Yes, I am able to ping the gateway address from within the snat namespace:
--
$ sudo ip netns exec snat-9e849e49-ed36-4280-a53c-47d6f5afbea2 ping
10.36.7.253
PING 10.36.7.253 (10.36.7.253) 56(84) bytes of data.
64 bytes from 10.36.7.253: icmp_seq=1 ttl=255 time=1.42 ms
64 bytes from 10.36.7.253: i
The moment I assign a floating IP address I can also get out of that vm to
our external net.
On Mon, May 2, 2016 at 10:51 PM, Jagga Soorma wrote:
> This is what my default security groups looks like just in case that has
> anything to do with why it is not working:
>
> --
> Direction
> Ether Ty
Okay so digging a bit more:
--
$ ip netns | grep -i 47d6f5afbea2
snat-9e849e49-ed36-4280-a53c-47d6f5afbea2
qrouter-9e849e49-ed36-4280-a53c-47d6f5afbea2
$ sudo ip netns exec qrouter-9e849e49-ed36-4280-a53c-47d6f5afbea2 ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lo
This is what my default security groups looks like just in case that has
anything to do with why it is not working:
--
Direction
Ether Type
IP Protocol
Port Range
Remote IP Prefix
Remote Security Group
Actions
Ingress IPv4 Any Any - default Delete Rule
Egress IPv6 Any Any ::/0 - Delete Rule
Ingres
We us a external vm network of 10.36.6.0/23. Looks like I do have some
snat rules but no idea what I should be specifically looking for in here:
$ ip netns | grep -i snat
snat-9e849e49-ed36-4280-a53c-47d6f5afbea2
snat-716dc7bd-9d6b-41da-aa6a-a484398785b1
snat-bece0591-c55b-4a48-bc2b-77873a3ebce1
It seems like you have 5 tenants, correlating to 5 snat namespaces. Your
'qg-' interfaces have proper ip configured, within the snat namespaces,
verify if you are able to resolve arp for '10.36.7.253'. From within the
namespace try pinging gw.
-Dileep
On Mon, May 2, 2016 at 10:30 PM, Jagga Soorma
Also I should mention our openstack environment is kilo based if that makes
any difference.
Thanks.
On Mon, May 2, 2016 at 10:30 PM, Jagga Soorma wrote:
> We us a external vm network of 10.36.6.0/23. Looks like I do have some
> snat rules but no idea what I should be specifically looking for i
not sure how you build your public network.. but usually it does not do dhcp.
So those are details that are needed in order for us to give you solutions /
options / checking etc based on what you are running, how it was configured
etc..
CentOS, Ubuntu, scripting just as an example..
Remo
> O
That is what I thought but it does not seem to be working this way. How would
I check our snat namespace and what specifically should I be looking for? My
apologies but am very new to openstack.
Thanks.
> On May 2, 2016, at 9:51 PM, Dileep Varma Bairraju wrote:
>
> Hi Jagga,
>
> I don't t
Hi Jagga,
I don't think that's the right approach.Floating ip will effectively do a
1:1 NAT for a given a vm to reach external resources. But, there should be
a ip from the external network that gets assigned to SNAT namespace on
network node, this effectively will let all vm's (without floating i
Just to let you know that the provider network can be used to spin up
instances, not the best use cases but some production have adopted that
solution.
Just my 2 cents,
Remo
> On May 2, 2016, at 21:42, Jagga wrote:
>
> Thanks. This definitely helps.
>
> Sent from my iPhone
>
> On May
Thanks. This definitely helps.
Sent from my iPhone
> On May 2, 2016, at 9:27 PM, Aqsa Malik wrote:
>
> This is by design in OpenStack. A VM can't access the external network unless
> assigned a floating IP.
> Each private network exists behind the router and access to external networks
> all
This is by design in OpenStack. A VM can't access the external network
unless assigned a floating IP.
Each private network exists behind the router and access to external
networks all happens via SNAT or Floating IPs. Each router uplink and
floating IP is allocated from the external network subnet.
Hi Guys,
Need some clarification regarding routing for instances without a floating
ip address. Basically we have instances connected to a priv network that is
also connected to our external network and our security group allows all
egress traffic. However, we can't seem to get to any resource on
The DHCP is just broadcast so it should go to all of the controllers and
the two it's scheduled to should respond. Are you not seeing the request
arriving at the other two controllers?
On Sat, Apr 30, 2016 at 12:42 PM, Jagga Soorma wrote:
> So I have been digging more into this and looks like th
Hi Remo,
I'm using the branch stable/mitaka.
In horizon.log there is this error twice:
REQ: curl -g -i '
http://10.30.3.231:8774/v2.1/76d7171ef0df46f299074cdc70127c08/servers/detail?all_tenants=True&tenant_id=76$
2016-05-01 21:02:53.524312 Error while checking action permissions.
2016-05-01 21:02
16 matches
Mail list logo
