Aaron, Thanks for helping. Actually I already have had this rule: (quantum) security-group-rule-list +--------------------------------------+----------------+-----------+----------+------------------+--------------+ | id | security_group | direction | protocol | remote_ip_prefix | remote_group | +--------------------------------------+----------------+-----------+----------+------------------+--------------+ | 1a5867db-864b-4ae9-a423-092f3c25d710 | default | ingress | | | default | | 5449c312-00ba-4625-813f-1d7f06bb8259 | default | ingress | tcp | 0.0.0.0/0 | | | 59166d99-0901-4c58-8bf3-ff46cfd4bb01 | default | egress | | | | | 79708fb2-50b1-4c7b-82a5-5cd0275603ad | default | egress | | | | | 940a2743-859a-444c-9c3c-0204995e87ba | default | ingress | | | default | | a7812053-a913-4288-bbd3-c5f225f38d13 | default | ingress | | | default | | b160a8cf-7ca0-4da6-b238-68315b199314 | default | egress | | | | | bce886e7-74d2-46bc-aba6-5928a17b2c74 | default | ingress | | | default | | c3ccbe23-5d44-4cbc-991d-a5df29aa5300 | default | ingress | | | default | | c86af4d4-d6eb-4b15-a23c-1d84d8b27716 | default | egress | | | | | c9b96941-c652-4b24-9162-4a1dcd999088 | default | ingress | icmp | 0.0.0.0/0 | | | dd26aab7-7641-4ad8-ac53-fe443f41ab5f | default | ingress | | | default | | f87eeaea-4b97-4995-968e-34f127d09bd3 | default | egress | | | | | fc7d35d0-d2b6-4df1-a03b-ca28c5e5c487 | default | egress | | | | +--------------------------------------+----------------+-----------+----------+------------------+--------------+ (quantum) security-group-rule-create --protocol icmp --direction ingress default Multiple security_group matches found for name 'default', use an ID to be more specific. (quantum)
Actualy my first tenant’s several VMs don’t have network issue. Can ping their’s floating IP from Internet. However my second tenant’s several VMs have same network issue: can ping Internet from vm, but can’t ping their floating IP from Internet. Leon From: Aaron Rosen [mailto:aro...@nicira.com] Sent: 2013年6月4日 9:03 To: Li, Leon Cc: openstack-operat...@lists.openstack.org; openstack@lists.launchpad.net (openstack@lists.launchpad.net) Subject: Re: [Openstack] [Quantum] second tenant VM's floating ip can't be accessed. Hi Li, If you can ping out to the internet from your second vm but not back in it's most likely related to security groups. I'd try running: quantum security-group-rule-create --protocol icmp --direction ingress default and see if that allows ping from the internet to be received. Aaron On Mon, Jun 3, 2013 at 2:43 AM, Li, Leon <leon....@emc.com<mailto:leon....@emc.com>> wrote: Hi all, I set up an openstack recently. My first tenant’s VMs’ floating IP work fine. All of them is pingable from “Internet”. However on second tenant, via GUI or CLI I can successfully assign floating IPs to VMs, but they are not pingable. Meanwhile, I can ping Internet from VM’s private network(IP). My environment: Grizzly. Quantum. 3 physical servers. One is controller; one is network; and the other is compute node. GRE tunnel. Anyone has idea? Thanks for your help. Leon _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net<mailto:openstack@lists.launchpad.net> Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
