Have you opened ssh/icmp security groups?
From: Shanker Gudipati [mailto:shanker.gudip...@tcs.com]
Sent: Tuesday, December 13, 2016 7:24 AM
To: openstack-dev@lists.openstack.org
Subject: [openstack-dev] Cannot ping or ssh to floating ip assigned to instance
[neutron][floating ip]
Hi all,
I have devstack setup which of newton version. (Lab setup)
Issue : cannot ping or ssh to floating ip assigned to instance(Security groups
are allowed).
172.16.73.0/24 is the external network or lab network.
neutron net-list
+--------------------------------------+----------+-----------------------------------------------------+
| id | name | subnets
|
+--------------------------------------+----------+-----------------------------------------------------+
| ccdb22fe-8bae-4378-9b47-82c04a16186e | ext-net |
af84a87f-ce6f-4da3-a6bb-5238e97cabd4 172.16.73.0/24 |
| e5999086-9fb1-403b-9273-7bb218ceebe8 | demo-net |
734e5660-807b-4038-9a86-096889f5d188 10.10.1.0/24 |
+--------------------------------------+----------+-----------------------------------------------------+
neutron net-show e5999086-9fb1-403b-9273-7bb218ceebe8
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| availability_zone_hints | |
| availability_zones | nova |
| created_at | 2016-12-12T13:16:49Z |
| description | |
| id | e5999086-9fb1-403b-9273-7bb218ceebe8 |
| ipv4_address_scope | |
| ipv6_address_scope | |
| mtu | 1450 |
| name | demo-net |
| port_security_enabled | True |
| project_id | 03959ecbd383459eaf5d5389ab4372ac |
| provider:network_type | vxlan |
| provider:physical_network | |
| provider:segmentation_id | 61 |
| revision_number | 5 |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | 734e5660-807b-4038-9a86-096889f5d188 |
| tags | |
| tenant_id | 03959ecbd383459eaf5d5389ab4372ac |
| updated_at | 2016-12-12T13:17:31Z |
+---------------------------+--------------------------------------+
neutron net-list
+--------------------------------------+----------+-----------------------------------------------------+
| id | name | subnets
|
+--------------------------------------+----------+-----------------------------------------------------+
| ccdb22fe-8bae-4378-9b47-82c04a16186e | ext-net |
af84a87f-ce6f-4da3-a6bb-5238e97cabd4 172.16.73.0/24 |
| e5999086-9fb1-403b-9273-7bb218ceebe8 | demo-net |
734e5660-807b-4038-9a86-096889f5d188 10.10.1.0/24 |
+--------------------------------------+----------+-----------------------------------------------------+
ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ neutron
router-list
+--------------------------------------+-------------+-----------------------------------------------------+-------------+-------+
| id | name | external_gateway_info
| distributed | ha |
+--------------------------------------+-------------+-----------------------------------------------------+-------------+-------+
| ce901ef7-60cd-4d88-828a-3bb5a7e3c9d5 | demo-router | {"network_id":
"ccdb22fe- | False | False |
| | |
8bae-4378-9b47-82c04a16186e", "enable_snat": true, | | |
| | | "external_fixed_ips":
[{"subnet_id": "af84a87f- | | |
| | |
ce6f-4da3-a6bb-5238e97cabd4", "ip_address": | | |
| | | "172.16.73.247"}]}
| | |
+--------------------------------------+-------------+-----------------------------------------------------+-------------+-------+
nova floating-ip-list
WARNING: Command floating-ip-list is deprecated and will be removed after Nova
15.0.0 is released. Use python-neutronclient or python-openstackclient instead.
+--------------------------------------+---------------+--------------------------------------+-----------+---------+
| Id | IP | Server Id
| Fixed IP | Pool |
+--------------------------------------+---------------+--------------------------------------+-----------+---------+
| 7a5c87ca-d9e1-4340-91b0-3783f946f731 | 172.16.73.242 |
f2878936-9938-4e81-8fd5-828ca68d1d3b | 10.10.1.5 | ext-net |
+--------------------------------------+---------------+--------------------------------------+-----------+---------+
ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ nova list
+--------------------------------------+-----------+--------+------------+-------------+-----------------------------------+
| ID | Name | Status | Task State |
Power State | Networks |
+--------------------------------------+-----------+--------+------------+-------------+-----------------------------------+
| f2878936-9938-4e81-8fd5-828ca68d1d3b | test_cirr | ACTIVE | - |
Running | demo-net=10.10.1.5, 172.16.73.242 |
+--------------------------------------+-----------+--------+------------+-------------+-----------------------------------+
ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ ping
172.16.73.242
PING 172.16.73.242 (172.16.73.242) 56(84) bytes of data.
>From 172.16.73.55 icmp_seq=1 Destination Host Unreachable
>From 172.16.73.55 icmp_seq=2 Destination Host Unreachable
>From 172.16.73.55 icmp_seq=3 Destination Host Unreachable
^C
--- 172.16.73.242 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3016ms
pipe 3
ip netns
qrouter-ce901ef7-60cd-4d88-828a-3bb5a7e3c9d5
qdhcp-e5999086-9fb1-403b-9273-7bb218ceebe8
ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ sudo ip netns
exec qrouter-ce901ef7-60cd-4d88-828a-3bb5a7e3c9d5 ifconfig -a
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:10 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1008 (1.0 KB) TX bytes:1008 (1.0 KB)
qg-3eab0d31-a5 Link encap:Ethernet HWaddr fa:16:3e:a9:96:30
inet addr:172.16.73.247 Bcast:172.16.73.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fea9:9630/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:76 errors:0 dropped:0 overruns:0 frame:0
TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:25992 (25.9 KB) TX bytes:2112 (2.1 KB)
qr-e87b6f5b-f7 Link encap:Ethernet HWaddr fa:16:3e:e1:c0:29
inet addr:10.10.1.1 Bcast:10.10.1.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fee1:c029/64 Scope:Link
UP BROADCAST RUNNING MTU:1450 Metric:1
RX packets:118 errors:0 dropped:0 overruns:0 frame:0
TX packets:90 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11251 (11.2 KB) TX bytes:8442 (8.4 KB)
ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ sudo ip netns
exec qdhcp-e5999086-9fb1-403b-9273-7bb218ceebe8 ifconfig -a
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tap0bc58d9f-af Link encap:Ethernet HWaddr fa:16:3e:51:b8:99
inet addr:10.10.1.2 Bcast:10.10.1.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe51:b899/64 Scope:Link
UP BROADCAST RUNNING MTU:1450 Metric:1
RX packets:30 errors:0 dropped:0 overruns:0 frame:0
TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2858 (2.8 KB) TX bytes:2719 (2.7 KB)
sudo ip netns exec qdhcp-e5999086-9fb1-403b-9273-7bb218ceebe8 ping
10.10.1.2PING 10.10.1.2 (10.10.1.2) 56(84) bytes of data.
64 bytes from 10.10.1.2: icmp_seq=1 ttl=64 time=0.040 ms
64 bytes from 10.10.1.2: icmp_seq=2 ttl=64 time=0.036 ms
^C
--- 10.10.1.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.036/0.038/0.040/0.002 ms
ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ sudo ip netns
exec qdhcp-e5999086-9fb1-403b-9273-7bb218ceebe8 ping 172.16.73.247
PING 172.16.73.247 (172.16.73.247) 56(84) bytes of data.
64 bytes from 172.16.73.247: icmp_seq=1 ttl=64 time=0.253 ms
64 bytes from 172.16.73.247: icmp_seq=2 ttl=64 time=0.295 ms
^C
--- 172.16.73.247 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.253/0.274/0.295/0.021 ms
ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ sudo ip netns
exec qrouter-ce901ef7-60cd-4d88-828a-3bb5a7e3c9d5 ping 10.10.1.2
PING 10.10.1.2 (10.10.1.2) 56(84) bytes of data.
64 bytes from 10.10.1.2: icmp_seq=1 ttl=64 time=0.264 ms
64 bytes from 10.10.1.2: icmp_seq=2 ttl=64 time=0.061 ms
^C
--- 10.10.1.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.061/0.162/0.264/0.102 ms
ubuntu@ubuntu-HP-Compaq-Elite-8300-SFF:/etc/neutron/plugins/ml2$ sudo ip netns
exec qrouter-ce901ef7-60cd-4d88-828a-3bb5a7e3c9d5 ping 172.16.73.247
PING 172.16.73.247 (172.16.73.247) 56(84) bytes of data.
64 bytes from 172.16.73.247: icmp_seq=1 ttl=64 time=0.041 ms
64 bytes from 172.16.73.247: icmp_seq=2 ttl=64 time=0.049 ms
^C
--- 172.16.73.247 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 0.041/0.045/0.049/0.004 ms
IMPORTANT :
sudo ip netns exec qrouter-ce901ef7-60cd-4d88-828a-3bb5a7e3c9d5 ping
172.16.73.1
PING 172.16.73.1 (172.16.73.1) 56(84) bytes of data.
>From 172.16.73.247 icmp_seq=1 Destination Host Unreachable
>From 172.16.73.247 icmp_seq=2 Destination Host Unreachable
>From 172.16.73.247 icmp_seq=3 Destination Host Unreachable
>From 172.16.73.247 icmp_seq=4 Destination Host Unreachable
>From 172.16.73.247 icmp_seq=5 Destination Host Unreachable
>From 172.16.73.247 icmp_seq=6 Destination Host Unreachable
>From 172.16.73.247 icmp_seq=7 Destination Host Unreachable
>From 172.16.73.247 icmp_seq=8 Destination Host Unreachable
>From 172.16.73.247 icmp_seq=9 Destination Host Unreachable
ip r
default via 172.16.73.1 dev eth0
default dev br-int scope link metric 1037
default dev br-ex scope link metric 1038
default dev br-tun scope link metric 1039
169.254.0.0/16 dev br-tun proto kernel scope link src 169.254.6.191
169.254.0.0/16 dev br-ex proto kernel scope link src 169.254.8.54
169.254.0.0/16 dev br-int proto kernel scope link src 169.254.6.25
172.16.73.0/24 dev eth0 proto kernel scope link src 172.16.73.55
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
ovs-vsctl show
sudo ovs-vsctl show
c7c1de41-26ab-42c0-8db5-d805133bb801
Manager "ptcp:6640:127.0.0.1"
is_connected: true
Bridge br-int
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port "tap0bc58d9f-af"
tag: 41
Interface "tap0bc58d9f-af"
type: internal
Port "qg-3eab0d31-a5"
tag: 42
Interface "qg-3eab0d31-a5"
type: internal
Port int-br-ex
Interface int-br-ex
type: patch
options: {peer=phy-br-ex}
Port "qvoc32c7705-21"
tag: 41
Interface "qvoc32c7705-21"
Port br-int
Interface br-int
type: internal
Port "qr-e87b6f5b-f7"
tag: 41
Interface "qr-e87b6f5b-f7"
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
Bridge br-ex
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port br-ex
Interface br-ex
type: internal
Port phy-br-ex
Interface phy-br-ex
type: patch
options: {peer=int-br-ex}
Bridge br-tun
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port br-tun
Interface br-tun
type: internal
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
ovs_version: "2.0.2"
Unable to ping the gateway of external network from router namesapce.
172.16.73.1 is the gateway of public network. Please reply if you need any info.
Please help. thanks in advance.
regards
Shanker
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
