[Openstack] should instances be able to ping each other through a router?
ZHOU TAO A
tao.a.zhou at alcatel-lucent.com
Mon Aug 25 09:03:28 UTC 2014
I think you need to add a resource with type
type: OS::Neutron::RouterGateway.
On 08/24/2014 09:09 AM, Don Waterloo wrote:
> I have the below heat template instantiated.
>
> Each instance (h1/h2/h3) can ping out to the world just fine.
> In addition, h1 can ping h2 & h3, and they it. e.g. everyone can ping
> everyone on its own subnet.
> But h2 and h3 cannot ping each other (this is a routing function
> rather than local net).
>
> I am using vxlan with neutron, ovs ml2 on icehouse ubuntu 14.04.
>
> I have port_security disabled (and iptables -L shows this to be true
> in the router namespace).
>
> what is happening is the ping hits the router port, and stops.
> e.g. 172.16.1.X sends ICMP to 172.16.2.1, and its never seen again.
>
> Should I be expecting this to work? It seems that this should not be
> an SNAT issue, its all inside my private networking space.
>
> >From the host, if I 'ip netns exec qrouter-<...>' i can ping each
> interface inside each vm, so i know the host can reach them.
>
> So, uh, suggestions on how to debug this? My 'trusty' image below is
> ubuntu 14.04, but it also happens w/ cirros fwiw.
>
> --------------<snip>--------------
> heat_template_version: 2013-05-23
>
> description: >
>
> resources:
> key:
> type: OS::Nova::KeyPair
> properties:
> name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-key' } }
> save_private_key: True
>
> rtr:
> type: OS::Neutron::Router
> properties:
> admin_state_up: True
> name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-rtr' } }
> external__info:
> network: "ext-net"
>
> ctrl_net:
> type: OS::Neutron::Net
> properties:
> name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-data-ctrl-net' } }
>
> ctrl_subnet:
> type: OS::Neutron::Subnet
> properties:
> name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-data-ctrl-subnet' } }
> enable_dhcp: True
> network_id: { get_resource: ctrl_net }
> cidr: 172.16.1/24
> allocation_pools:
> - start: 172.16.1.10
> end: 172.16.1.254
>
> router_i0:
> type: OS::Neutron::RouterInterface
> properties:
> router_id: { get_resource: rtr }
> subnet_id: { get_resource: ctrl_subnet }
>
> router_i1:
> type: OS::Neutron::RouterInterface
> properties:
> router_id: { get_resource: rtr }
> subnet_id: { get_resource: data_int_subnet }
>
> int_net:
> type: OS::Neutron::Net
> properties:
> name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-int-net' } }
>
> data_int_subnet:
> type: OS::Neutron::Subnet
> properties:
> name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-data-int-subnet' } }
> enable_dhcp: True
> network_id: { get_resource: int_net }
> cidr: 172.16.2/24
> allocation_pools:
> - start: 172.16.2.10
> end: 172.16.2.254
>
>
> h1:
> type: OS::Nova::Server
> properties:
> name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-h1' } }
> key_name: { get_resource: key }
> image: "trusty"
> flavor: "m1.tiny"
> config_drive: "true"
> networks:
> - network: { get_resource: ctrl_net }
> - network: { get_resource: int_net }
> user_data_format: RAW
> user_data: |
> #!/bin/bash
> ifup eth1
> dhclient eth1
>
> h2:
> type: OS::Nova::Server
> properties:
> name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-h2' } }
> key_name: { get_resource: key }
> image: "trusty"
> flavor: "m1.tiny"
> config_drive: "true"
> networks:
> - network: { get_resource: ctrl_net }
>
> h3:
> type: OS::Nova::Server
> properties:
> name: { str_replace: { params: { $stack_name: { get_param:
> 'OS::stack_name' } }, template: '$stack_name-h3' } }
> key_name: { get_resource: key }
> image: "trusty"
> flavor: "m1.tiny"
> config_drive: "true"
> networks:
> - network: { get_resource: int_net }
>
> outputs:
> key:
> description: The private key to login to these images with
> (try heat output-show <NAME> key | sed -e 's?"??g' -e 's?\\n?\n?g' >
> ~/.ssh/<NAME>_rsa)
> value: { get_attr: [ key, private_key] }
>
> --------------<snip>--------------
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
More information about the Openstack
mailing list