openstack team mailing list archive

[Calvin Walton <calvin.walton@xxxxxxxxxx>]

On Mon, 2012-04-23 at 06:45 -0700, Mike Scherbakov wrote:
> Hi Calvin,
Sorry I didn't respond earlier, the email temporarily got lost :)

> show us iptables -nL -t nat | grep NAT on the node with nova-network.

(192.168.0.101 is the nova-network node's "external" address)

DNAT       all  --  0.0.0.0/0            192.168.0.33        to:192.168.22.35
DNAT       all  --  0.0.0.0/0            192.168.0.88         to:192.168.22.41
ACCEPT     all  --  192.168.22.32/27     192.168.22.32/27     ! ctstate DNAT
DNAT       tcp  --  0.0.0.0/0            169.254.169.254      tcp dpt:80 to:192.168.0.101:8775
DNAT       all  --  0.0.0.0/0            192.168.0.33         to:192.168.22.35
DNAT       all  --  0.0.0.0/0            192.168.0.88         to:192.168.22.41
SNAT       all  --  192.168.22.35        0.0.0.0/0            to:192.168.0.33
SNAT       all  --  192.168.22.41        0.0.0.0/0            to:192.168.0.88
SNAT       all  --  192.168.22.32/27     0.0.0.0/0            to:192.168.0.101

Note that the nova-network is actually colocated on a machine that also
runs nova-compute; this is a small 2-node lab deployment.

> Could it be that your fixed_range flag in nova.conf covers both
> subnets,
> like 192.168.0.0/16 ?

My fixed_range is very small, and doesn't overlap:
--fixed_range=192.168.22.32/27

> Second reason - I presume that the traffic from VM will go via your
> router if you access another VM via floating IP,
> so router should know the route to 192.168.0.x (static/ospf?)

192.168.0.x is the office network, and communication between other
machines on that network and the router on that network all work fine.

In the course of trying some other things out, I found that when I
enabled ipv4 forwarding on the nova-network box:
  echo 1 >/proc/sys/net/ipv4/ip_forward
Then the virtual machines /were/ able to communicate with each-other via
their floating IP addresses. I'm still not sure about what's going on,
but it's good enough for our lab use now.

> 
> Regards,
> 
> On Fri, Apr 20, 2012 at 7:03 AM, Calvin Walton
> <calvin.walton@xxxxxxxxxx> wrote:
>         Hi,
>         
>         I have instances running in Openstack using FlatDHCP
>         networking mode.
>         Each one has an IP address in the internal subnet
>         (192.168.22.x) and a
>         floating IP from the external subnet (192.168.0.x).
>         
>         I've found that from one instance, I cannot connect to another
>         instance
>         (or, in fact, even the same instance) via the external
>         floating address
>         (I have some monitoring tools that attempt to do this to
>         verify that a
>         server is running). Connections from external computers work
>         fine.
>         
>         My best guess is that there is an issue with the NAT on my
>         nova-network
>         node not allowing loopback connections. Is this intentional,
>         or a bug?
>         Is there a workaround available?
>         
>         For reference, I'm currently using OpenStack from the
>         'latest-milestone-test' OpenStack PPA on Ubuntu 12.04 Precise.


-- 
Calvin Walton <calvin.walton@xxxxxxxxxx>
Blindside Networks http://www.blindsidenetworks.com/