Open Stack

Hey guys,

Ignore this q. I didn't really have my head around how Openstack works and
I think I get it now.

Thanks for all your help.

 -- joe.



On 12 November 2012 10:12, Joe Warren-Meeks <joe.warren.meeks at gmail.com>wrote:

> Hi Vish et al.
>
> I still can't make head nor tail of it. ICMP works in both directions
> fine, but when I try to ssh out from the VM (even with the dmz_cidr flags)
> the SYN gets through un-snatted ok, then my desktop SYN-ACKs back, but the
> virt never gets to see it. Instead, the snat layer sends a RST.
>
> I don't want any NAT at all. I just want the virts bridged on to the VLAN.
> Is there a way to do that?
>
> Kind regards
>
>  -- joe.
>
>
>
> On 9 November 2012 19:56, Vishvananda Ishaya <vishvananda at gmail.com>wrote:
>
>> What is the ip address of your workstation? You may be running into
>> something similar to this issue:
>>
>>
>> http://lists.openstack.org/pipermail/openstack-dev/2012-September/001212.html
>>
>> I suspect either:
>>
>> a) Traffic not getting snatted when it should. This is usually due to
>> overlapping ranges between your internal network and fixed_range
>>
>> this would be fixed by limiting fixed_range in your config file to just
>> the instances range: (fixed_range=10.0.41.0/24 ?)
>>
>> or
>>
>> b) Traffic getting snatted when it shouldn't. This is usually because
>> your workstation ip is on an ip that is internally routable but not
>> routable from the external network of the compute host, so it can't get
>> back to the snatted ip
>>
>> this is fixed by stopping snatting to the workstation by setting dmz_cidr
>> to a value that includes your workstation network: (dmz_cidr=10.0.0.0/24?)
>>
>> Vish
>>
>> On Nov 9, 2012, at 9:14 AM, Joe Warren-Meeks <joe.warren.meeks at gmail.com>
>> wrote:
>>
>> Hi all,
>>
>> I've managed to get Openstack pretty much up and running as I wanted it.
>> I do have, however, a rather strange networking issue.
>>
>> I created the network with
>> nova-manage network create --fixed_range_v4=10.0.41.0/24--num_networks=1 --bridge=br41 --bridge_interface=eth0 --label=development
>> --gateway=10.0.41.1 --dns1=10.0.0.2 --vlan=41 --project_id=XXXXXXX
>>
>> And i can boot instances fine. I've configured the default security group
>> to allow port 22, 80 and ICMP -1 in and I can ping from my work station to
>> the virtual instance ok:
>>
>> joe at kaneda:~$ ping 10.0.41.3
>> PING 10.0.41.3 (10.0.41.3) 56(84) bytes of data.
>> 64 bytes from 10.0.41.3: icmp_req=1 ttl=63 time=1.18 ms
>>
>> And i can ping from the virt back too:
>> ubuntu at test:~$ ping 10.0.0.240
>> PING 10.0.0.240 (10.0.0.240) 56(84) bytes of data.
>> 64 bytes from 10.0.0.240: icmp_req=1 ttl=64 time=0.713 ms
>>
>>
>> I can SSH out from the virt to a host in the outside world fine:
>> ubuntu at test:~$ ssh joe at XXXXX
>> joe at XXXXXX password:
>> -bash: fortune: command not found
>> joe at dixon:~ $
>>
>> BUT I can't ssh from the virt to my workstation, nor from my workstation
>> to the Virt. Neither does http work.
>>
>> What I am seeing in Tcpdump is a lot of incorrect cksums. This happens
>> with all Tcp connections.
>>
>> 17:12:38.539784 IP (tos 0x0, ttl 64, id 53611, offset 0, flags [DF],
>> proto TCP (6), length 60)
>>     10.0.0.240.56791 > 10.0.41.3.22: Flags [S], cksum 0x3e21 (incorrect
>> -> 0x6de2), seq 2650163743, win 14600, options [mss 1460,sackOK,TS val
>> 28089204 ecr 0,nop,wscale 6], length 0
>>
>>
>> 17:12:38.585279 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto
>> TCP (6), length 60)
>>     10.0.41.3.22 > 10.0.0.240.56791: Flags [S.], cksum 0x3e21 (incorrect
>> -> 0xe5c5), seq 1530502549, ack 3098447117, win 14480, options [mss
>> 1460,sackOK,TS val 340493 ecr 28089204,nop,wscale 3], length 0
>>
>> Anyone come across this before?
>>
>>  -- joe.
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to     : openstack at lists.launchpad.net
>> Unsubscribe : https://launchpad.net/~openstack
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20121112/ce369fa1/attachment.html>