[Openstack] Need Help
Stefano Zanella
zanella.stefano at gmail.com
Mon Jan 7 21:56:35 UTC 2013
I think there's a mismatching here between configuration and intended
behavior, I'm sorry not to have detected it before.
With your configuration, you're bridging (Layer 2) two different networks
(Layer3). They cannot communicate if not properly routed or masqueraded.
Do you need to NAT VMs directly with public IPs? If not, I'd suggest you to
change the configuration as follows:
# NETWORK
network_manager=nova.network.manager.FlatDHCPManager
force_dhcp_release=True
dhcpbridge_flagfile=/etc/nova/nova.conf
my_ip=6x.1x.84.132
public_interface=eth1
flat_network_bridge=br100
fixed_range=10.0.0.0/24
This way, nova-network will setup NAT between 10.0.0.0/24 and
192.168.1.0/24and you should be able to reach your LAN. Then, if you
want to reach
machines inside VMs private network, you could add a floating IP range and
assign them to VMs.
Hope this could solve the problem.
Regards,
Stefano
On Mon, Jan 7, 2013 at 9:14 PM, Umar Draz <unix.co at gmail.com> wrote:
> I did this on compute
> root at compute1:~# echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
>
> and the result from vm
> root at vm:~# ping 192.168.1.134
>
> PING 192.168.1.134 (192.168.1.134) 56(84) bytes of data.
> From 10.0.0.2 icmp_seq=1 Destination Host Unreachable
> From 10.0.0.2 icmp_seq=2 Destination Host Unreachable
> From 10.0.0.2 icmp_seq=3 Destination Host Unreachable
> From 10.0.0.2 icmp_seq=4 Destination Host Unreachable
> From 10.0.0.2 icmp_seq=5 Destination Host Unreachable
> From 10.0.0.2 icmp_seq=6 Destination Host Unreachable
> From 10.0.0.2 icmp_seq=7 Destination Host Unreachable
> From 10.0.0.2 icmp_seq=8 Destination Host Unreachable
> From 10.0.0.2 icmp_seq=9 Destination Host Unreachable
> From 10.0.0.2 icmp_seq=10 Destination Host Unreachable
> From 10.0.0.2 icmp_seq=11 Destination Host Unreachable
> From 10.0.0.2 icmp_seq=12 Destination Host Unreachable
> From 10.0.0.2 icmp_seq=13 Destination Host Unreachable
> From 10.0.0.2 icmp_seq=14 Destination Host Unreachable
> From 10.0.0.2 icmp_seq=15 Destination Host Unreachable
> Best Regards,
>
> Umar
>
> On Tue, Jan 8, 2013 at 1:02 AM, Stefano Zanella <zanella.stefano at gmail.com
> > wrote:
>
>> Can you try to set rp_filter to 0? I needed to disable it today,
>> otherwise I was facing problem similar to yours.
>> Try to ping with rp_filter disabled, let's see if we can resolve the
>> problem that way.
>> Regards,
>> Stefano
>>
>>
>> On Mon, Jan 7, 2013 at 8:57 PM, Umar Draz <unix.co at gmail.com> wrote:
>>
>>> Hi
>>>
>>> Here is the result
>>>
>>> root at compute1:~# cat /proc/sys/net/ipv4/ip_forward
>>> 1
>>>
>>> root at compute1:~# cat /proc/sys/net/ipv4/conf/default/rp_filter
>>> 1
>>>
>>> root at compute1:~# nova secgroup-list-rules default
>>> +-------------+-----------+---------+-----------+--------------+
>>> | IP Protocol | From Port | To Port | IP Range | Source Group |
>>> +-------------+-----------+---------+-----------+--------------+
>>> | icmp | -1 | -1 | 0.0.0.0/0 | |
>>> | tcp | 22 | 22 | 0.0.0.0/0 | |
>>> | tcp | 80 | 80 | 0.0.0.0/0 | |
>>> | tcp | 443 | 443 | 0.0.0.0/0 | |
>>> | tcp | 16667 | 16667 | 0.0.0.0/0 | |
>>> +-------------+-----------+---------+-----------+--------------+
>>>
>>> Best Regards,
>>>
>>> Umar
>>> On Tue, Jan 8, 2013 at 12:52 AM, Stefano Zanella <
>>> zanella.stefano at gmail.com> wrote:
>>>
>>>> Routing and IP setup looks ok. What's the output of
>>>> cat /proc/sys/net/ipv4/ip_forward
>>>> and
>>>> cat /proc/sys/net/ipv4/conf/default/rp_filter
>>>>
>>>> Also, did you setup security groups correctly? What's the output of
>>>> nova secgroup-list-rules default
>>>>
>>>> You should have setup at least a rule for allowing icmp traffic.
>>>> Thanks,
>>>> Stefano
>>>>
>>>>
>>>> On Mon, Jan 7, 2013 at 8:39 PM, Umar Draz <unix.co at gmail.com> wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> Here is the result
>>>>>
>>>>> Compute node
>>>>> ------------
>>>>>
>>>>> *brctl show*
>>>>>
>>>>> bridge name bridge id STP enabled interfaces
>>>>> br100 8000.002590976edb no eth1
>>>>> vnet0
>>>>> *ip addr list*
>>>>>
>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>>>>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>>>> inet 127.0.0.1/8 scope host lo
>>>>> inet 169.254.169.254/32 scope link lo
>>>>> inet6 ::1/128 scope host
>>>>> valid_lft forever preferred_lft forever
>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
>>>>> qlen 1000
>>>>> link/ether 00:25:90:97:6e:da brd ff:ff:ff:ff:ff:ff
>>>>> inet 69.155.84.133/25 brd 85.195.84.255 scope global eth0
>>>>> inet 69.155.84.142/32 scope global eth0
>>>>> inet6 fe80::225:90ff:fe97:6eda/64 scope link
>>>>> valid_lft forever preferred_lft forever
>>>>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master
>>>>> br100 state UP qlen 1000
>>>>> link/ether 00:25:90:97:6e:db brd ff:ff:ff:ff:ff:ff
>>>>> 4: br100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>>>>> state UP
>>>>> link/ether 00:25:90:97:6e:db brd ff:ff:ff:ff:ff:ff
>>>>> inet 10.0.0.3/24 brd 10.0.0.255 scope global br100
>>>>> inet 192.168.1.133/24 brd 192.168.1.255 scope global br100
>>>>> inet6 fe80::225:90ff:fe97:6edb/64 scope link
>>>>> valid_lft forever preferred_lft forever
>>>>> 9: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>>>>> master br100 state UNKNOWN qlen 500
>>>>> link/ether fe:16:3e:41:0c:2a brd ff:ff:ff:ff:ff:ff
>>>>> inet6 fe80::fc16:3eff:fe41:c2a/64 scope link
>>>>> valid_lft forever preferred_lft forever
>>>>>
>>>>> *route -n*
>>>>>
>>>>> Kernel IP routing table
>>>>> Destination Gateway Genmask Flags Metric Ref
>>>>> Use Iface
>>>>> 0.0.0.0 69.155.84.129 0.0.0.0 UG 0 0
>>>>> 0 eth0
>>>>> 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0
>>>>> 0 br100
>>>>> 69.155.84.128 0.0.0.0 255.255.255.128 U 0 0
>>>>> 0 eth1
>>>>> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0
>>>>> 0 br100
>>>>>
>>>>> *virtual machine
>>>>> ----------------------
>>>>> *
>>>>> *ip addr list*
>>>>>
>>>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>>>>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>>>> inet 127.0.0.1/8 scope host lo
>>>>> inet6 ::1/128 scope host
>>>>> valid_lft forever preferred_lft forever
>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>>>>> state UP qlen 1000
>>>>> link/ether fa:16:3e:41:0c:2a brd ff:ff:ff:ff:ff:ff
>>>>> inet 10.0.0.2/24 brd 10.0.0.255 scope global eth0
>>>>> inet6 fe80::f816:3eff:fe41:c2a/64 scope link tentative dadfailed
>>>>> valid_lft forever preferred_lft forever
>>>>>
>>>>> *route -n*
>>>>>
>>>>> Kernel IP routing table
>>>>> Destination Gateway Genmask Flags Metric Ref
>>>>> Use Iface
>>>>> 0.0.0.0 10.0.0.3 0.0.0.0 UG 100 0
>>>>> 0 eth0
>>>>> 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0
>>>>> 0 eth0
>>>>>
>>>>> Best Regards,
>>>>>
>>>>> Umar
>>>>>
>>>>> On Tue, Jan 8, 2013 at 12:24 AM, Stefano Zanella <
>>>>> zanella.stefano at gmail.com> wrote:
>>>>>
>>>>>> Can you please post the output of "ip addr list", "route -n" and
>>>>>> "brctl show" on compute node and virtual machine? More than a firewall
>>>>>> issue, it seems a routing issue to me.
>>>>>> Thanks,
>>>>>> Stefano
>>>>>>
>>>>>>
>>>>>> On Mon, Jan 7, 2013 at 7:38 PM, Umar Draz <unix.co at gmail.com> wrote:
>>>>>>
>>>>>>> I think My network configuration is ok,
>>>>>>>
>>>>>>> I can ping compute's own ip address 192.168.1.133 from virtual
>>>>>>> machine. But I can't access other local machines.
>>>>>>>
>>>>>>> I think its security firewall issue or need some routing table?
>>>>>>>
>>>>>>> Here is the out put of ping.
>>>>>>>
>>>>>>> root at ubuntu-cloud# ping 192.168.1.133
>>>>>>> PING 192.168.1.133 (192.168.1.133) 56(84) bytes of data.
>>>>>>> 64 bytes from 192.168.1.133: icmp_req=1 ttl=64 time=0.225 ms
>>>>>>> 64 bytes from 192.168.1.133: icmp_req=2 ttl=64 time=0.360 ms
>>>>>>> 64 bytes from 192.168.1.133: icmp_req=3 ttl=64 time=0.271 ms
>>>>>>> root at ubuntu-cloud# ping 192.168.1.130
>>>>>>> PING 192.168.1.130 (192.168.1.130) 56(84) bytes of data.
>>>>>>> From 10.0.0.3: icmp_seq=2 Redirect Host(New nexthop: 192.168.1.130)
>>>>>>>
>>>>>>> 10.0.0.3 is the gateway of virtual machine which is the ip of
>>>>>>> compute's br100
>>>>>>>
>>>>>>> Best Regards,
>>>>>>>
>>>>>>> Umar
>>>>>>>
>>>>>>> On Mon, Jan 7, 2013 at 11:26 PM, Stefano Zanella <
>>>>>>> zanella.stefano at gmail.com> wrote:
>>>>>>>
>>>>>>>> If you want to setup DHCP flat networking, maybe this page (and the
>>>>>>>> chapter that contains it) could help:
>>>>>>>>
>>>>>>>> http://docs.openstack.org/essex/openstack-compute/admin/content/libvirt-flat-dhcp-networking.html
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Stefano
>>>>>>>>
>>>>>>>> On Mon, Jan 7, 2013 at 7:03 PM, Umar Draz <unix.co at gmail.com>wrote:
>>>>>>>>
>>>>>>>>> my_ip=6x.1x.84.132
>>>>>>>>> public_interface=eth0
>>>>>>>>> flat_network_bridge=br100
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Umar Draz
>>>>>>> Network Architect
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Umar Draz
>>>>> Network Architect
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Umar Draz
>>> Network Architect
>>>
>>
>>
>
>
> --
> Umar Draz
> Network Architect
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130107/8b014e91/attachment.html>
More information about the Openstack
mailing list