← Back to team overview

openstack team mailing list archive

Re: [openstack] how to configure quantum so that two private network can ping each other?

 

Thanks so much for the info. The command ‘iptables -t filter -I FORWARD -i qbr+ -o qbr+ -j ACCEPT’ helped. However, it’s temporary. After I issued this command, I was able to ping from vm1 to vm2. After about 10 mins, I could not ping again.  How to make this rule permanent?

I’m using Ubuntu LTS 12.04.

Thanks,

YuLing

From: ppyy@xxxxxxxxxx [mailto:ppyy@xxxxxxxxxx] On Behalf Of ??
Sent: Saturday, June 15, 2013 2:21 AM
To: C, Yuling
Cc: openstack@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Openstack] [openstack] how to configure quantum so that two private network can ping each other?

which OS do you use?

if you use RDO on RHEL, please refer to:

https://access.redhat.com/site/documentation//en-US/Red_Hat_OpenStack/3/html/Release_Notes/ch03.html<https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/3/html/Release_Notes/ch03.html>

When the openvswitch quantum plugin is used, and Nova is configured with





libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver
the necessary forwarding rules are not created automatically and the Red Hat Enterprise Linux firewall blocks forwarding of network traffic. Hence traffic between VMs located on different compute nodes is blocked.
Workarounds to avoid blocking traffic between VMs located on different compute nodes:
1.    If using nova security groups, add the following iptables rule on each compute node:

2.

3.

4.  #iptables -t filter -I FORWARD -i qbr+ -o qbr+ -j ACCEPT

# service iptables save
Either reboot, or restart nova-compute after adding this rule, since the rules nova-compute adds at startup must precede this rule.
5.    If not using Nova security groups, an alternative solution is to set:

6.

7.

libvirt_vif_driver = nova.virt.libvirt.vif.LibvirtOpenVswitchVirtualPortDriver

2013/6/15 <Yuling_C@xxxxxxxx<mailto:Yuling_C@xxxxxxxx>>
 Hi All,

From openstack documentation, it seems that if we need to create routers in order to have two private network ping each other. However, I followed the instruction on the website http://docs.openstack.org/trunk/openstack-network/admin/content/l3_workflow.html, but still could not get the ping working through two private networks.

Here is what I did:

1. I'm using the Vlan mode for OVS network type.
2. I created one network net1 in one subnet.
3. I created another network net2 in another subnet.
4. I created a router and attached the two subnet interfaces to the router.
5. I created two VM instances on net1 and net2 respectively.
6. However, I still was not able to ping from vm1 to vm2.

Any idea?

Thanks,

YuLing
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to     : openstack@xxxxxxxxxxxxxxxxxxx<mailto:openstack@xxxxxxxxxxxxxxxxxxx>
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp



--
Peng Yong

References