subject:"\[Openstack\] instance cannot access external network \(folsom quantum\)"

Re: [Openstack] instance cannot access external network (folsom quantum)

2012-12-13 Thread ZhiQiang Fan

control node (also act as network node): eth0 192.168.32.18 eth0:0
10.0.0.3 eth0:1(br-ex bridge) 192.168.32.129
compute node: eth0 192.168.32.19 eth0:0 10.0.0.4
fixed ip for instance: 10.0.18.0/24
floating ip for instance: 192.168.32.130-192.168.32.135 range
192.168.32.128/24 gateway 192.168.32.1
quamtum plugin: openvswitch

when instance ping a host in 192.168.32.x, host reply with
destination=10.0.18.x, so i think snat does not act well.
i can ping from 192.168.32.x to instance's floating ip (192.168.32.13x)

more details listed below:

**
information generated by command line

control node:
shell>ip addr show
1: lo:  mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
   valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether 6c:f0:49:0b:e1:a6 brd ff:ff:ff:ff:ff:ff
inet 192.168.32.18/24 brd 192.168.32.255 scope global eth0
inet 10.0.0.3/24 brd 10.0.0.255 scope global eth0:0
inet6 fe80::6ef0:49ff:fe0b:e1a6/64 scope link
   valid_lft forever preferred_lft forever
4: br-int:  mtu 1500 qdisc noqueue state DOWN
link/ether be:22:4e:37:1f:4e brd ff:ff:ff:ff:ff:ff
5: br-ex:  mtu 1500 qdisc noqueue
state UNKNOWN
link/ether 22:5f:e0:e0:97:45 brd ff:ff:ff:ff:ff:ff
inet 192.168.32.129/24 scope global br-ex
9: br-tun:  mtu 1500 qdisc noqueue state DOWN
link/ether ee:9e:44:8e:59:47 brd ff:ff:ff:ff:ff:ff
34: tapafa410e4-d2:  mtu 1500 qdisc
noqueue state UNKNOWN
link/ether fa:16:3e:9a:10:c4 brd ff:ff:ff:ff:ff:ff
inet 10.0.18.2/24 brd 10.0.18.255 scope global tapafa410e4-d2
inet6 fe80::f816:3eff:fe9a:10c4/64 scope link
   valid_lft forever preferred_lft forever
35: qr-b17d537e-27:  mtu 1500 qdisc
noqueue state UNKNOWN
link/ether fa:16:3e:cf:28:9f brd ff:ff:ff:ff:ff:ff
inet 10.0.18.1/24 brd 10.0.18.255 scope global qr-b17d537e-27
inet6 fe80::f816:3eff:fecf:289f/64 scope link
   valid_lft forever preferred_lft forever
36: qg-1a968e33-e7:  mtu 1500 qdisc
noqueue state UNKNOWN
link/ether fa:16:3e:a8:f3:a0 brd ff:ff:ff:ff:ff:ff
inet 192.168.32.130/24 brd 192.168.32.255 scope global qg-1a968e33-e7
inet6 fe80::f816:3eff:fea8:f3a0/64 scope link
   valid_lft forever preferred_lft forever
**
shell>route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric RefUse Iface
0.0.0.0 192.168.32.10.0.0.0 UG0  00 eth0
0.0.0.0 192.168.32.10.0.0.0 UG10000 eth0
10.0.0.00.0.0.0 255.255.255.0   U 0  00 eth0
10.0.18.0   0.0.0.0 255.255.255.0   U 0  0
0 tapafa410e4-d2
10.0.18.0   0.0.0.0 255.255.255.0   U 0  0
0 qr-b17d537e-27
192.168.32.00.0.0.0 255.255.255.0   U 0  00 eth0
192.168.32.00.0.0.0 255.255.255.0   U 0  00 br-ex
192.168.32.00.0.0.0 255.255.255.0   U 0  0
0 qg-1a968e33-e7
**
shell>ovs-vsctl show
7705db6e-9363-41fb-8d6a-f47ffdfa90a6
Bridge br-int
Port "tapafa410e4-d2"
tag: 13
Interface "tapafa410e4-d2"
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Port br-int
Interface br-int
type: internal
Port "qr-b17d537e-27"
tag: 13
Interface "qr-b17d537e-27"
type: internal
Bridge br-tun
Port "gre-2"
Interface "gre-2"
type: gre
options: {in_key=flow, out_key=flow, remote_ip="192.168.32.19"}
Port "gre-4"
Interface "gre-4"
type: gre
options: {in_key=flow, out_key=flow, remote_ip="10.0.0.4"}
Port br-tun
Interface br-tun
type: internal
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Port "gre-1"
Interface "gre-1"
type: gre
options: {in_key=flow, out_key=flow, remote_ip="192.168.32.18"}
Bridge br-ex
Port "qg-1a968e33-e7"
Interface "qg-1a968e33-e7"
type: internal
Port br-ex
Interface br-ex
type: internal
Port "eth0:1"
Interface "eth0:1"
ovs_version: "1.4.0+build0"
***
shell>iptables-save
# Generated by iptables-save v1.4.12 on Fri Dec 14 13:55:36 2012
*nat
:PREROUTING ACCEPT [159:16180]

Re: [Openstack] instance cannot access external network (folsom quantum)

2012-12-13 Thread Gary Kotton


On 12/13/2012 12:07 PM, ZhiQiang Fan wrote:

i can ping and ssh into instance with private ip and floating ip
instance can ping the control node ip, but cannot ping the compute 
node and any external network


In order to be able to help would it be possible that you provide IP 
addresses and maybe a bit of understanding about your topology.


Basically is there a route from the VM ip address to the IP address of 
the compute node?


In addition to this can you please let us know which plugin you are using?

Thanks
Gary


i have installed quantum in the control node host, and it only got 1 
nic (same as compute node), and use eth0:0 and eth0:1 to vitualize 2 
other nic (eth0:0 on compute node)


i use tcpdump on control node and compute node to monitor package from 
instance, actually compute node will reply the icmp package but with 
destination of instance private ip, since compute node has no route to 
that network, it failed and no package receive on control node nic. 
but when i add route via control node, it can reply to insance as expected
then i use tcpdump on control node and instance to monitor package to 
the floating ip, instance got nothing but control node captured the 
package and reply it instead of instance


so i think the problem may be that the control node will not modify 
the source ip when forwad the icmp package, more exactly, the nat 
functionality is not enabled?


and i try some other command such as "iptables -t nat -A POSTROUTING 
-o eth0 -j MASQUERADE" but it is not working


i'll paste some output if anyone needs
thanks



___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp


___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

[Openstack] instance cannot access external network (folsom quantum)

2012-12-13 Thread ZhiQiang Fan

i can ping and ssh into instance with private ip and floating ip
instance can ping the control node ip, but cannot ping the compute node and
any external network

i have installed quantum in the control node host, and it only got 1 nic
(same as compute node), and use eth0:0 and eth0:1 to vitualize 2 other nic
(eth0:0 on compute node)

i use tcpdump on control node and compute node to monitor package from
instance, actually compute node will reply the icmp package but with
destination of instance private ip, since compute node has no route to that
network, it failed and no package receive on control node nic. but when i
add route via control node, it can reply to insance as expected
then i use tcpdump on control node and instance to monitor package to the
floating ip, instance got nothing but control node captured the package and
reply it instead of instance

so i think the problem may be that the control node will not modify the
source ip when forwad the icmp package, more exactly, the nat functionality
is not enabled?

and i try some other command such as "iptables -t nat -A POSTROUTING -o
eth0 -j MASQUERADE" but it is not working

i'll paste some output if anyone needs
thanks
___
Mailing list: https://launchpad.net/~openstack
Post to : openstack@lists.launchpad.net
Unsubscribe : https://launchpad.net/~openstack
More help   : https://help.launchpad.net/ListHelp

Re: [Openstack] instance cannot access external network (folsom quantum)

Re: [Openstack] instance cannot access external network (folsom quantum)

[Openstack] instance cannot access external network (folsom quantum)

3 matches

Site Navigation

Mail list logo

Footer information