← Back to team overview

openstack team mailing list archive

Re: Essex

 

Hi guys,

Ok, I've been playing around and I can't find a fix.

I have one tenant using eth0 on the node to speak to the outside world,
using floating IPs. This tenant works fine speaking to everyone, whether on
the same CIDR as the floating IP or not.

The second tenant is using eth3 with exactly the same configuration, but
with different netblocks. When a floating IP is assigned to an instance, it
can speak perfectly fine but only to IPs in the same CIDR range as the
floating IP. However, I can't connect to it from a an address outside that
range. The packets are getting to the eth3 interface correctly, but
nova-network seems to ignore them. They don't appear on the vnet0
interface, nor do they get to the br interface. I've tried all the network
troubleshooting suggestions, but no joy.

This is my last hurdle so any help will be greatly appreciated. If I can
get this to work, I'll write up my config, with details. I'm sure my layout
is probably applicable to some of the smaller cloudiators out there.

 -- joe.



On 15 November 2012 10:39, Joe Warren-Meeks <joe.warren.meeks@xxxxxxxxx>wrote:

> Hey Julien,
>
> Thanks for that. I installed more network cards instead though :-)
>
> It is working ok now, with one small caveat. I have two tenants, one is
> working fine from everywhere with floating IPs, but the second one will
> only let you ssh into the floating IP from the same network as the floating
> IP. But I'll dig that out.
>
> Kind regards
>
>  -- joe.
>
>
>
> On 15 November 2012 10:24, Julien Danjou <julien@xxxxxxxxxxx> wrote:
>
>> On Tue, Nov 13 2012, Joe Warren-Meeks wrote:
>>
>> Hi Joe,
>>
>> > When I use a floating IP in the 10.0.40.0/24 range, it is fine to
>> speak to
>> > that network and traffic goes out and back on the vlan40 interface, but
>> for
>> > all other networks it is routed out the 10.0.0.250 eth0 interface,
>> rather
>> > than vlan40. The replys are coming back on vlan40 to the correct
>> address,
>> > but nova seems to ignore them.
>>
>> You need to create another routing table on your compute hosts, and set
>> up some ip routing rules based on source, using `ip rule'. So that
>> traffic coming from your tenants VLAN goes out by vlan40.
>>
>> --
>> Julien Danjou
>> # Free Software hacker & freelance
>> # http://julien.danjou.info
>>
>
>

References