I have enabled namespace, but I did not use overlapping IP addresses so far.
Here is the result of the netns command: root@172-17-6-68:/var/log/neutron# ip netns show qrouter-c5b513fa-6d6a-476f-bfc0-2114954a15aa qdhcp-a63f0950-cdea-4a6d-8312-1819113dc244 root@172-17-6-68:/var/log/neutron# ip netns exec qdhcp-a63f0950-cdea-4a6d-8312-1819113dc244 ping 10.0.1.3 PING 10.0.1.3 (10.0.1.3) 56(84) bytes of data. >From 10.0.1.2 icmp_seq=1 Destination Host Unreachable >From 10.0.1.2 icmp_seq=2 Destination Host Unreachable >From 10.0.1.2 icmp_seq=3 Destination Host Unreachable >From 10.0.1.2 icmp_seq=4 Destination Host Unreachable >From 10.0.1.2 icmp_seq=5 Destination Host Unreachable >From 10.0.1.2 icmp_seq=6 Destination Host Unreachable >From 10.0.1.2 icmp_seq=7 Destination Host Unreachable >From 10.0.1.2 icmp_seq=8 Destination Host Unreachable >From 10.0.1.2 icmp_seq=9 Destination Host Unreachable >From 10.0.1.2 icmp_seq=10 Destination Host Unreachable >From 10.0.1.2 icmp_seq=11 Destination Host Unreachable >From 10.0.1.2 icmp_seq=12 Destination Host Unreachable ^C --- 10.0.1.3 ping statistics --- 13 packets transmitted, 0 received, +12 errors, 100% packet loss, time 12061ms pipe 3 root@172-17-6-68:/var/log/neutron# Using ip netns exec qdhcp-* ping, I can ping 10.0.1.1 and 10.0.1.2. However, ping 10.0.1.3 still fail. On Mon, Nov 18, 2013 at 12:59 AM, Kyle Mestery (kmestery) < [email protected]> wrote: > On Nov 17, 2013, at 2:45 AM, sylecn <[email protected]> wrote: > > > > Thanks for the information. Now I have configured a provider router > based network, with Open vSwitch GRE tunnels. > > > > Here is the network topology: > > > > external network: 172.17.0.0/16 > > external network physical router: 172.17.0.1 > > neutron node IP: 172.17.6.68 > > > > virtual provider router: 172.17.6.70 > > > > virtual subnet1: 10.0.1.0/24 > > > > Now I can boot a vm instance and it got an IP from private IP pool > (10.0.1.3). I can also associate a floating IP to it (172.17.6.71). But I > can't ping the private ip nor the floating ip. > > > > From the neutron node, I can ping 172.17.6.70, but can't ping 10.0.1.1, > 10.0.1.3, 172.17.6.71. > > So I can't ssh into the vm. My guess is something is wrong with the > 10.0.1.0/24 network, but I don't know what. > > > Are you setup to use network namespaces with overlapping IP addresses? If > so, each tenant network will have it's own network namespace on the node > running the Neutron L3 agent. To see these, run this command: > > ip netns show > > From the qdhcp-* one, you can try to ping your tenant network address: > > ip netns exec qdhcp-* ping 10.0.1.3 > > Let me know if that helps. > > Thanks, > Kyle > > > I used the NoopFirewallDriver in OVS plugin, so icmp and tcp:22 are not > blocked by security-group rules. > > > > Here is the current setup: > > (neutron) net-list > > > +--------------------------------------+--------+----------------------------------------------------+ > > | id | name | subnets > | > > > +--------------------------------------+--------+----------------------------------------------------+ > > | a63f0950-cdea-4a6d-8312-1819113dc244 | net1 | > 708f2a58-bd85-4493-b91c-a6d42c0db5e7 10.0.1.0/24 | > > | ee318d0b-74e5-43c6-92bd-abb690df3334 | extnet | > 4c111c62-50f2-4332-b635-57846cf1980c 172.17.0.0/16 | > > > +--------------------------------------+--------+----------------------------------------------------+ > > (neutron) subnet-list > > > +--------------------------------------+---------+---------------+------------------------------------------------+ > > | id | name | cidr | > allocation_pools | > > > +--------------------------------------+---------+---------------+------------------------------------------------+ > > | 4c111c62-50f2-4332-b635-57846cf1980c | extnet | 172.17.0.0/16 | > {"start": "172.17.6.70", "end": "172.17.6.75"} | > > | 708f2a58-bd85-4493-b91c-a6d42c0db5e7 | subnet1 | 10.0.1.0/24 | > {"start": "10.0.1.2", "end": "10.0.1.254"} | > > > +--------------------------------------+---------+---------------+------------------------------------------------+ > > (neutron) port-list > > > +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+ > > | id | name | mac_address | > fixed_ips > | > > > +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+ > > | 234b4e76-7b7a-461f-8b61-2b7c58165fd2 | | fa:16:3e:86:95:d3 | > {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address": > "10.0.1.1"} | > > | 35a8ab42-4f1a-4f1e-b656-ab4dd0e83725 | | fa:16:3e:44:c2:0a | > {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address": > "10.0.1.2"} | > > | 85f4d2d7-c92b-4bc1-b080-2b1978bb6e17 | | fa:16:3e:cd:77:17 | > {"subnet_id": "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address": > "10.0.1.3"} | > > | 9a24c2e9-a6da-4a24-93d4-9eef8cb0bcfa | | fa:16:3e:01:a2:ef | > {"subnet_id": "4c111c62-50f2-4332-b635-57846cf1980c", "ip_address": > "172.17.6.70"} | > > | f508b629-6e95-4be4-89c0-b37be3907231 | | fa:16:3e:7c:41:0a | > {"subnet_id": "4c111c62-50f2-4332-b635-57846cf1980c", "ip_address": > "172.17.6.71"} | > > > +--------------------------------------+------+-------------------+------------------------------------------------------------------------------------+ > > (neutron) port-show 234b4e76-7b7a-461f-8b61-2b7c58165fd2 > > > +-----------------------+---------------------------------------------------------------------------------+ > > | Field | Value > | > > > +-----------------------+---------------------------------------------------------------------------------+ > > | admin_state_up | True > | > > | allowed_address_pairs | > | > > | binding:capabilities | {"port_filter": false} > | > > | binding:host_id | 172-17-6-68.yygamedev.com > | > > | binding:vif_type | ovs > | > > | device_id | c5b513fa-6d6a-476f-bfc0-2114954a15aa > | > > | device_owner | network:router_interface > | > > | extra_dhcp_opts | > | > > | fixed_ips | {"subnet_id": > "708f2a58-bd85-4493-b91c-a6d42c0db5e7", "ip_address": "10.0.1.1"} | > > | id | 234b4e76-7b7a-461f-8b61-2b7c58165fd2 > | > > | mac_address | fa:16:3e:86:95:d3 > | > > | name | > | > > | network_id | a63f0950-cdea-4a6d-8312-1819113dc244 > | > > | status | ACTIVE > | > > | tenant_id | 860483f3ceeb43aab4d1f0e8f76b4064 > | > > > +-----------------------+---------------------------------------------------------------------------------+ > > (neutron) > > root@172-17-6-68:/etc/neutron# nova list > > > +--------------------------------------+------+--------+------------+-------------+----------------------------+ > > | ID | Name | Status | Task State | > Power State | Networks | > > > +--------------------------------------+------+--------+------------+-------------+----------------------------+ > > | ec214f0b-eede-421e-9036-a1b56bff3c37 | c1 | ACTIVE | None | > Running | net1=10.0.1.3, 172.17.6.71 | > > > +--------------------------------------+------+--------+------------+-------------+----------------------------+ > > > > > > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
