openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #24082
Re: Fwd: [Grizzly][Quantum] Floating IP is not reachable
This is how my iptable looks like
# iptables -n -tnat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
nova-api-PREROUTING all -- 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
nova-api-OUTPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
nova-api-POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0
nova-postrouting-bottom all -- 0.0.0.0/0 0.0.0.0/0
Chain nova-api-OUTPUT (1 references)
target prot opt source destination
Chain nova-api-POSTROUTING (1 references)
target prot opt source destination
Chain nova-api-PREROUTING (1 references)
target prot opt source destination
Chain nova-api-float-snat (1 references)
target prot opt source destination
Chain nova-api-snat (1 references)
target prot opt source destination
nova-api-float-snat all -- 0.0.0.0/0 0.0.0.0/0
Chain nova-postrouting-bottom (1 references)
target prot opt source destination
nova-api-snat all -- 0.0.0.0/0 0.0.0.0/0
I do have rule in my default security group to allow tcp/udp/icmp traffic
to my VM.
Apart from this, i do not see private IP address in the qdhcp name space
# ip netns exec qdhcp-593574c7-2a27-4b5e-bd6d-ebd7282ffc08 ip addr list
32: tapc7622702-f7: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500
qdisc noqueue state UNKNOWN
link/ether fa:16:3e:ec:d7:b8 brd ff:ff:ff:ff:ff:ff
inet 1.1.2.3/24 brd 1.1.2.255 scope global tapc7622702-f7
inet6 fe80::f816:3eff:feec:d7b8/64 scope link
valid_lft forever preferred_lft forever
33: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
Can it cause any issue ? Will it be helpful if i configure
use NoopFirewallDriver on controller/compute node ?
Please let me know if you need any other data.
Thanks
Anil
On Thu, May 30, 2013 at 7:13 PM, Salvatore Orlando <sorlando@xxxxxxxxxx>wrote:
> We will need to look at iptables on your network node.
> If you run iptables -n -tnat --list you should see a couple of DNAT/SNAT
> rules for forwarding traffic netween 9.126.108.127.
>
> In any case, bear in mind that the default security group does not allow
> ICMP. If you have not enabled it, it might as well be that this is reason
> for your issue.
>
> Salvatore
>
>
> On 30 May 2013 15:36, Anil Vishnoi <vishnoianil@xxxxxxxxx> wrote:
>
>> Forwarding again with some hope for response :)
>>
>>
>> ---------- Forwarded message ----------
>> From: Anil Vishnoi <vishnoianil@xxxxxxxxx>
>> Date: Thu, May 30, 2013 at 3:14 AM
>> Subject: [Grizzly][Quantum] Floating IP is not reachable
>> To: "openstack@xxxxxxxxxxxxxxxxxxx" <openstack@xxxxxxxxxxxxxxxxxxx>
>>
>>
>>
>> Hi All,
>>
>> I have a setup where controller/network node is running on one server and
>> i have another server as a compute node. I am able to launch the VM and VM
>> gets its private IP from its respective DHCP server as well. VM is
>> connected to its private network. Private network is attached to the router
>> and external network is set as a gateway for the router. I am able to
>> associate floating ip to the VM as well.
>>
>> But when i ping this floating ip from internet, i am not able to ping.
>> Although i am able to ping the gateway ip of the router. I checked the ARP
>> entry for the floating ip, and its successfully resolving the arp for this
>> floating ip.
>>
>> I can see this address in the router name space as well.
>>
>> # ip netns exec qrouter-3d7dfce4-c19a-4448-b276-1631690a403c ip addr
>> 14: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>> inet 127.0.0.1/8 scope host lo
>> inet6 ::1/128 scope host
>> valid_lft forever preferred_lft forever
>> 15: qr-e018e6ed-37: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500
>> qdisc noqueue state UNKNOWN
>> link/ether fa:16:3e:f5:73:c5 brd ff:ff:ff:ff:ff:ff
>> inet 1.1.1.1/24 brd 1.1.1.255 scope global qr-e018e6ed-37
>> inet6 fe80::f816:3eff:fef5:73c5/64 scope link
>> valid_lft forever preferred_lft forever
>> 19: qg-d75a619f-ac: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500
>> qdisc noqueue state UNKNOWN
>> link/ether fa:16:3e:2e:c6:4b brd ff:ff:ff:ff:ff:ff
>> inet 9.126.108.126/24 brd 9.126.108.255 scope global qg-d75a619f-ac
>> inet 9.126.108.127/32 brd 9.126.108.127 scope global qg-d75a619f-ac
>> <<
>> inet6 fe80::f816:3eff:fe2e:c64b/64 scope link
>> valid_lft forever preferred_lft forever
>>
>>
>> So i can ping 9.126.108.126 but i am not able to ping 9.126.108.127.
>> Also both of these IP actually resolves to the same MAC address, is it
>> expected ? I added rules in the default security group to allow
>> TCP/UDP/ICMP traffic.
>>
>> Please let me know if anybody has any clue on whats going on here , and
>> how can i further debug it. Please let me know if you need any other
>> details.
>> --
>> Thanks
>> Anil
>>
>>
>>
>> --
>> Thanks
>> Anil
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~openstack
>> Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~openstack
>> More help : https://help.launchpad.net/ListHelp
>>
>>
>
--
Thanks
Anil
References
