[Openstack] Network Routing issues.
Kieran David Evans
keyz182 at gmail.com
Fri May 11 16:27:02 UTC 2012
On 11/05/12 17:24, Kieran David Evans wrote:
> Hi all,
>
> I'm having a few issues with my install here. My instances can't
> access anything outside the cloud, and adding the correct rules to the
> security group and assigning a public IP, the instance isn't
> accessible from the outside world. I've had openstack running on this
> hardware before using the Stackops Distro, but I've intalled Ubuntu
> 12.04 and Essex to test it out as Stackops aren't on essex yet.
>
> I've included the relevant (I think) info below. I'm not sure
> where/what to check next, I'm not so good with network debugging
> unfortunately.
>
> Could someone help, advise, or just generally point me in the right
> direction?
>
> Thanks!
>
> /Kieran
>
> I have it set to use FlatDHCP:
> # network specific settings
> --network_manager=nova.network.manager.FlatDHCPManager
> --public_interface=bond0
> --flat_interface=eth2
> --flat_network_bridge=br100
> --fixed_range=10.0.0.0/8
> --floating_range=131.251.172.0/24
> --network_size=256
> --flat_network_dhcp_start=10.0.0.2
> --flat_injected=False
> --force_dhcp_release
> --iscsi_helper=tgtadm
> --connection_type=libvirt
> --root_helper=sudo nova-rootwrap
> --verbose
>
> bond0 is a bonded interface on a public network. I can access the
> Internet through that interface. eth2 is on a network connected to the
> other hosts, each of which has eth2 connected to this network.
>
> brctl shows eth2 is part of br100.
>
> nova-network:
> brctl show
> bridge name bridge id STP enabled interfaces
> br100 8000.001b21cda0d1 no eth2
>
>
> nova-compute-1 (with the instance on it):
> brctl show
> bridge name bridge id STP enabled interfaces
> br100 8000.001b21add0a1 no eth2
> vnet0
> virbr0 8000.000000000000 yes
>
>
> I checked through this (
> http://docs.openstack.org/trunk/openstack-compute/admin/content/associating-public-ip.html)
> and everything looks correct (I think).
>
> nova secgroup-list-rules default
> +-------------+-----------+---------+-----------+--------------+
> | IP Protocol | From Port | To Port | IP Range | Source Group |
> +-------------+-----------+---------+-----------+--------------+
> | icmp | -1 | -1 | 0.0.0.0/0 | |
> | tcp | 22 | 22 | 0.0.0.0/0 | |
> +-------------+-----------+---------+-----------+--------------+
>
>
> The instance IP is 10.0.0.2, so (public IPs hidded):
>
> sudo iptables -L -nv -t nat | grep 10.0.0.2
> 0 0 DNAT all -- * * 0.0.0.0/0
> x.y.172.22 to:10.0.0.2
> 20 1656 DNAT all -- * * 0.0.0.0/0
> x.y.172.22 to:10.0.0.2
> 0 0 SNAT all -- * * 10.0.0.2
> 0.0.0.0/0 to:x.y.172.22
>
>
> from ip add:
>
> ....
> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master
> br100 state UP qlen 1000
> link/ether 00:1b:21:cd:a0:d1 brd ff:ff:ff:ff:ff:ff
> inet6 fe80::21b:21ff:fecd:a0d1/64 scope link
> valid_lft forever preferred_lft forever
> ....
> ....
> 16: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
> noqueue state UP
> link/ether 00:1b:21:6d:ef:00 brd ff:ff:ff:ff:ff:ff
> inet x.y.172.2/24 brd 131.251.172.255 scope global bond0
> inet x.y.172.22/32 scope global bond0
> inet6 fe80::21b:21ff:fe6d:ef00/64 scope link
> valid_lft forever preferred_lft forever
> 17: br100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP
> link/ether 00:1b:21:cd:a0:d1 brd ff:ff:ff:ff:ff:ff
> inet 10.0.0.1/24 brd 10.0.0.255 scope global br100
> inet6 fe80::1c2b:8bff:fe38:2003/64 scope link
> valid_lft forever preferred_lft forever
>
Seems I failed at both spelling, and hiding out public ip addresses
there. D'oh!
/Kieran
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120511/a5ff196b/attachment.html>
More information about the Openstack
mailing list