Sorry to follow-up my own question, but I find that the ICMP echo gets to the host on which the destination instance is running, and, of the following interfaces, all but the 'tap*' interface sees it.
qbr23bbb27b-2f Link encap:Ethernet HWaddr 26:cb:b8:4c:12:1c qvb23bbb27b-2f Link encap:Ethernet HWaddr 26:cb:b8:4c:12:1c qvo23bbb27b-2f Link encap:Ethernet HWaddr 12:e1:8a:e6:22:69 tap23bbb27b-2f Link encap:Ethernet HWaddr fe:16:3e:5a:39:d9 so i guess i need to understand why the q? -> tap path drops my ICMP echo. On 23 August 2014 21:09, Don Waterloo <[email protected]> wrote: > I have the below heat template instantiated. > > Each instance (h1/h2/h3) can ping out to the world just fine. > In addition, h1 can ping h2 & h3, and they it. e.g. everyone can ping > everyone on its own subnet. > But h2 and h3 cannot ping each other (this is a routing function > rather than local net). > > I am using vxlan with neutron, ovs ml2 on icehouse ubuntu 14.04. > > I have port_security disabled (and iptables -L shows this to be true > in the router namespace). > > what is happening is the ping hits the router port, and stops. > e.g. 172.16.1.X sends ICMP to 172.16.2.1, and its never seen again. > > Should I be expecting this to work? It seems that this should not be > an SNAT issue, its all inside my private networking space. > > From the host, if I 'ip netns exec qrouter-<...>' i can ping each > interface inside each vm, so i know the host can reach them. > > So, uh, suggestions on how to debug this? My 'trusty' image below is > ubuntu 14.04, but it also happens w/ cirros fwiw. > > --------------<snip>-------------- > heat_template_version: 2013-05-23 > > description: > > > resources: > key: > type: OS::Nova::KeyPair > properties: > name: { str_replace: { params: { $stack_name: { get_param: > 'OS::stack_name' } }, template: '$stack_name-key' } } > save_private_key: True > > rtr: > type: OS::Neutron::Router > properties: > admin_state_up: True > name: { str_replace: { params: { $stack_name: { get_param: > 'OS::stack_name' } }, template: '$stack_name-rtr' } } > external_gateway_info: > network: "ext-net" > > ctrl_net: > type: OS::Neutron::Net > properties: > name: { str_replace: { params: { $stack_name: { get_param: > 'OS::stack_name' } }, template: '$stack_name-data-ctrl-net' } } > > ctrl_subnet: > type: OS::Neutron::Subnet > properties: > name: { str_replace: { params: { $stack_name: { get_param: > 'OS::stack_name' } }, template: '$stack_name-data-ctrl-subnet' } } > enable_dhcp: True > network_id: { get_resource: ctrl_net } > cidr: 172.16.1/24 > allocation_pools: > - start: 172.16.1.10 > end: 172.16.1.254 > > router_i0: > type: OS::Neutron::RouterInterface > properties: > router_id: { get_resource: rtr } > subnet_id: { get_resource: ctrl_subnet } > > router_i1: > type: OS::Neutron::RouterInterface > properties: > router_id: { get_resource: rtr } > subnet_id: { get_resource: data_int_subnet } > > int_net: > type: OS::Neutron::Net > properties: > name: { str_replace: { params: { $stack_name: { get_param: > 'OS::stack_name' } }, template: '$stack_name-int-net' } } > > data_int_subnet: > type: OS::Neutron::Subnet > properties: > name: { str_replace: { params: { $stack_name: { get_param: > 'OS::stack_name' } }, template: '$stack_name-data-int-subnet' } } > enable_dhcp: True > network_id: { get_resource: int_net } > cidr: 172.16.2/24 > allocation_pools: > - start: 172.16.2.10 > end: 172.16.2.254 > > > h1: > type: OS::Nova::Server > properties: > name: { str_replace: { params: { $stack_name: { get_param: > 'OS::stack_name' } }, template: '$stack_name-h1' } } > key_name: { get_resource: key } > image: "trusty" > flavor: "m1.tiny" > config_drive: "true" > networks: > - network: { get_resource: ctrl_net } > - network: { get_resource: int_net } > user_data_format: RAW > user_data: | > #!/bin/bash > ifup eth1 > dhclient eth1 > > h2: > type: OS::Nova::Server > properties: > name: { str_replace: { params: { $stack_name: { get_param: > 'OS::stack_name' } }, template: '$stack_name-h2' } } > key_name: { get_resource: key } > image: "trusty" > flavor: "m1.tiny" > config_drive: "true" > networks: > - network: { get_resource: ctrl_net } > > h3: > type: OS::Nova::Server > properties: > name: { str_replace: { params: { $stack_name: { get_param: > 'OS::stack_name' } }, template: '$stack_name-h3' } } > key_name: { get_resource: key } > image: "trusty" > flavor: "m1.tiny" > config_drive: "true" > networks: > - network: { get_resource: int_net } > > outputs: > key: > description: The private key to login to these images with > (try heat output-show <NAME> key | sed -e 's?"??g' -e 's?\\n?\n?g' > > ~/.ssh/<NAME>_rsa) > value: { get_attr: [ key, private_key] } > > --------------<snip>-------------- _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
