[Openstack] Need Help
Umar Draz
unix.co at gmail.com
Mon Jan 7 20:14:16 UTC 2013
I did this on compute
root at compute1:~# echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
and the result from vm
root at vm:~# ping 192.168.1.134
PING 192.168.1.134 (192.168.1.134) 56(84) bytes of data.
>From 10.0.0.2 icmp_seq=1 Destination Host Unreachable
>From 10.0.0.2 icmp_seq=2 Destination Host Unreachable
>From 10.0.0.2 icmp_seq=3 Destination Host Unreachable
>From 10.0.0.2 icmp_seq=4 Destination Host Unreachable
>From 10.0.0.2 icmp_seq=5 Destination Host Unreachable
>From 10.0.0.2 icmp_seq=6 Destination Host Unreachable
>From 10.0.0.2 icmp_seq=7 Destination Host Unreachable
>From 10.0.0.2 icmp_seq=8 Destination Host Unreachable
>From 10.0.0.2 icmp_seq=9 Destination Host Unreachable
>From 10.0.0.2 icmp_seq=10 Destination Host Unreachable
>From 10.0.0.2 icmp_seq=11 Destination Host Unreachable
>From 10.0.0.2 icmp_seq=12 Destination Host Unreachable
>From 10.0.0.2 icmp_seq=13 Destination Host Unreachable
>From 10.0.0.2 icmp_seq=14 Destination Host Unreachable
>From 10.0.0.2 icmp_seq=15 Destination Host Unreachable
Best Regards,
Umar
On Tue, Jan 8, 2013 at 1:02 AM, Stefano Zanella
<zanella.stefano at gmail.com>wrote:
> Can you try to set rp_filter to 0? I needed to disable it today, otherwise
> I was facing problem similar to yours.
> Try to ping with rp_filter disabled, let's see if we can resolve the
> problem that way.
> Regards,
> Stefano
>
>
> On Mon, Jan 7, 2013 at 8:57 PM, Umar Draz <unix.co at gmail.com> wrote:
>
>> Hi
>>
>> Here is the result
>>
>> root at compute1:~# cat /proc/sys/net/ipv4/ip_forward
>> 1
>>
>> root at compute1:~# cat /proc/sys/net/ipv4/conf/default/rp_filter
>> 1
>>
>> root at compute1:~# nova secgroup-list-rules default
>> +-------------+-----------+---------+-----------+--------------+
>> | IP Protocol | From Port | To Port | IP Range | Source Group |
>> +-------------+-----------+---------+-----------+--------------+
>> | icmp | -1 | -1 | 0.0.0.0/0 | |
>> | tcp | 22 | 22 | 0.0.0.0/0 | |
>> | tcp | 80 | 80 | 0.0.0.0/0 | |
>> | tcp | 443 | 443 | 0.0.0.0/0 | |
>> | tcp | 16667 | 16667 | 0.0.0.0/0 | |
>> +-------------+-----------+---------+-----------+--------------+
>>
>> Best Regards,
>>
>> Umar
>> On Tue, Jan 8, 2013 at 12:52 AM, Stefano Zanella <
>> zanella.stefano at gmail.com> wrote:
>>
>>> Routing and IP setup looks ok. What's the output of
>>> cat /proc/sys/net/ipv4/ip_forward
>>> and
>>> cat /proc/sys/net/ipv4/conf/default/rp_filter
>>>
>>> Also, did you setup security groups correctly? What's the output of
>>> nova secgroup-list-rules default
>>>
>>> You should have setup at least a rule for allowing icmp traffic.
>>> Thanks,
>>> Stefano
>>>
>>>
>>> On Mon, Jan 7, 2013 at 8:39 PM, Umar Draz <unix.co at gmail.com> wrote:
>>>
>>>> Hi
>>>>
>>>> Here is the result
>>>>
>>>> Compute node
>>>> ------------
>>>>
>>>> *brctl show*
>>>>
>>>> bridge name bridge id STP enabled interfaces
>>>> br100 8000.002590976edb no eth1
>>>> vnet0
>>>> *ip addr list*
>>>>
>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>>>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>>> inet 127.0.0.1/8 scope host lo
>>>> inet 169.254.169.254/32 scope link lo
>>>> inet6 ::1/128 scope host
>>>> valid_lft forever preferred_lft forever
>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
>>>> qlen 1000
>>>> link/ether 00:25:90:97:6e:da brd ff:ff:ff:ff:ff:ff
>>>> inet 69.155.84.133/25 brd 85.195.84.255 scope global eth0
>>>> inet 69.155.84.142/32 scope global eth0
>>>> inet6 fe80::225:90ff:fe97:6eda/64 scope link
>>>> valid_lft forever preferred_lft forever
>>>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master
>>>> br100 state UP qlen 1000
>>>> link/ether 00:25:90:97:6e:db brd ff:ff:ff:ff:ff:ff
>>>> 4: br100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>>>> state UP
>>>> link/ether 00:25:90:97:6e:db brd ff:ff:ff:ff:ff:ff
>>>> inet 10.0.0.3/24 brd 10.0.0.255 scope global br100
>>>> inet 192.168.1.133/24 brd 192.168.1.255 scope global br100
>>>> inet6 fe80::225:90ff:fe97:6edb/64 scope link
>>>> valid_lft forever preferred_lft forever
>>>> 9: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>>>> master br100 state UNKNOWN qlen 500
>>>> link/ether fe:16:3e:41:0c:2a brd ff:ff:ff:ff:ff:ff
>>>> inet6 fe80::fc16:3eff:fe41:c2a/64 scope link
>>>> valid_lft forever preferred_lft forever
>>>>
>>>> *route -n*
>>>>
>>>> Kernel IP routing table
>>>> Destination Gateway Genmask Flags Metric Ref Use
>>>> Iface
>>>> 0.0.0.0 69.155.84.129 0.0.0.0 UG 0 0 0
>>>> eth0
>>>> 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0
>>>> br100
>>>> 69.155.84.128 0.0.0.0 255.255.255.128 U 0 0 0
>>>> eth1
>>>> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
>>>> br100
>>>>
>>>> *virtual machine
>>>> ----------------------
>>>> *
>>>> *ip addr list*
>>>>
>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>>>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>>> inet 127.0.0.1/8 scope host lo
>>>> inet6 ::1/128 scope host
>>>> valid_lft forever preferred_lft forever
>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>>>> state UP qlen 1000
>>>> link/ether fa:16:3e:41:0c:2a brd ff:ff:ff:ff:ff:ff
>>>> inet 10.0.0.2/24 brd 10.0.0.255 scope global eth0
>>>> inet6 fe80::f816:3eff:fe41:c2a/64 scope link tentative dadfailed
>>>> valid_lft forever preferred_lft forever
>>>>
>>>> *route -n*
>>>>
>>>> Kernel IP routing table
>>>> Destination Gateway Genmask Flags Metric Ref Use
>>>> Iface
>>>> 0.0.0.0 10.0.0.3 0.0.0.0 UG 100 0 0
>>>> eth0
>>>> 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0
>>>> eth0
>>>>
>>>> Best Regards,
>>>>
>>>> Umar
>>>>
>>>> On Tue, Jan 8, 2013 at 12:24 AM, Stefano Zanella <
>>>> zanella.stefano at gmail.com> wrote:
>>>>
>>>>> Can you please post the output of "ip addr list", "route -n" and
>>>>> "brctl show" on compute node and virtual machine? More than a firewall
>>>>> issue, it seems a routing issue to me.
>>>>> Thanks,
>>>>> Stefano
>>>>>
>>>>>
>>>>> On Mon, Jan 7, 2013 at 7:38 PM, Umar Draz <unix.co at gmail.com> wrote:
>>>>>
>>>>>> I think My network configuration is ok,
>>>>>>
>>>>>> I can ping compute's own ip address 192.168.1.133 from virtual
>>>>>> machine. But I can't access other local machines.
>>>>>>
>>>>>> I think its security firewall issue or need some routing table?
>>>>>>
>>>>>> Here is the out put of ping.
>>>>>>
>>>>>> root at ubuntu-cloud# ping 192.168.1.133
>>>>>> PING 192.168.1.133 (192.168.1.133) 56(84) bytes of data.
>>>>>> 64 bytes from 192.168.1.133: icmp_req=1 ttl=64 time=0.225 ms
>>>>>> 64 bytes from 192.168.1.133: icmp_req=2 ttl=64 time=0.360 ms
>>>>>> 64 bytes from 192.168.1.133: icmp_req=3 ttl=64 time=0.271 ms
>>>>>> root at ubuntu-cloud# ping 192.168.1.130
>>>>>> PING 192.168.1.130 (192.168.1.130) 56(84) bytes of data.
>>>>>> From 10.0.0.3: icmp_seq=2 Redirect Host(New nexthop: 192.168.1.130)
>>>>>>
>>>>>> 10.0.0.3 is the gateway of virtual machine which is the ip of
>>>>>> compute's br100
>>>>>>
>>>>>> Best Regards,
>>>>>>
>>>>>> Umar
>>>>>>
>>>>>> On Mon, Jan 7, 2013 at 11:26 PM, Stefano Zanella <
>>>>>> zanella.stefano at gmail.com> wrote:
>>>>>>
>>>>>>> If you want to setup DHCP flat networking, maybe this page (and the
>>>>>>> chapter that contains it) could help:
>>>>>>>
>>>>>>> http://docs.openstack.org/essex/openstack-compute/admin/content/libvirt-flat-dhcp-networking.html
>>>>>>>
>>>>>>> Regards,
>>>>>>> Stefano
>>>>>>>
>>>>>>> On Mon, Jan 7, 2013 at 7:03 PM, Umar Draz <unix.co at gmail.com> wrote:
>>>>>>>
>>>>>>>> my_ip=6x.1x.84.132
>>>>>>>> public_interface=eth0
>>>>>>>> flat_network_bridge=br100
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Umar Draz
>>>>>> Network Architect
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Umar Draz
>>>> Network Architect
>>>>
>>>
>>>
>>
>>
>> --
>> Umar Draz
>> Network Architect
>>
>
>
--
Umar Draz
Network Architect
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130108/c97f968b/attachment.html>
More information about the Openstack
mailing list