[Openstack] A VM cannot contact another VM using its floating IP

Antonio Messina antonio.s.messina at gmail.com
Thu Mar 6 17:17:38 UTC 2014 

Hi all,

I am running OpenStack Folsom with nova-network, single-host, and my
VMs cannot contact other VMs (or even themselves) using the floating
IP.

I have two VMs:

Machine `A` (Alice)
  - <fixed_ip_A> is an IP in range 10.65.4.0/22
  - <floating_ip_A> is a public IP

Machine `B` (Bob)
  - <fixed_ip_B> is an IP in range 10.65.4.0/22
  - <floating_ip_B> is a public IP

Apparently, Alice is unable to contact Bob on any port (also ping
doesn't work)

What I think it's happening when Alice contacts Bob, is that the
packet goes to the controller node, where first of all its
*destination* ip address is changed by the rule:

    -A nova-network-PREROUTING -d <fixed_ip_B> -j DNAT
--to-destination <floating_ip_B>

then the *source* ip address shuold be changed, but the problem is
that nova-network creates this rule:

    -A nova-network-float-snat -s <fixed_ip_A> -o eth3 -j SNAT
--to-source <floating_ip_A>

where `eth3` is my external network on the controller node. However,
since the destination IP has been changed, the output interface is not
the public one (eth3) but the *internal* interface (br100), therefore
the SNAT rule doesn't match.

I see the topic is not completely new, there is at least a bug fixed
in Grizzly:

* "pinging own floating ip fails with external gateway"
  (https://bugs.launchpad.net/nova/+bug/1096259)

which apparently only fix the case where Alice talks to Alice itself,
and there is a similar StackOverflow question:

* Why can't Openstack VM reach itself via it's Floating IP?
  http://serverfault.com/questions/460348/why-cant-openstack-vm-reach-itself-via-its-floating-ip

where it's suggested to add "--ctstate DNAT" to the SNAT rule, but
when I tried it it didn't work.

Is anyone else having the same issue? Is there something wrong with my
configuration?

Thank you in advance
Antonio Messina

-- 
antonio.s.messina at gmail.com
antonio.messina at uzh.ch                     +41 (0)44 635 42 22
GC3: Grid Computing Competence Center      http://www.gc3.uzh.ch/
University of Zurich
Winterthurerstrasse 190
CH-8057 Zurich Switzerland

More information about the Openstack mailing list