← Back to team overview

openstack team mailing list archive

Network Routing issues.

 

Hi all,

I'm having a few issues with my install here. My instances can't access
anything outside the cloud, and adding the correct rules to the security
group and assigning a public IP, the instance isn't accessible from the
outside world. I've had openstack running on this hardware before using
the Stackops Distro, but I've intalled Ubuntu 12.04 and Essex to test it
out as Stackops aren't on essex yet.

I've included the relevant (I think) info below. I'm not sure where/what
to check next, I'm not so good with network debugging unfortunately.

Could someone help, advise, or just generally point me in the right
direction?

Thanks!

/Kieran

I have it set to use FlatDHCP:
# network specific settings
--network_manager=nova.network.manager.FlatDHCPManager
--public_interface=bond0
--flat_interface=eth2
--flat_network_bridge=br100
--fixed_range=10.0.0.0/8
--floating_range=131.251.172.0/24
--network_size=256
--flat_network_dhcp_start=10.0.0.2
--flat_injected=False
--force_dhcp_release
--iscsi_helper=tgtadm
--connection_type=libvirt
--root_helper=sudo nova-rootwrap
--verbose

bond0 is a bonded interface on a public network. I can access the
Internet through that interface. eth2 is on a network connected to the
other hosts, each of which has eth2 connected to this network.

brctl shows eth2 is part of br100.

nova-network:
 brctl show
bridge name     bridge id               STP enabled     interfaces
br100           8000.001b21cda0d1       no              eth2


nova-compute-1 (with the instance on it):
brctl show
bridge name     bridge id               STP enabled     interfaces
br100           8000.001b21add0a1       no              eth2
                                                        vnet0
virbr0          8000.000000000000       yes


I checked through this (
http://docs.openstack.org/trunk/openstack-compute/admin/content/associating-public-ip.html)
and everything looks correct (I think).

  nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port |  IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+


The instance IP is 10.0.0.2, so (public IPs hidded):

sudo iptables -L -nv -t nat | grep 10.0.0.2
    0     0 DNAT       all  --  *      *       0.0.0.0/0           
x.y.172.22       to:10.0.0.2
   20  1656 DNAT       all  --  *      *       0.0.0.0/0           
x.y.172.22       to:10.0.0.2
    0     0 SNAT       all  --  *      *       10.0.0.2            
0.0.0.0/0            to:x.y.172.22


from ip add:

....
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master
br100 state UP qlen 1000
    link/ether 00:1b:21:cd:a0:d1 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::21b:21ff:fecd:a0d1/64 scope link
       valid_lft forever preferred_lft forever
....
....
16: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP
    link/ether 00:1b:21:6d:ef:00 brd ff:ff:ff:ff:ff:ff
    inet x.y.172.2/24 brd 131.251.172.255 scope global bond0
    inet x.y.172.22/32 scope global bond0
    inet6 fe80::21b:21ff:fe6d:ef00/64 scope link
       valid_lft forever preferred_lft forever
17: br100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
state UP
    link/ether 00:1b:21:cd:a0:d1 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global br100
    inet6 fe80::1c2b:8bff:fe38:2003/64 scope link
       valid_lft forever preferred_lft forever


Follow ups