[Openstack] IceHouse Neutron L3 - Connectivity issue

Martinx - ジェームズ thiagocmartinsc at gmail.com
Tue May 20 05:47:30 UTC 2014 

Hey Stackers!

I'm facing a weird network issue here, with *IceHouse* and *Neutron L3*...
Using "Per-Project Router with Private Networks"...

I am unable to connect via SSH into an Instance, from its own "Project
Namespace Router", look:

--
root at net-controller-1:~# ip netns exec
qrouter-c252886a-1fd0-45dd-9e3b-4233786e7960 ssh -i ~/pem
ubuntu at 192.168.1.17 -v
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 192.168.1.17 [192.168.1.17] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/pem type -1
debug1: identity file /root/pem-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6p1
Ubuntu-2ubuntu1
debug1: match: OpenSSH_6.6p1 Ubuntu-2ubuntu1 pat OpenSSH_6.5*,OpenSSH_6.6*
compat 0x14000000
debug1: SSH2_MSG_KEXINIT sent
...
...
...ssh stucked!!!
...
--

The SSH connection froze at "debug1: SSH2_MSG_KEXINIT sent" and it never
establishes...

>From its attached `Floating IP`, the symptom is the same, I can't connect
via SSH into a Instance, I tried it with 12.04 and 14.04, same result for
both...

The Instance looks good from SPICE Consoles (but I need to login with
"ubuntu user" via network first, using ssh key).

-

I'm running tcpdump on both "qr-$INT" and at the Compute Node DATA NETWORK,
to see the GREv0 traffic too, here it is:

--
root at net-controller-1:~# ip netns exec
qrouter-c252886a-1fd0-45dd-9e3b-4233786e7960 tcpdump -v -ni qr-eeb0d2f3-42

http://paste.openstack.org/show/80969/

NOTE: From the line ~16 to 32, SSH was already frozen...
--

root at compute-node-1:~# tcpdump -ni eth1 | grep -v IP6

http://paste.openstack.org/show/80970/
--

What can I do to deep investigate this?!

I double checked everything, including OVS bridges, sysctl.conf, `ethtool
--offload ethX gro off` and etc... Don't know what's is wrong...

I think that this is the last problem I'm facing with IceHouse, I would
like to put it into prod but, I am unable to do it right now...   :-/

Tks in advance!

Best,
Thiago
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140520/46c26acc/attachment.html>

More information about the Openstack mailing list