← Back to team overview

openstack team mailing list archive

Cloudpipe - Routing not working

 

Hello guys,
I need some advice with a cloudpipe setup.
I have a basic Folsom installation (single server), using VlanManager.
I am setting up a vpn for the subnet 10.0.4.0 (please see diagram below).

                                 instance1
 nova-controller       cloudpipe           openvpn                        host1
10.100.200.120<--->10.0.4.2<===>   10.0.4.254     <--->10.100.100.143
 (piblic ip)                       ||               10.100.100.142
                                      ||
                                      ||
                                      ||
                                      ||
                                  instance2
                                  10.0.4.3

Short story: from host1, can not ping instance2 (or cloudpipe). From
clopudpie (or instance2) cannot ping host1.

Desired behaviour: From instance2, want to ping host1. From host1,
want to ping instance2.

Long story:

The vpn link is working just fine from point to point.

However, packets are not being fully routed from one network to the other.

To troubleshoot this, I am using tcpdump, so:
On cloudpipe instance, I run:

tcpdump -i any icmp

Then, on host1 a ping'ed cloudpipe:
ping 10.0.4.2



The tcpdump on cloudpipe is like this:
----
21:27:56.958108  In 62:59:fd:d3:0d:f3 (oui Unknown) ethertype IPv4
(0x0800), length 100: 10.100.100.143 >
efe762bef1364f8bab0d5c71434388e2-vpn.novalocal: ICMP echo request, id
28421, seq 10, length 64

21:27:56.969406  In 00:00:00:00:00:00 (oui Ethernet) ethertype IPv4
(0x0800), length 128: efe762bef1364f8bab0d5c71434388e2-vpn.novalocal >
efe762bef1364f8bab0d5c71434388e2-vpn.novalocal: ICMP host
10.100.100.143 unreachable, length 92
---

Looks like each point in the vpn does not know the arp address for
hosts in the other network.

PS: I created routes between host1 and network 10.0.4.0:
$ ip route list
10.0.4.0/24 via 10.100.100.142 dev eth0
10.0.0.0/24 via 10.100.100.142 dev eth0
10.100.100.0/24 dev eth0  proto kernel  scope link  src 10.100.100.143
169.254.0.0/16 dev eth0  scope link  metric 1002
default via 10.100.100.1 dev eth0

OpenVPN client:
$ ip route list
10.0.4.0/24 dev tap0  proto kernel  scope link  src 10.0.4.254
10.0.0.0/24 via 10.0.4.1 dev tap0
10.100.100.0/24 dev eth0  proto kernel  scope link  src 10.100.100.142
169.254.0.0/16 dev eth0  scope link  metric 1002
default via 10.100.100.1 dev eth0

Cloudpipe instance:
$ ip route list
default via 10.0.4.1 dev br0  metric 100
10.0.4.0/24 dev br0  proto kernel  scope link  src 10.0.4.2
10.0.4.254 via 10.0.4.2 dev br0
10.100.100.0/24 via 10.0.4.2 dev br0

?? The openvpn  (cloudpipe) is setup for bridge. Should not the arp
transit to the other side of the tunnel?

?? Any tips to get this working?

I appreciate any help, thanks.
Roni.
--
http://cloud0.dyndns-web.com/blog/