[openstack-dev] [H][Neutron][IPSecVPN]Cannot tunnel two namespace Routers
Hi Stackers, Network TOPO like this: VM1(net1)--Router1---IPSec VPN tunnel---Router2--VM2(net2) If left and right side deploy on different OpenStack environments, it works well. But in the same environment, Router1 and Router2 are namespace implement in the same network node. I cannot ping from VM1 to VM2. In R2(Router2), tcpdump tool tells us that R2 receives ICMP echo request packets but doesnt send them out. *7837C113-D21D-B211-9630-**00821800:~ # ip netns exec qrouter-4fd2e76e-37d0-4d05-**b5a1-dd987c0231ef tcpdump -i any * *tcpdump: verbose output suppressed, use -v or -vv for full protocol decode* *listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes* * 11:50:14.853470 IP 10.10.5.2 10.10.5.3 http://10.10.5.3: ESP(spi=0xc6d65c02,seq=0x1e6), length 132* *11:50:14.853470 IP 128.6.25.2 128.6.26.2 http://128.6.26.2: ICMP echo request, id 44567, seq 486, length 64* * 11:50:15.853475 IP 10.10.5.2 10.10.5.3 http://10.10.5.3: ESP(spi=0xc6d65c02,seq=0x1e7), length 132* *11:50:15.853475 IP 128.6.25.2 128.6.26.2 http://128.6.26.2: ICMP echo request, id 44567, seq 487, length 64* * 11:50:16.853461 IP 10.10.5.2 10.10.5.3 http://10.10.5.3: ESP(spi=0xc6d65c02,seq=0x1e8), length 132* *11:50:16.853461 IP 128.6.25.2 128.6.26.2 http://128.6.26.2: ICMP echo request, id 44567, seq 488, length 64* * 11:50:17.853447 IP 10.10.5.2 10.10.5.3 http://10.10.5.3: ESP(spi=0xc6d65c02,seq=0x1e9), length 132* *11:50:17.853447 IP 128.6.25.2 128.6.26.2 http://128.6.26.2: ICMP echo request, id 44567, seq 489, length 64* * ^C* *8 packets captured* *8 packets received by filter* *0 packets dropped by kernel* ip addr in R2: 7837C113-D21D-B211-9630-00821800:~ # ip netns exec qrouter-4fd2e76e-37d0-4d05-b5a1-dd987c0231ef ip addr 187: lo: LOOPBACK,UP,LOWER_UP mtu 16436 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 206: qr-4bacb61c-72: BROADCAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:23:10:97 brd ff:ff:ff:ff:ff:ff inet 128.6.26.1/24 brd 128.6.26.255 scope global qr-4bacb61c-72 inet6 fe80::f816:3eff:fe23:1097/64 scope link valid_lft forever preferred_lft forever 208: qg-4abd4bb0-21: BROADCAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:e6:cd:1a brd ff:ff:ff:ff:ff:ff inet 10.10.5.3/24 brd 10.10.5.255 scope global qg-4abd4bb0-21 inet6 fe80::f816:3eff:fee6:cd1a/64 scope link valid_lft forever preferred_lft forever In addition, the kernel counter /proc/net/snmp in namespace is unchanged. These couters do not work well with namespace? BR, Germy ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [H][Neutron][IPSecVPN]Cannot tunnel two namespace Routers
It seems -dev list is not an appropriate place to discuss it. please use the general list. I replies to the general list. 2014年9月3日水曜日、Germy Luregermy.l...@gmail.comさんは書きました: Hi Stackers, Network TOPO like this: VM1(net1)--Router1---IPSec VPN tunnel---Router2--VM2(net2) If left and right side deploy on different OpenStack environments, it works well. But in the same environment, Router1 and Router2 are namespace implement in the same network node. I cannot ping from VM1 to VM2. In R2(Router2), tcpdump tool tells us that R2 receives ICMP echo request packets but doesnt send them out. *7837C113-D21D-B211-9630-**00821800:~ # ip netns exec qrouter-4fd2e76e-37d0-4d05-**b5a1-dd987c0231ef tcpdump -i any * *tcpdump: verbose output suppressed, use -v or -vv for full protocol decode* *listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes* * 11:50:14.853470 IP 10.10.5.2 10.10.5.3 http://10.10.5.3: ESP(spi=0xc6d65c02,seq=0x1e6), length 132* *11:50:14.853470 IP 128.6.25.2 128.6.26.2 http://128.6.26.2: ICMP echo request, id 44567, seq 486, length 64* * 11:50:15.853475 IP 10.10.5.2 10.10.5.3 http://10.10.5.3: ESP(spi=0xc6d65c02,seq=0x1e7), length 132* *11:50:15.853475 IP 128.6.25.2 128.6.26.2 http://128.6.26.2: ICMP echo request, id 44567, seq 487, length 64* * 11:50:16.853461 IP 10.10.5.2 10.10.5.3 http://10.10.5.3: ESP(spi=0xc6d65c02,seq=0x1e8), length 132* *11:50:16.853461 IP 128.6.25.2 128.6.26.2 http://128.6.26.2: ICMP echo request, id 44567, seq 488, length 64* * 11:50:17.853447 IP 10.10.5.2 10.10.5.3 http://10.10.5.3: ESP(spi=0xc6d65c02,seq=0x1e9), length 132* *11:50:17.853447 IP 128.6.25.2 128.6.26.2 http://128.6.26.2: ICMP echo request, id 44567, seq 489, length 64* * ^C* *8 packets captured* *8 packets received by filter* *0 packets dropped by kernel* ip addr in R2: 7837C113-D21D-B211-9630-00821800:~ # ip netns exec qrouter-4fd2e76e-37d0-4d05-b5a1-dd987c0231ef ip addr 187: lo: LOOPBACK,UP,LOWER_UP mtu 16436 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 206: qr-4bacb61c-72: BROADCAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:23:10:97 brd ff:ff:ff:ff:ff:ff inet 128.6.26.1/24 brd 128.6.26.255 scope global qr-4bacb61c-72 inet6 fe80::f816:3eff:fe23:1097/64 scope link valid_lft forever preferred_lft forever 208: qg-4abd4bb0-21: BROADCAST,UP,LOWER_UP mtu 1500 qdisc noqueue state UNKNOWN group default link/ether fa:16:3e:e6:cd:1a brd ff:ff:ff:ff:ff:ff inet 10.10.5.3/24 brd 10.10.5.255 scope global qg-4abd4bb0-21 inet6 fe80::f816:3eff:fee6:cd1a/64 scope link valid_lft forever preferred_lft forever In addition, the kernel counter /proc/net/snmp in namespace is unchanged. These couters do not work well with namespace? BR, Germy ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
