the internet.
> 4. Private instances can NOT TCP to my ATT gateway. (public net)
> HTTP to ATT gateway which has a web interface fails.
> Same is true for internet. Ping, but no TCP (UDP?)
> 5. Floating IPs work. I think the Neutron Router is fine.
>
> Any ideas??
> -Chris
>
>
>
>
>
>
>
> - Christopher T. Hull
> I am presently seeking a new career opportunity Please see career page
> http://chrishull.com/career
> 333 Orchard Ave, Sunnyvale CA. 94085
> (415) 385 4865
> chrishull42 at gmail.com <mailto:chrishull42 at gmail.com>
> http://chrishull.com
>
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
When ICMP works but TCP doesn't, that is often a sign of an MTU problem.
Especially if you are running VXLAN, you need room for the tunnel
headers. If your MTU is 1500 on the wire, then the VM MTU must be 1450
or smaller to make room for the VXLAN headers. Check
/etc/neutron/dnsmasq-neutron.conf, and make sure this option is set to
at least 50 bytes less than your physical MTU:
/etc/neutron/dnsmasq-neutron.conf:
dhcp-option-force=26,1400
--
Dan Sneddon | Principal OpenStack Engineer
dsneddon at redhat.com | redhat.com/openstack
650.254.4025 | dsneddon:irc @dxs:twitter
More information about the OpenStack-operators
mailing list