[Openstack] [neutron] provider router with private networks, can not ping private IP and floating IP
sylecn
sylecn at gmail.com
Mon Nov 18 01:24:06 UTC 2013
I have enabled namespace, but I did not use overlapping IP addresses so far.
Here is the result of the netns command:
root at 172-17-6-68:/var/log/neutron# ip netns show
qrouter-c5b513fa-6d6a-476f-bfc0-2114954a15aa
qdhcp-a63f0950-cdea-4a6d-8312-1819113dc244
root at 172-17-6-68:/var/log/neutron# ip netns exec
qdhcp-a63f0950-cdea-4a6d-8312-1819113dc244 ping 10.0.1.3
PING 10.0.1.3 (10.0.1.3) 56(84) bytes of data.
>From 10.0.1.2 icmp_seq=1 Destination Host Unreachable
>From 10.0.1.2 icmp_seq=2 Destination Host Unreachable
>From 10.0.1.2 icmp_seq=3 Destination Host Unreachable
>From 10.0.1.2 icmp_seq=4 Destination Host Unreachable
>From 10.0.1.2 icmp_seq=5 Destination Host Unreachable
>From 10.0.1.2 icmp_seq=6 Destination Host Unreachable
>From 10.0.1.2 icmp_seq=7 Destination Host Unreachable
>From 10.0.1.2 icmp_seq=8 Destination Host Unreachable
>From 10.0.1.2 icmp_seq=9 Destination Host Unreachable
>From 10.0.1.2 icmp_seq=10 Destination Host Unreachable
>From 10.0.1.2 icmp_seq=11 Destination Host Unreachable
>From 10.0.1.2 icmp_seq=12 Destination Host Unreachable
^C
--- 10.0.1.3 ping statistics ---
13 packets transmitted, 0 received, +12 errors, 100% packet loss, time
12061ms
pipe 3
root at 172-17-6-68:/var/log/neutron#
Using ip netns exec qdhcp-* ping, I can ping 10.0.1.1 and 10.0.1.2.
However, ping 10.0.1.3 still fail.
On Mon, Nov 18, 2013 at 12:59 AM, Kyle Mestery (kmestery) <
kmestery at cisco.com> wrote:
> On Nov 17, 2013, at 2:45 AM, sylecn <sylecn at gmail.com> wrote:
> >
> > Thanks for the information. Now I have configured a provider router
> based network, with Open vSwitch GRE tunnels.
> >
> > Here is the network topology:
> >
> > external network: 172.17.0.0/16
> > external network physical router: 172.17.0.1
> > neutron node IP: 172.17.6.68
> >
> > virtual provider router: 172.17.6.70
> >
> > virtual subnet1: 10.0.1.0/24
> >
> > Now I can boot a vm instance and it got an IP from private IP pool
> (10.0.1.3). I can also associate a floating IP to it (172.17.6.71). But I
> can't ping the private ip nor the floating ip.
> >
> > From the neutron node, I can ping 172.17.6.70, but can't ping 10.0.1.1,
> 10.0.1.3, 172.17.6.71.
> > So I can't ssh into the vm. My guess is something is wrong with the
> 10.0.1.0/24 network, but I don't know what.
> >
> Are you setup to use network namespaces with overlapping IP addresses? If
> so, each tenant network will have it's own network namespace on the node
> running the Neutron L3 agent. To see these, run this command:
>
> ip netns show
>
> From the qdhcp-* one, you can try to ping your tenant network address:
>
> ip netns exec qdhcp-* ping 10.0.1.3
>
> Let me know if that helps.
>
> Thanks,
> Kyle
>
> > I used the NoopFirewallDriver in OVS plugin, so icmp and tcp:22 are not
> blocked by security-group rules.
> >
> > Here is the current setup:
> > (neutron) net-list
> >
> +--------------------------------------+--------+----------------------------------------------------+
> > | id | name | subnets
> |
> >
> +--------------------------------------+--------+----------------------------------------------------+
> > | a63f0950-cdea-4a6d-8312-1819113dc244 | net1 |
> 708f2a58-bd85-4493-b91c-a6d42c0db5e7 10.0.1.0/24 |
> > | ee318d0b-74e5-43c6-92bd-abb690df3334 | extnet |
> 4c111c62-50f2-4332-b635-57846cf1980c 172.17.0.0/16 |
> >
> +--------------------------------------+--------+----------------------------------------------------+
> > (neutron) subnet-list
> >
> +--------------------------------------+---------+---------------+------------------------------------------------+
> > | id | name | cidr |
> allocation_pools |
> >
> +--------------------------------------+---------+---------------+------------------------------------------------+
> > | 4c111c62-50f2-4332-b635-57846cf1980c | extnet | 172.17.0.0/16 |
> {"start": "172.17.6.70", "end": "172.17.6.75"} |
> > | 708f2a58-bd85-4493-b91c-a6d42c0db5e7 | subnet1 | 10.0.1.0/24 |
> {"start": "10.0.1.2", "end": "10.0.1.254"} |
> >
> +--------------------------------------+---------+---------------+------------------------------------------------+
> > (neutron) port-list
> >
> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
> > | id | name | mac_address |
> fixed_ips
> |
> >
> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
> > | 234b4e76-7b7a-461f-8b61-2b7c58165fd2 | | fa:16:3e:86:95:d3 |
> {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address":
> "10.0.1.1"} |
> > | 35a8ab42-4f1a-4f1e-b656-ab4dd0e83725 | | fa:16:3e:44:c2:0a |
> {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address":
> "10.0.1.2"} |
> > | 85f4d2d7-c92b-4bc1-b080-2b1978bb6e17 | | fa:16:3e:cd:77:17 |
> {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address":
> "10.0.1.3"} |
> > | 9a24c2e9-a6da-4a24-93d4-9eef8cb0bcfa | | fa:16:3e:01:a2:ef |
> {"subnet_id": "4c111c62-50f2-4332-b635-57846cf1980c", "ip_address":
> "172.17.6.70"} |
> > | f508b629-6e95-4be4-89c0-b37be3907231 | | fa:16:3e:7c:41:0a |
> {"subnet_id": "4c111c62-50f2-4332-b635-57846cf1980c", "ip_address":
> "172.17.6.71"} |
> >
> +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+
> > (neutron) port-show 234b4e76-7b7a-461f-8b61-2b7c58165fd2
> >
> +-----------------------+---------------------------------------------------------------------------------+
> > | Field | Value
> |
> >
> +-----------------------+---------------------------------------------------------------------------------+
> > | admin_state_up | True
> |
> > | allowed_address_pairs |
> |
> > | binding:capabilities | {"port_filter": false}
> |
> > | binding:host_id | 172-17-6-68.yygamedev.com
> |
> > | binding:vif_type | ovs
> |
> > | device_id | c5b513fa-6d6a-476f-bfc0-2114954a15aa
> |
> > | device_owner | network:router_interface
> |
> > | extra_dhcp_opts |
> |
> > | fixed_ips | {"subnet_id":
> "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address": "10.0.1.1"} |
> > | id | 234b4e76-7b7a-461f-8b61-2b7c58165fd2
> |
> > | mac_address | fa:16:3e:86:95:d3
> |
> > | name |
> |
> > | network_id | a63f0950-cdea-4a6d-8312-1819113dc244
> |
> > | status | ACTIVE
> |
> > | tenant_id | 860483f3ceeb43aab4d1f0e8f76b4064
> |
> >
> +-----------------------+---------------------------------------------------------------------------------+
> > (neutron)
> > root at 172-17-6-68:/etc/neutron# nova list
> >
> +--------------------------------------+------+--------+------------+-------------+----------------------------+
> > | ID | Name | Status | Task State |
> Power State | Networks |
> >
> +--------------------------------------+------+--------+------------+-------------+----------------------------+
> > | ec214f0b-eede-421e-9036-a1b56bff3c37 | c1 | ACTIVE | None |
> Running | net1=10.0.1.3, 172.17.6.71 |
> >
> +--------------------------------------+------+--------+------------+-------------+----------------------------+
> >
> >
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20131118/fb5e25f5/attachment.html>
More information about the Openstack
mailing list