openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #20287
Re: Instances and ARP
Hi Joe,
nova network filtering rules are preventing ip-spoofing.
There is a proposal to modify this behavior when using HA in instances.
See thread:
[openstack-dev] VM level HA. Changes in firewall.py question.
You can check with:
virsh nwfilter-dumpxml nova-base
cheers,
Belmiro
On Jan 21, 2013, at 12:25 PM, Joe Warren-Meeks <joe.warren.meeks@xxxxxxxxx> wrote:
> Hi guys,
>
> I've got openstack essex configured with vlanmanager and an external gateway and all my networking runs ok generally.
>
> However, I'm trying to setup Linux HA on two instances. They run on separate compute nodes and can see each other just fine. hb_takeover and hb_standby works perfectly. The problem is that nothing outside of the instance with the HA IP address can connect to it.
>
> It seems that something is ignoring the arp is-at from the instance. Doing a tcpdump on the compute node's bridged network and the instance's eth0 I can arp requests and responses fine for its main IP, but when I try to get to the alias address, I see arp requests only on the compute side. On the instance side I see it responding, but this doesn't show up on the bridged interface on the compute node.
>
> Has anyone seen this before? My google-fu is failing to find anything.
>
> Kind regards
>
> -- joe.
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
Follow ups
References