openstack team mailing list archive

Thread
Date

Re: Strange network behavior

To: Joe Warren-Meeks <joe.warren.meeks@xxxxxxxxx>
From: Vishvananda Ishaya <vishvananda@xxxxxxxxx>
Date: Fri, 9 Nov 2012 11:56:59 -0800
Cc: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CABdqt2+40sv6if5pb8dnS7x3wXwHPs=NvtnnxwnLbHGk87QnFQ@mail.gmail.com>

What is the ip address of your workstation? You may be running into something similar to this issue:

http://lists.openstack.org/pipermail/openstack-dev/2012-September/001212.html

I suspect either:

a) Traffic not getting snatted when it should. This is usually due to overlapping ranges between your internal network and fixed_range

this would be fixed by limiting fixed_range in your config file to just the instances range: (fixed_range=10.0.41.0/24 ?)

or

b) Traffic getting snatted when it shouldn't. This is usually because your workstation ip is on an ip that is internally routable but not routable from the external network of the compute host, so it can't get back to the snatted ip

this is fixed by stopping snatting to the workstation by setting dmz_cidr to a value that includes your workstation network: (dmz_cidr=10.0.0.0/24 ?)

Vish

On Nov 9, 2012, at 9:14 AM, Joe Warren-Meeks <joe.warren.meeks@xxxxxxxxx> wrote:

> Hi all,
> 
> I've managed to get Openstack pretty much up and running as I wanted it. I do have, however, a rather strange networking issue.
> 
> I created the network with
> nova-manage network create --fixed_range_v4=10.0.41.0/24 --num_networks=1 --bridge=br41 --bridge_interface=eth0 --label=development --gateway=10.0.41.1 --dns1=10.0.0.2 --vlan=41 --project_id=XXXXXXX
> 
> And i can boot instances fine. I've configured the default security group to allow port 22, 80 and ICMP -1 in and I can ping from my work station to the virtual instance ok:
> 
> joe@kaneda:~$ ping 10.0.41.3
> PING 10.0.41.3 (10.0.41.3) 56(84) bytes of data.
> 64 bytes from 10.0.41.3: icmp_req=1 ttl=63 time=1.18 ms
> 
> And i can ping from the virt back too:
> ubuntu@test:~$ ping 10.0.0.240
> PING 10.0.0.240 (10.0.0.240) 56(84) bytes of data.
> 64 bytes from 10.0.0.240: icmp_req=1 ttl=64 time=0.713 ms
> 
> 
> I can SSH out from the virt to a host in the outside world fine:
> ubuntu@test:~$ ssh joe@XXXXX
> joe@XXXXXX password: 
> -bash: fortune: command not found
> joe@dixon:~ $ 
> 
> BUT I can't ssh from the virt to my workstation, nor from my workstation to the Virt. Neither does http work.
> 
> What I am seeing in Tcpdump is a lot of incorrect cksums. This happens with all Tcp connections. 
> 
> 17:12:38.539784 IP (tos 0x0, ttl 64, id 53611, offset 0, flags [DF], proto TCP (6), length 60)
>     10.0.0.240.56791 > 10.0.41.3.22: Flags [S], cksum 0x3e21 (incorrect -> 0x6de2), seq 2650163743, win 14600, options [mss 1460,sackOK,TS val 28089204 ecr 0,nop,wscale 6], length 0
> 
> 
> 17:12:38.585279 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
>     10.0.41.3.22 > 10.0.0.240.56791: Flags [S.], cksum 0x3e21 (incorrect -> 0xe5c5), seq 1530502549, ack 3098447117, win 14480, options [mss 1460,sackOK,TS val 340493 ecr 28089204,nop,wscale 3], length 0
> 
> Anyone come across this before?
> 
>  -- joe.
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp

Follow ups

Re: Strange network behavior
From: Joe Warren-Meeks, 2012-11-12

References

Strange network behavior
From: Joe Warren-Meeks, 2012-11-09