instance binded floating ip cannot ping external gateway, bug i can ping the other pc in external network
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
instance(
I deploy openstack all in one physical compute following the guide: http://
nova install in compute1 and compute1 as the hypervisor.
[root@compute1 ~]# virsh list
Id Name State
-------
5 IaaS_openstack_
6 IaaS_openstack_
7 IaaS_openstack_
38 instance-0000000f running
39 instance-0000000e running
neutron has been installed in IaaS_openstack_
-------
[root@controller keystone]# neutron net-create ext-net --router:external --provider:
[root@controller keystone]# neutron subnet-create ext-net 192.168.1.0/24 --name ext-subnet --allocation-pool start=192.
[root@controller keystone]# neutron net-create demo-net
[root@controller keystone]# neutron subnet-create demo-net 192.168.100.0/24 --name demo-subnet --gateway 192.168.100.1
[root@controller keystone]# neutron router-create demo-router
[root@controller keystone]# neutron router-
[root@controller keystone]# neutron router-gateway-set demo-router ext-net
-------
[root@network ~]# neutron agent-list
+------
| id | agent_type | host | alive | admin_state_up | binary |
+------
| 0923f4c3-
| 1ce168ed-
| 276d38c8-
| 565ed14a-
| a8cfbb25-
| bd81321b-
| c7313ecd-
| cdf31fd6-
| ee2821f0-
| f47e9e85-
+------
[root@network ~]# ip netns list
qrouter-
qdhcp-c2ba1db5-
[root@network ~]# ip net exec qrouter-
1: lo: <LOOPBACK,
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
10: qr-346be01a-09: <BROADCAST,
link/ether fa:16:3e:f8:d1:e7 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global qr-346be01a-09
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
11: qg-46e0fef7-b7: <BROADCAST,
link/ether fa:16:3e:4a:87:c3 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.240/24 brd 192.168.1.255 scope global qg-46e0fef7-b7
valid_lft forever preferred_lft forever
inet 192.168.1.244/32 brd 192.168.1.244 scope global qg-46e0fef7-b7
valid_lft forever preferred_lft forever
inet 192.168.1.242/32 brd 192.168.1.242 scope global qg-46e0fef7-b7
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
[root@network ~]# ip netns exec qrouter-
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.1.1 0.0.0.0 UG 0 0 0 qg-46e0fef7-b7
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 qg-46e0fef7-b7
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 qr-346be01a-09
[root@network ~]# ip netns exec qrouter-
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-
-N neutron-
-N neutron-
-N neutron-
-N neutron-
-N neutron-
-A PREROUTING -j neutron-
-A OUTPUT -j neutron-
-A POSTROUTING -j neutron-
-A POSTROUTING -j neutron-
-A neutron-
-A neutron-
-A neutron-
-A neutron-
-A neutron-
-A neutron-
-A neutron-
-A neutron-
-A neutron-
-A neutron-
-A neutron-
-A neutron-
-------
If I associate floating ip to instances(
I cannot ping the gateway, but if I remove the neutron-
ip net exec qrouter-
ip net exec qrouter-
I found the iptables rule changed when I reassociate floating ip.
the question is why?
why I must remove the neutron-
thank you!
Don't know what's the problem in your env. But in my env, Vm with floatingip can ping gateway.
[root@xhh157 images]# ip netns exec qrouter- 2bf026d1- 8b3f-4e39- 9020-3f1827af2a e0 bash UP,LOWER_ UP> mtu 65536 qdisc noqueue state UNKNOWN MULTICAST, UP,LOWER_ UP> mtu 1500 qdisc noqueue state UNKNOWN 3eff:fe35: a09/64 scope link MULTICAST, UP,LOWER_ UP> mtu 1500 qdisc noqueue state UNKNOWN 3eff:fe4c: d747/64 scope link MULTICAST, UP,LOWER_ UP> mtu 1500 qdisc noqueue state UNKNOWN 3eff:fe7f: 4fae/64 scope link
[root@xhh157 images]# ip a
1: lo: <LOOPBACK,
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
34: ha-9f7b947d-76: <BROADCAST,
link/ether fa:16:3e:35:0a:09 brd ff:ff:ff:ff:ff:ff
inet 169.254.192.1/18 brd 169.254.255.255 scope global ha-9f7b947d-76
valid_lft forever preferred_lft forever
inet 169.254.0.1/24 scope global ha-9f7b947d-76
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
35: qg-af992b33-62: <BROADCAST,
link/ether fa:16:3e:4c:d7:47 brd ff:ff:ff:ff:ff:ff
inet 10.11.2.100/22 scope global qg-af992b33-62
valid_lft forever preferred_lft forever
inet 10.11.2.101/32 scope global qg-af992b33-62
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
37: qr-aedbad3a-a4: <BROADCAST,
link/ether fa:16:3e:7f:4f:ae brd ff:ff:ff:ff:ff:ff
inet 100.0.0.1/24 scope global qr-aedbad3a-a4
valid_lft forever preferred_lft forever
inet6 fe80::f816:
valid_lft forever preferred_lft forever
[root@xhh157 images]# ssh cirros@100.0.0.7 4e:bb:f5: 06:96:94: c5:08:08: 6b:3c:8b: 25.
The authenticity of host '100.0.0.7 (100.0.0.7)' can't be established.
RSA key fingerprint is 0b:e4:ec:
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '100.0.0.7' (RSA) to the list of known hosts.
cirros@100.0.0.7's password:
$ ping 10.11.2.100
PING 10.11.2.100 (10.11.2.100): 56 data bytes
64 bytes from 10.11.2.100: seq=0 ttl=64 time=4.606 ms
64 bytes from 10.11.2.100: seq=1 ttl=64 time=2.548 ms
64 bytes from 10.11.2.100: seq=2 ttl=64 time=2.552 ms
64 bytes from 10.11.2.100: seq=3 ttl=64 time=1.942 ms
64 bytes from 10.11.2.100: seq=4 ttl=64 time=7.961 ms