Hi Joe, nova network filtering rules are preventing ip-spoofing. There is a proposal to modify this behavior when using HA in instances. See thread: [openstack-dev] VM level HA. Changes in firewall.py question.
You can check with: virsh nwfilter-dumpxml nova-base cheers, Belmiro On Jan 21, 2013, at 12:25 PM, Joe Warren-Meeks <joe.warren.me...@gmail.com> wrote: > Hi guys, > > I've got openstack essex configured with vlanmanager and an external gateway > and all my networking runs ok generally. > > However, I'm trying to setup Linux HA on two instances. They run on separate > compute nodes and can see each other just fine. hb_takeover and hb_standby > works perfectly. The problem is that nothing outside of the instance with the > HA IP address can connect to it. > > It seems that something is ignoring the arp is-at from the instance. Doing a > tcpdump on the compute node's bridged network and the instance's eth0 I can > arp requests and responses fine for its main IP, but when I try to get to the > alias address, I see arp requests only on the compute side. On the instance > side I see it responding, but this doesn't show up on the bridged interface > on the compute node. > > Has anyone seen this before? My google-fu is failing to find anything. > > Kind regards > > -- joe. > > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : openstack@lists.launchpad.net > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
