← Back to team overview

openstack team mailing list archive

Able to ping/ssh from source group VM to the target group VM using public IP when both the VMs are hosted on same compute node

 

Hi,

I am working with multi-node environment and tried the following steps:

1.      Create a source group and a target group.

a.      nova secgroup-create srcsecgrp "Source Security Group"

b.      nova secgroup-create tgtsecgrp "Target Security Group"

2.      Spawn VMs in both the groups separately.

a.      nova boot --flavor=100 --image=120 --key_name=key1 --security_group=srcsecgrp srcvm

b.      nova boot --flavor=100 --image=120 --key_name=key1 --security_group=tgtsecgrp tgtvm

3.      Add source group as a source to the target group.

a.      nova secgroup-add-group-rule --ip_proto=icmp --from_port=-1 --to_port=-1 tgtgrp srcgrp

b.      nova secgroup-add-group-rule --ip_proto=tcp --from_port=22 --to_port=22 tgtgrp srcgrp

4.      Add rules to allow ssh/ping into source group.

a.      nova secgroup-add-rule srcgrp tcp 22 22 0.0.0.0/0

b.      nova secgroup-add-rule srcgrp icmp -1 -1 0.0.0.0/0

5.      Now ssh into the source group and ping/ssh to target group vm using its private IP - should be successful/

6.      Now try to ping/ssh to target group vm using its public ip - this is being successful when both the VMs are hosted onto same compute node but it is not pingable when both source and target group VMs are hosted to different compute nodes.

Which behavior is expected? Is the target group VM needs to be pingable through its floating IP from a source group VM with above configuration?
I checked this scenario in stable Diablo version and as well as Folsom (distro).

I have raised a ticket for this in Launchpad https://bugs.launchpad.net/nova/+bug/1040414

<Looping openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>  for suggestions and support>
Thanks & Regards,
Sirisha Devineni.


DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.