openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #21343
Cloudpipe - Routing not working
Hello guys,
I need some advice with a cloudpipe setup.
I have a basic Folsom installation (single server), using VlanManager.
I am setting up a vpn for the subnet 10.0.4.0 (please see diagram below).
instance1
nova-controller cloudpipe openvpn host1
10.100.200.120<--->10.0.4.2<===> 10.0.4.254 <--->10.100.100.143
(piblic ip) || 10.100.100.142
||
||
||
||
instance2
10.0.4.3
Short story: from host1, can not ping instance2 (or cloudpipe). From
clopudpie (or instance2) cannot ping host1.
Desired behaviour: From instance2, want to ping host1. From host1,
want to ping instance2.
Long story:
The vpn link is working just fine from point to point.
However, packets are not being fully routed from one network to the other.
To troubleshoot this, I am using tcpdump, so:
On cloudpipe instance, I run:
tcpdump -i any icmp
Then, on host1 a ping'ed cloudpipe:
ping 10.0.4.2
The tcpdump on cloudpipe is like this:
----
21:27:56.958108 In 62:59:fd:d3:0d:f3 (oui Unknown) ethertype IPv4
(0x0800), length 100: 10.100.100.143 >
efe762bef1364f8bab0d5c71434388e2-vpn.novalocal: ICMP echo request, id
28421, seq 10, length 64
21:27:56.969406 In 00:00:00:00:00:00 (oui Ethernet) ethertype IPv4
(0x0800), length 128: efe762bef1364f8bab0d5c71434388e2-vpn.novalocal >
efe762bef1364f8bab0d5c71434388e2-vpn.novalocal: ICMP host
10.100.100.143 unreachable, length 92
---
Looks like each point in the vpn does not know the arp address for
hosts in the other network.
PS: I created routes between host1 and network 10.0.4.0:
$ ip route list
10.0.4.0/24 via 10.100.100.142 dev eth0
10.0.0.0/24 via 10.100.100.142 dev eth0
10.100.100.0/24 dev eth0 proto kernel scope link src 10.100.100.143
169.254.0.0/16 dev eth0 scope link metric 1002
default via 10.100.100.1 dev eth0
OpenVPN client:
$ ip route list
10.0.4.0/24 dev tap0 proto kernel scope link src 10.0.4.254
10.0.0.0/24 via 10.0.4.1 dev tap0
10.100.100.0/24 dev eth0 proto kernel scope link src 10.100.100.142
169.254.0.0/16 dev eth0 scope link metric 1002
default via 10.100.100.1 dev eth0
Cloudpipe instance:
$ ip route list
default via 10.0.4.1 dev br0 metric 100
10.0.4.0/24 dev br0 proto kernel scope link src 10.0.4.2
10.0.4.254 via 10.0.4.2 dev br0
10.100.100.0/24 via 10.0.4.2 dev br0
?? The openvpn (cloudpipe) is setup for bridge. Should not the arp
transit to the other side of the tunnel?
?? Any tips to get this working?
I appreciate any help, thanks.
Roni.
--
http://cloud0.dyndns-web.com/blog/