On Mon, 2012-04-23 at 06:45 -0700, Mike Scherbakov wrote: > Hi Calvin, Sorry I didn't respond earlier, the email temporarily got lost :)
> show us iptables -nL -t nat | grep NAT on the node with nova-network. (192.168.0.101 is the nova-network node's "external" address) DNAT all -- 0.0.0.0/0 192.168.0.33 to:192.168.22.35 DNAT all -- 0.0.0.0/0 192.168.0.88 to:192.168.22.41 ACCEPT all -- 192.168.22.32/27 192.168.22.32/27 ! ctstate DNAT DNAT tcp -- 0.0.0.0/0 169.254.169.254 tcp dpt:80 to:192.168.0.101:8775 DNAT all -- 0.0.0.0/0 192.168.0.33 to:192.168.22.35 DNAT all -- 0.0.0.0/0 192.168.0.88 to:192.168.22.41 SNAT all -- 192.168.22.35 0.0.0.0/0 to:192.168.0.33 SNAT all -- 192.168.22.41 0.0.0.0/0 to:192.168.0.88 SNAT all -- 192.168.22.32/27 0.0.0.0/0 to:192.168.0.101 Note that the nova-network is actually colocated on a machine that also runs nova-compute; this is a small 2-node lab deployment. > Could it be that your fixed_range flag in nova.conf covers both > subnets, > like 192.168.0.0/16 ? My fixed_range is very small, and doesn't overlap: --fixed_range=192.168.22.32/27 > Second reason - I presume that the traffic from VM will go via your > router if you access another VM via floating IP, > so router should know the route to 192.168.0.x (static/ospf?) 192.168.0.x is the office network, and communication between other machines on that network and the router on that network all work fine. In the course of trying some other things out, I found that when I enabled ipv4 forwarding on the nova-network box: echo 1 >/proc/sys/net/ipv4/ip_forward Then the virtual machines /were/ able to communicate with each-other via their floating IP addresses. I'm still not sure about what's going on, but it's good enough for our lab use now. > > Regards, > > On Fri, Apr 20, 2012 at 7:03 AM, Calvin Walton > <[email protected]> wrote: > Hi, > > I have instances running in Openstack using FlatDHCP > networking mode. > Each one has an IP address in the internal subnet > (192.168.22.x) and a > floating IP from the external subnet (192.168.0.x). > > I've found that from one instance, I cannot connect to another > instance > (or, in fact, even the same instance) via the external > floating address > (I have some monitoring tools that attempt to do this to > verify that a > server is running). Connections from external computers work > fine. > > My best guess is that there is an issue with the NAT on my > nova-network > node not allowing loopback connections. Is this intentional, > or a bug? > Is there a workaround available? > > For reference, I'm currently using OpenStack from the > 'latest-milestone-test' OpenStack PPA on Ubuntu 12.04 Precise. -- Calvin Walton <[email protected]> Blindside Networks http://www.blindsidenetworks.com/ _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
