[Openstack] should instances be able to ping each other through a router?
Don Waterloo
don.waterloo at gmail.com
Sun Aug 24 01:09:51 UTC 2014
I have the below heat template instantiated.
Each instance (h1/h2/h3) can ping out to the world just fine.
In addition, h1 can ping h2 & h3, and they it. e.g. everyone can ping
everyone on its own subnet.
But h2 and h3 cannot ping each other (this is a routing function
rather than local net).
I am using vxlan with neutron, ovs ml2 on icehouse ubuntu 14.04.
I have port_security disabled (and iptables -L shows this to be true
in the router namespace).
what is happening is the ping hits the router port, and stops.
e.g. 172.16.1.X sends ICMP to 172.16.2.1, and its never seen again.
Should I be expecting this to work? It seems that this should not be
an SNAT issue, its all inside my private networking space.
>From the host, if I 'ip netns exec qrouter-<...>' i can ping each
interface inside each vm, so i know the host can reach them.
So, uh, suggestions on how to debug this? My 'trusty' image below is
ubuntu 14.04, but it also happens w/ cirros fwiw.
--------------<snip>--------------
heat_template_version: 2013-05-23
description: >
resources:
key:
type: OS::Nova::KeyPair
properties:
name: { str_replace: { params: { $stack_name: { get_param:
'OS::stack_name' } }, template: '$stack_name-key' } }
save_private_key: True
rtr:
type: OS::Neutron::Router
properties:
admin_state_up: True
name: { str_replace: { params: { $stack_name: { get_param:
'OS::stack_name' } }, template: '$stack_name-rtr' } }
external_gateway_info:
network: "ext-net"
ctrl_net:
type: OS::Neutron::Net
properties:
name: { str_replace: { params: { $stack_name: { get_param:
'OS::stack_name' } }, template: '$stack_name-data-ctrl-net' } }
ctrl_subnet:
type: OS::Neutron::Subnet
properties:
name: { str_replace: { params: { $stack_name: { get_param:
'OS::stack_name' } }, template: '$stack_name-data-ctrl-subnet' } }
enable_dhcp: True
network_id: { get_resource: ctrl_net }
cidr: 172.16.1/24
allocation_pools:
- start: 172.16.1.10
end: 172.16.1.254
router_i0:
type: OS::Neutron::RouterInterface
properties:
router_id: { get_resource: rtr }
subnet_id: { get_resource: ctrl_subnet }
router_i1:
type: OS::Neutron::RouterInterface
properties:
router_id: { get_resource: rtr }
subnet_id: { get_resource: data_int_subnet }
int_net:
type: OS::Neutron::Net
properties:
name: { str_replace: { params: { $stack_name: { get_param:
'OS::stack_name' } }, template: '$stack_name-int-net' } }
data_int_subnet:
type: OS::Neutron::Subnet
properties:
name: { str_replace: { params: { $stack_name: { get_param:
'OS::stack_name' } }, template: '$stack_name-data-int-subnet' } }
enable_dhcp: True
network_id: { get_resource: int_net }
cidr: 172.16.2/24
allocation_pools:
- start: 172.16.2.10
end: 172.16.2.254
h1:
type: OS::Nova::Server
properties:
name: { str_replace: { params: { $stack_name: { get_param:
'OS::stack_name' } }, template: '$stack_name-h1' } }
key_name: { get_resource: key }
image: "trusty"
flavor: "m1.tiny"
config_drive: "true"
networks:
- network: { get_resource: ctrl_net }
- network: { get_resource: int_net }
user_data_format: RAW
user_data: |
#!/bin/bash
ifup eth1
dhclient eth1
h2:
type: OS::Nova::Server
properties:
name: { str_replace: { params: { $stack_name: { get_param:
'OS::stack_name' } }, template: '$stack_name-h2' } }
key_name: { get_resource: key }
image: "trusty"
flavor: "m1.tiny"
config_drive: "true"
networks:
- network: { get_resource: ctrl_net }
h3:
type: OS::Nova::Server
properties:
name: { str_replace: { params: { $stack_name: { get_param:
'OS::stack_name' } }, template: '$stack_name-h3' } }
key_name: { get_resource: key }
image: "trusty"
flavor: "m1.tiny"
config_drive: "true"
networks:
- network: { get_resource: int_net }
outputs:
key:
description: The private key to login to these images with
(try heat output-show <NAME> key | sed -e 's?"??g' -e 's?\\n?\n?g' >
~/.ssh/<NAME>_rsa)
value: { get_attr: [ key, private_key] }
--------------<snip>--------------
More information about the Openstack
mailing list