Open Stack

On 08/17/2016 05:08 AM, Ludwig Tirazona wrote:
> Hello,
>
>
> Has anybody had this experience/problem as well?

I'm not sure I'd expect this to work, here is just one reason.

The VM really doesn't know when to use which router, because it doesn't know 
which target IP was used pre-NAT.  For example, given some Internet IP source 
address, say 8.8.8.8, where will the VM send a response?  It will use the 
default route going through Router1 in most cases.  The way you've had to go 
setup a static route on the VM to get to PubNet2 will only affect packets going 
to that subnet, but being a Public IP means it will be communicating with other 
systems not on that subnet.  You would have to create route entries based on the 
source IP being used, but there still might be edge cases that cause problems.

I think a better question to ask is, why do you need two Public IPs?  Don't make 
things more complicated than they need to be.

BTW, the best way to figure out why this isn't working is looking at tcpdump 
traces on all the interfaces and bridges, and possibly even flow rules if you're 
using OVS, as well as iptables rules for security groups.  That will at least 
tell you where the packet is getting dropped.

-Brian

> ---------------
> OVERVIEW
>
> I have two separate public networks, each with their entirely separate
> IP block.
>
> I need a VM to have Floating IPs on both of these networks.
>
> I am on OpenStack Liberty.
> --------------
>
> ACTIONS
>
> I create two routers and two private subnets in my Project, one for each
> public network.
>
> I create an instance attached to subnet1, and give it a floating IP on
> PubNet1.
>
> Everything is working fine.
>
> I attach a second interface for subnet2 to the VM. I give it the static
> address that Neutron-DHCP would have given it, were it using DHCP.
>
> Everything is working fine.
>
> From the "Access & Security" > "Floating IPs" interface on Horizon, I
> assign a Floating IP from PubNet2 to the VM's interface on subnet2.
>
>
> --------------
>
> PROBLEM
>
> Here's where things get wonky:
>
> Although the Floating IP assignment request completes successfully,
> connections to the VM on the PubNet2 floating IP do not reach the VM.
> -------------------
>
>
> DETAILS
>
> I have a wide-open Security Group for the VM, allowing everything in and
> out.
>
> On the VM, I have configured a static route to PubNet2 through the
> subnet2 gateway.
>
> From the VM, I can ping my PubNet2 router's PubNet2 IP, and the PubNet2
> gateway as well. I can't ping the VM's PubNet2 Floating IP.
>
>
> I see the VM's 2nd Floating IP on the qrouter's network namespace on my
> Network Node.
>
> I do the following:
>
> ip netns exec qrouter-<PubNet2 router ID> ping <PubNet2 Router Public IP>
>
> that pings successfully.
>
> ip netns exec qrouter-<PubNet2 router ID> ping <VM PubNet2 Floating IP >
>
> that fails to ping. Even through I see it's on the same network
> namespace interface ast the PubNet2 Router Public IP.
>
>
> -------------------------------
>
> I hope I was able to describe the problem accurately, but concisely as well.
>
> Does anybody have an idea as to what the problem might be?
>
> Is what I'm even attempting supposedly possible with Neutron-Liberty?
>
> What can I try?
>
>
>
>
> Thanks in advance!
>
> _______________________________________________
> Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>