Hi all, Thanks to Belmiro, I found how to fix this properly, rather than a hack.
For future googlers, cd /etc/libvirt/nwfilter cp nova-base.xml nova-base.xml.bak virsh nwfilter-edit nova-base remove or comment out the spoof lines you don't want New instances won't have the rules. To update old instances: virsh destroy instance-xxx virsh undefine instance-xxx cd /var/lib/nova/instances/instance-xxx virsh define libvirt.xml virsh start instance-xxx Thanks all. -- joe. On 21 January 2013 11:49, Belmiro Moreira < moreira.belmiro.email.li...@gmail.com> wrote: > Hi Joe, > nova network filtering rules are preventing ip-spoofing. > There is a proposal to modify this behavior when using HA in instances. > See thread: > [openstack-dev] VM level HA. Changes in firewall.py question. > > You can check with: > virsh nwfilter-dumpxml nova-base > > cheers, > Belmiro > > On Jan 21, 2013, at 12:25 PM, Joe Warren-Meeks <joe.warren.me...@gmail.com> > wrote: > > > Hi guys, > > > > I've got openstack essex configured with vlanmanager and an external > gateway and all my networking runs ok generally. > > > > However, I'm trying to setup Linux HA on two instances. They run on > separate compute nodes and can see each other just fine. hb_takeover and > hb_standby works perfectly. The problem is that nothing outside of the > instance with the HA IP address can connect to it. > > > > It seems that something is ignoring the arp is-at from the instance. > Doing a tcpdump on the compute node's bridged network and the instance's > eth0 I can arp requests and responses fine for its main IP, but when I try > to get to the alias address, I see arp requests only on the compute side. > On the instance side I see it responding, but this doesn't show up on the > bridged interface on the compute node. > > > > Has anyone seen this before? My google-fu is failing to find anything. > > > > Kind regards > > > > -- joe. > > > > > > _______________________________________________ > > Mailing list: https://launchpad.net/~openstack > > Post to : openstack@lists.launchpad.net > > Unsubscribe : https://launchpad.net/~openstack > > More help : https://help.launchpad.net/ListHelp > >
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp