Open Stack

no idea?




Le 30/04/2013 02:15, Michaël Van de Borne a écrit :
> Hi there,
> I'm running Grizzly on Ubuntu 12.04 in this topology: 
> http://docs.openstack.org/trunk/openstack-network/admin/content/connectivity.html
> and using the per-tenant routers with private networks.
>
> I just found out that my VMs (except just one) can't access internet 
> if I associate them a floating ip.
> As soon as I disassociate the floating ip, the VM can ping 8.8.8.8
>
> Did anyone experienced this?
>
> Here is the iptables-save of the virtual router (configured thanks to 
> the l3 agent):
> (the VMs floating IPs are 192.168.202.X. The even wierdest thing is 
> that only the VM using the 192.168.202.4 floating ip can access the 
> internet).
> thanks for your help...
>
>
> root at rajesh:~# ip netns exec 
> qrouter-e75c9ae7-c814-42c3-bd9e-9002c025aa95 iptables-save
> # Generated by iptables-save v1.4.12 on Tue Apr 30 01:52:01 2013
> *mangle
> :PREROUTING ACCEPT [103801:72619178]
> :INPUT ACCEPT [29779:8190400]
> :FORWARD ACCEPT [73997:64361803]
> :OUTPUT ACCEPT [3336:330688]
> :POSTROUTING ACCEPT [77333:64692491]
> COMMIT
> # Completed on Tue Apr 30 01:52:01 2013
> # Generated by iptables-save v1.4.12 on Tue Apr 30 01:52:01 2013
> *nat
> :PREROUTING ACCEPT [1:84]
> :INPUT ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :POSTROUTING ACCEPT [0:0]
> :quantum-l3-agent-OUTPUT - [0:0]
> :quantum-l3-agent-POSTROUTING - [0:0]
> :quantum-l3-agent-PREROUTING - [0:0]
> :quantum-l3-agent-float-snat - [0:0]
> :quantum-l3-agent-snat - [0:0]
> :quantum-postrouting-bottom - [0:0]
> -A PREROUTING -j quantum-l3-agent-PREROUTING
> -A OUTPUT -j quantum-l3-agent-OUTPUT
> -A POSTROUTING -j quantum-l3-agent-POSTROUTING
> -A POSTROUTING -j quantum-postrouting-bottom
> -A quantum-l3-agent-OUTPUT -d 192.168.202.4/32 -j DNAT 
> --to-destination 10.0.0.4
> -A quantum-l3-agent-OUTPUT -d 192.168.202.3/32 -j DNAT 
> --to-destination 10.0.0.2
> -A quantum-l3-agent-OUTPUT -d 192.168.202.6/32 -j DNAT 
> --to-destination 10.0.0.5
> -A quantum-l3-agent-POSTROUTING ! -i qg-53c422b7-8a ! -o 
> qg-53c422b7-8a -m conntrack ! --ctstate DNAT -j ACCEPT
> -A quantum-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp 
> --dport 80 -j REDIRECT --to-ports 9697
> -A quantum-l3-agent-PREROUTING -d 192.168.202.4/32 -j DNAT 
> --to-destination 10.0.0.4
> -A quantum-l3-agent-PREROUTING -d 192.168.202.3/32 -j DNAT 
> --to-destination 10.0.0.2
> -A quantum-l3-agent-PREROUTING -d 192.168.202.6/32 -j DNAT 
> --to-destination 10.0.0.5
> -A quantum-l3-agent-float-snat -s 10.0.0.4/32 -j SNAT --to-source 
> 192.168.202.4
> -A quantum-l3-agent-float-snat -s 10.0.0.2/32 -j SNAT --to-source 
> 192.168.202.3
> -A quantum-l3-agent-float-snat -s 10.0.0.5/32 -j SNAT --to-source 
> 192.168.202.6
> -A quantum-l3-agent-snat -j quantum-l3-agent-float-snat
> -A quantum-l3-agent-snat -s 10.0.0.0/24 -j SNAT --to-source 192.168.202.2
> -A quantum-postrouting-bottom -j quantum-l3-agent-snat
> COMMIT
> # Completed on Tue Apr 30 01:52:01 2013
> # Generated by iptables-save v1.4.12 on Tue Apr 30 01:52:01 2013
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [23:2028]
> :OUTPUT ACCEPT [0:0]
> :quantum-filter-top - [0:0]
> :quantum-l3-agent-FORWARD - [0:0]
> :quantum-l3-agent-INPUT - [0:0]
> :quantum-l3-agent-OUTPUT - [0:0]
> :quantum-l3-agent-local - [0:0]
> -A INPUT -j quantum-l3-agent-INPUT
> -A FORWARD -j quantum-filter-top
> -A FORWARD -j quantum-l3-agent-FORWARD
> -A OUTPUT -j quantum-filter-top
> -A OUTPUT -j quantum-l3-agent-OUTPUT
> -A quantum-filter-top -j quantum-l3-agent-local
> -A quantum-l3-agent-INPUT -d 127.0.0.1/32 -p tcp -m tcp --dport 9697 
> -j ACCEPT
> COMMIT
> # Completed on Tue Apr 30 01:52:01 2013
>
>
> michaël
>
> -- 
> Michaël Van de Borne
> R&D Engineer, SOA team, CETIC
> Phone: +32 (0)71 49 07 45 Mobile: +32 (0)472 69 57 16, Skype: mikemowgli
> www.cetic.be, rue des Frères Wright, 29/3, B-6041 Charleroi
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130502/6cbe3c3a/attachment.html>