openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #24046
Re: VM Issues on Grizzly Install on Ubuntu 12.04
Hi Darragh,
Thank you soo Much! That was it! Now I am able to connect to the VM with
no issues.
But I am back to another network issue I had when I had Folsom installed
on the same setup.
I would really appreciate if you can provide any pointers here.
I able to spawn VM get IP, set floating IP and now am trying to do some
development within the VM.
I am unable to connect to certain sites and ports:
git clone https://github.com/openstack-dev/devstack.git - <-- This just
times out.
###########################################################################
#############
This is what works:
Wget google.com
Wget openstack.com
###########################################################################
#############
This is what hangs and times out:
Wget yahoo.com
Wget paypal.com
Wget facebook.com
Wget github.com
ubuntu@fpatwa-1:~$ wget github.com
--2013-05-10 19:08:19-- http://github.com/
Resolving github.com (github.com)... 204.232.175.90
Connecting to github.com (github.com)|204.232.175.90|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://github.com/ [following]
--2013-05-10 19:08:20-- https://github.com/
Connecting to github.com (github.com)|204.232.175.90|:443... connected.
###########################################################################
#############
The same commands works on the network node.
The pattern that I can see is that any SSL website fails (port 443) but
then something like yahoo fails also and its at port 80.
Here are my security rules:
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
| tcp | 1 | 65535 | 0.0.0.0/0 | |
| tcp | 22 | 22 | 0.0.0.0/0 | |
| udp | 1 | 65535 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
I have messed around with all kinds of combinations of security rules but
no luck so far.
Thanks,
-Farhan.
On 5/28/13 3:28 PM, "Darragh O'Reilly" <dara2002-openstack@xxxxxxxxx>
wrote:
>Hi,
>
>the ping error "connect: Network is unreachable" means a route could not
>be found.
>
>The gateway 10.245.124.253 for the external subnet is not in the subnet
>CIDR 10.245.124.64/26.
>
>
>So I guess a default route was not setup here:
>netnode$ ip netns exec <router ns> route -n
>
>You will need to create the subnet with a CIDR that includes the gateway
>ip - something like this:
>quantum subnet-create <ext-net-id> 10.245.124.192/26 --gateway
>10.245.124.253 --enable_dhcp False
>
>Darragh.
>
>
>----- Original Message -----
>> From: Farhan Patwa <Farhan.Patwa@xxxxxxxx>
>> To: Darragh OReilly <darragh.oreilly@xxxxxxxxx>; OpenStack Maillist
>><openstack@xxxxxxxxxxxxxxxxxxx>
>> Cc:
>> Sent: Tuesday, 28 May 2013, 19:52
>> Subject: Re: [Openstack] VM Issues on Grizzly Install on Ubuntu 12.04
>>
>> Hi Darragh,
>> Thanks a lot for your reply and suggestions.
>> I am not able to ping the gateway ip from the namespace.
>> Also eth0 is up but br-ex has unknown state?
>>
>>#########################################################################
>>##
>> #######################
>>
>> root@openstack-2:~# ip link
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
>>qlen
>> 1000
>> link/ether 78:2b:cb:27:1f:c8 brd ff:ff:ff:ff:ff:ff
>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
>>qlen
>> 1000
>> link/ether 78:2b:cb:27:1f:c9 brd ff:ff:ff:ff:ff:ff
>> 4: br-int: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>>state
>> UNKNOWN
>> link/ether f2:3b:f7:1b:b0:46 brd ff:ff:ff:ff:ff:ff
>> 6: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
>> UNKNOWN
>> link/ether 78:2b:cb:27:1f:c8 brd ff:ff:ff:ff:ff:ff
>> 32: br-tun: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>>state
>> UNKNOWN
>> link/ether 7e:6c:65:0f:c9:43 brd ff:ff:ff:ff:ff:ff
>>
>>#########################################################################
>>##
>> #######################
>>
>>
>> Here is the result of the tcpdump as ping is being done:
>>
>>
>>#########################################################################
>>##
>> #######################
>>
>> root@openstack-2:~# ip netns exec
>> qrouter-32f35fb4-f9f1-4817-8818-fff832f73810 ping -c1 10.245.124.253
>> connect: Network is unreachable
>>
>> root@openstack-2:~# tcpdump -nei eth0
>> tcpdump: WARNING: eth0: no IPv4 address assigned
>> tcpdump: verbose output suppressed, use -v or -vv for full protocol
>>decode
>> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
>> 13:46:31.399055 00:26:88:7a:40:87 > 01:80:c2:00:00:00, 802.3, length 60:
>> LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP
>> 802.1w, Rapid STP, Flags [Proposal], bridge-id
>> 8000.00:26:88:7a:40:81.8205, length 43
>> 13:46:33.259195 c2:35:07:e7:b0:10 > ff:ff:ff:ff:ff:ff, ethertype ARP
>> (0x0806), length 60: Reply 10.245.0.10 is-at c2:35:07:e7:b0:10, length
>>46
>> 13:46:33.313988 00:26:88:7a:40:87 > 01:80:c2:00:00:00, 802.3, length 60:
>> LLC, dsap STP (0x42) Individual, ssap STP (0x42) Command, ctrl 0x03: STP
>> 802.1w, Rapid STP, Flags [Proposal], bridge-id
>> 8000.00:26:88:7a:40:81.8205, length 43
>>
>>#########################################################################
>>##
>> #######################
>>
>>
>>
>> The other information that you wanted is:
>>
>>#########################################################################
>>##
>> #######################
>>
>> root@openstack-2:~# ip link
>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
>>qlen
>> 1000
>> link/ether 78:2b:cb:27:1f:c8 brd ff:ff:ff:ff:ff:ff
>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
>>qlen
>> 1000
>> link/ether 78:2b:cb:27:1f:c9 brd ff:ff:ff:ff:ff:ff
>> 4: br-int: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>>state
>> UNKNOWN
>> link/ether f2:3b:f7:1b:b0:46 brd ff:ff:ff:ff:ff:ff
>> 6: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
>> UNKNOWN
>> link/ether 78:2b:cb:27:1f:c8 brd ff:ff:ff:ff:ff:ff
>> 32: br-tun: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>>state
>> UNKNOWN
>> link/ether 7e:6c:65:0f:c9:43 brd ff:ff:ff:ff:ff:ff
>>
>>#########################################################################
>>##
>> #######################
>>
>> root@openstack-2:~# ip netns exec
>> qrouter-32f35fb4-f9f1-4817-8818-fff832f73810 ip address
>> 25: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> inet 127.0.0.1/8 scope host lo
>> inet6 ::1/128 scope host
>> valid_lft forever preferred_lft forever
>> 39: qr-eebfe1cb-0f: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> noqueue state UNKNOWN
>> link/ether fa:16:3e:08:16:19 brd ff:ff:ff:ff:ff:ff
>> inet 50.50.1.1/24 brd 50.50.1.255 scope global qr-eebfe1cb-0f
>> inet6 fe80::f816:3eff:fe08:1619/64 scope link
>> valid_lft forever preferred_lft forever
>> 40: qg-910fef3b-cb: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
>> noqueue state UNKNOWN
>> link/ether fa:16:3e:e3:d5:fa brd ff:ff:ff:ff:ff:ff
>> inet 10.245.124.65/26 brd 10.245.124.127 scope global qg-910fef3b-cb
>> inet 10.245.124.67/32 brd 10.245.124.67 scope global qg-910fef3b-cb
>> inet6 fe80::f816:3eff:fee3:d5fa/64 scope link
>> valid_lft forever preferred_lft forever
>>
>>#########################################################################
>>##
>> #######################
>>
>> root@openstack-2:~# quantum net-show
>>37d27ee8-36a9-4cdb-9966-9b5571526b41
>> +---------------------------+--------------------------------------+
>> | Field | Value |
>> +---------------------------+--------------------------------------+
>> | admin_state_up | True |
>> | id | 37d27ee8-36a9-4cdb-9966-9b5571526b41 |
>> | name | ext_net |
>> | provider:network_type | gre |
>> | provider:physical_network | |
>> | provider:segmentation_id | 1 |
>> | router:external | True |
>> | shared | True |
>> | status | ACTIVE |
>> | subnets | dd6f08f5-bfbd-4bdb-b9e4-c5ca065f3750 |
>> | tenant_id | 2990df1bd46c4dda915b43558d591a2f |
>> +---------------------------+--------------------------------------+
>>
>>#########################################################################
>>##
>> #######################
>>
>>
>>
>>
>> root@openstack-2:~# quantum subnet-show
>> dd6f08f5-bfbd-4bdb-b9e4-c5ca065f3750
>>
>>+------------------+-----------------------------------------------------
>>+
>> | Field | Value
>> |
>>
>>+------------------+-----------------------------------------------------
>>+
>> | allocation_pools | {"start": "10.245.124.65",
>> "end": "10.245.124.126"} |
>> | cidr | 10.245.124.64/26
>> |
>> | dns_nameservers | 10.245.0.10
>> |
>> | enable_dhcp | False
>> |
>> | gateway_ip | 10.245.124.253
>> |
>> | host_routes |
>> |
>> | id | dd6f08f5-bfbd-4bdb-b9e4-c5ca065f3750
>> |
>> | ip_version | 4
>> |
>> | name |
>> |
>> | network_id | 37d27ee8-36a9-4cdb-9966-9b5571526b41
>> |
>> | tenant_id | 2990df1bd46c4dda915b43558d591a2f
>> |
>>
>>+------------------+-----------------------------------------------------
>>+
>>
>>#########################################################################
>>##
>> #######################
>>
>>
>>
>> Thanks,
>>
>> -Farhan.
>>
>>
>>
>>
>>
>> On 5/27/13 4:08 AM, "Darragh OReilly"
>> <darragh.oreilly@xxxxxxxxx> wrote:
>>
>>>
>>> I'd check the external network config first.
>>>
>>> You should be able to ping the external subnet's gateway from the
>>>router
>>> namespace.
>>> This gateway should correspond to some real external gateway/router.
>>>
>>> quantum subnet-show <ext sub id> -c gateway_ip # 10.245.124.1 ?
>>> ip netns exec <router-ns> ping -c1 <ext sub gateway>
>>>
>>> If that is not working use tcpdump as you ping. Br-ex is using eth0, is
>>> eth0 up? tcpdump -nei eth0
>>>
>>>
>>> If you are still having problems, post the above output and the
>>>following:
>>>
>>> # network node
>>> ip link
>>> ip netns exec <router-ns> ip address
>>>
>>> quantum net-show <uuid of external net>
>>> quantum subnet-show <uuid of external subnet>
>>>
>>>
>>>> ________________________________
>>>> From: Farhan Patwa <Farhan.Patwa@xxxxxxxx>
>>>> To: OpenStack Maillist <openstack@xxxxxxxxxxxxxxxxxxx>
>>>> Sent: Friday, 24 May 2013, 20:28
>>>> Subject: [Openstack] VM Issues on Grizzly Install on Ubuntu 12.04
>>>>
>>>>
>>>>
>>>> Hello,
>>>> I followed the following guide to install Grizzly release on 3-node
>>>> setup.
>>>>
>>>>http://docs.openstack.org/grizzly/basic-install/apt/content/basic-insta
>>>>ll
>>>> _intro.html
>>>>
>>>>
>>>> I am stuck at my last issue with Quantum networking (at least that¹s
>>>> what I think).
>>>> The VM instance comes up and gets the private IP and the metadata.
>>>> Also I have assigned the floating IP to it but am not able to ping
>>>> either IP except when I use:
>>>>
>>>>
>>>> ip netns exec qrouter-32f35fb4-f9f1-4817-8818-fff832f73810 ping
>>>> 50.50.1.3 <- fixed IP private network
>>>> ip netns exec qrouter-32f35fb4-f9f1-4817-8818-fff832f73810 ping
>>>> 10.24.124.4 <- floating IP external network
>>>>
>>>>
>>>> Based on that I think the security rules are okay
>>>> The router is tied to the specified tenant and using gateway of the
>>>> external network.
>>>> I think the issue is routing table or maybe firewall related but not
>>>> sure how to debug this.
>>>>
>>>>
>>>> Some details of my environment are below.
>>>> Any one have any words of wisdom/guidance?
>>>>
>>>>
>>>> Thanks,
>>>>
>>>>
>>>> -Farhan.
>>>>
>>>>
>>>> Management Network: 192.168.0.0/24
>>>> Data Network: 10.5.5.0/24
>>>> External Network: 10.245.124.0/24
>>>>
>>>>
>>>> Network Node: (192.168.0.2)
>>>> ovs-vsctl show
>>>> ea4fa894-5986-40f2-b10b-55eef2222408
>>>> Bridge br-tun
>>>> Port patch-int
>>>> Interface patch-int
>>>> type: patch
>>>> options: {peer=patch-tun}
>>>> Port "gre-1"
>>>> Interface "gre-1"
>>>> type: gre
>>>> options: {in_key=flow, out_key=flow,
>>>> remote_ip="192.168.0.3"}
>>>> Port br-tun
>>>> Interface br-tun
>>>> type: internal
>>>> Bridge br-int
>>>> Port "tap3fca71a9-c8"
>>>> tag: 4095
>>>> Interface "tap3fca71a9-c8"
>>>> type: internal
>>>> Port patch-tun
>>>> Interface patch-tun
>>>> type: patch
>>>> options: {peer=patch-int}
>>>> Port "tap4b8a22a2-9c"
>>>> tag: 4095
>>>> Interface "tap4b8a22a2-9c"
>>>> type: internal
>>>> Port "tap633ed611-a9"
>>>> tag: 1
>>>> Interface "tap633ed611-a9"
>>>> type: internal
>>>> Port "qr-eebfe1cb-0f"
>>>> tag: 1
>>>> Interface "qr-eebfe1cb-0f"
>>>> type: internal
>>>> Port br-int
>>>> Interface br-int
>>>> type: internal
>>>> Bridge br-ex
>>>> Port "eth0"
>>>> Interface "eth0"
>>>> Port br-ex
>>>> Interface br-ex
>>>> type: internal
>>>> Port "qg-910fef3b-cb"
>>>> Interface "qg-910fef3b-cb"
>>>> type: internal
>>>> ovs_version: "1.4.0+build0"
>>>>
>>>>
>>>> Kernel IP routing table
>>>> Destination Gateway Genmask Flags Metric Ref
>>>>Use
>>>> Iface
>>>> 0.0.0.0 192.168.0.253 0.0.0.0 UG 0 0
>>>>0
>>>> eth1
>>>> 10.5.5.0 0.0.0.0 255.255.255.0 U 0 0
>>>>0
>>>> eth1
>>>> 10.245.124.0 0.0.0.0 255.255.255.0 U 0 0
>>>>0
>>>> br-ex
>>>> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0
>>>>0
>>>> eth1
>>>>
>>>>
>>>> Compute Node: (192.168.0.3)
>>>> ovs-vsctl show
>>>> f0fe78a5-dfd0-4f6b-87be-466dac0b4473
>>>> Bridge br-tun
>>>> Port patch-int
>>>> Interface patch-int
>>>> type: patch
>>>> options: {peer=patch-tun}
>>>> Port br-tun
>>>> Interface br-tun
>>>> type: internal
>>>> Port "gre-2"
>>>> Interface "gre-2"
>>>> type: gre
>>>> options: {in_key=flow, out_key=flow,
>>>> remote_ip="192.168.0.2"}
>>>> Bridge br-int
>>>> Port patch-tun
>>>> Interface patch-tun
>>>> type: patch
>>>> options: {peer=patch-int}
>>>> Port br-int
>>>> Interface br-int
>>>> type: internal
>>>> Port "tap6514a8cc-b2"
>>>> tag: 1
>>>> Interface "tap6514a8cc-b2"
>>>> ovs_version: "1.4.0+build0"
>>>>
>>>>
>>>> Kernel IP routing table
>>>> Destination Gateway Genmask Flags Metric Ref
>>>>Use
>>>> Iface
>>>> 0.0.0.0 192.168.0.253 0.0.0.0 UG 0 0
>>>>0
>>>> eth1
>>>> 10.5.5.0 0.0.0.0 255.255.255.0 U 0 0
>>>>0
>>>> eth1
>>>> 10.245.124.0 0.0.0.0 255.255.255.0 U 0 0
>>>>0
>>>> eth0
>>>> 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0
>>>>0
>>>> eth1
>>>>
>>>>
>>>> _______________________________________________
>>>> Mailing list: https://launchpad.net/~openstack
>>>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>>>> Unsubscribe : https://launchpad.net/~openstack
>>>> More help : https://help.launchpad.net/ListHelp
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>
Follow ups
References
