Anyone ?
2014-09-03 16:01 GMT+08:00 Germy Lure <[email protected]>: > Hi, > > Thanks for your response. > I just disabled SEG function(deployed in compute nodes). > The ICMP packets even hadn't leave network node. I cannot tcpdump packet > on qr-xx interface. > > Can you introduce your demo? Havana or Icehouce? Network node kernel > version? etc. > > > 2014-09-03 12:38 GMT+08:00 Akihiro Motoki <[email protected]>: > >> Hi, >> >> I did the same in the past for demo, and it worked well. >> Does secgroup of VM2 allow connections from VM1? >> >> >> 2014年9月3日水曜日、Germy Lure<[email protected]>さんは書きました: >> >>> Hi Stackers, >>> >>> Network TOPO like this: VM1(net1)--Router1-------IPSec VPN >>> tunnel-------Router2--VM2(net2) >>> If left and right side deploy on different OpenStack environments, it >>> works well. But in the same environment, Router1 and Router2 are namespace >>> implement in the same network node. I cannot ping from VM1 to VM2. >>> >>> In R2(Router2), tcpdump tool tells us that R2 receives ICMP echo request >>> packets but doesnt send them out. >>> >>> *7837C113-D21D-B211-9630-**000000821800:~ # ip netns exec >>> qrouter-4fd2e76e-37d0-4d05-**b5a1-dd987c0231ef tcpdump -i any * >>> *tcpdump: verbose output suppressed, use -v or -vv for full protocol >>> decode* >>> *listening on any, link-type LINUX_SLL (Linux cooked), capture size >>> 65535 bytes* >>> * 11:50:14.853470 IP 10.10.5.2 > 10.10.5.3 <http://10.10.5.3>: >>> ESP(spi=0xc6d65c02,seq=0x1e6), length 132* >>> *11:50:14.853470 IP 128.6.25.2 > 128.6.26.2 <http://128.6.26.2>: ICMP >>> echo request, id 44567, seq 486, length 64* >>> * 11:50:15.853475 IP 10.10.5.2 > 10.10.5.3 <http://10.10.5.3>: >>> ESP(spi=0xc6d65c02,seq=0x1e7), length 132* >>> *11:50:15.853475 IP 128.6.25.2 > 128.6.26.2 <http://128.6.26.2>: ICMP >>> echo request, id 44567, seq 487, length 64* >>> * 11:50:16.853461 IP 10.10.5.2 > 10.10.5.3 <http://10.10.5.3>: >>> ESP(spi=0xc6d65c02,seq=0x1e8), length 132* >>> *11:50:16.853461 IP 128.6.25.2 > 128.6.26.2 <http://128.6.26.2>: ICMP >>> echo request, id 44567, seq 488, length 64* >>> * 11:50:17.853447 IP 10.10.5.2 > 10.10.5.3 <http://10.10.5.3>: >>> ESP(spi=0xc6d65c02,seq=0x1e9), length 132* >>> *11:50:17.853447 IP 128.6.25.2 > 128.6.26.2 <http://128.6.26.2>: ICMP >>> echo request, id 44567, seq 489, length 64* >>> * ^C* >>> *8 packets captured* >>> *8 packets received by filter* >>> *0 packets dropped by kernel* >>> >>> ip addr in R2: >>> >>> 7837C113-D21D-B211-9630-000000821800:~ # ip netns exec >>> qrouter-4fd2e76e-37d0-4d05-b5a1-dd987c0231ef ip addr >>> 187: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN >>> group default >>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >>> inet 127.0.0.1/8 scope host lo >>> inet6 ::1/128 scope host >>> valid_lft forever preferred_lft forever >>> 206: qr-4bacb61c-72: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue >>> state UNKNOWN group default >>> link/ether fa:16:3e:23:10:97 brd ff:ff:ff:ff:ff:ff >>> inet 128.6.26.1/24 brd 128.6.26.255 scope global qr-4bacb61c-72 >>> inet6 fe80::f816:3eff:fe23:1097/64 scope link >>> valid_lft forever preferred_lft forever >>> 208: qg-4abd4bb0-21: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue >>> state UNKNOWN group default >>> link/ether fa:16:3e:e6:cd:1a brd ff:ff:ff:ff:ff:ff >>> inet 10.10.5.3/24 brd 10.10.5.255 scope global qg-4abd4bb0-21 >>> inet6 fe80::f816:3eff:fee6:cd1a/64 scope link >>> valid_lft forever preferred_lft forever >>> >>> >>> In addition, the kernel counter "/proc/net/snmp" in namespace is >>> unchanged. These couters do not work well with namespace? >>> >>> >>> BR, >>> Germy >>> >> >> _______________________________________________ >> Mailing list: >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : [email protected] >> Unsubscribe : >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> >> >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
