Fuel for OpenStack

VM instances cannot connect to internet

Asked by Gowri

Hi ,

I have Openstack Havana on centos ,HA mode setup up and running.The VM instances are not able to connect to the internet.
I can download anything using wget in compute and Controller node (Compute, controller can connect to external world) but when I execute wget coomands from VM instances(ubuntu instances),it gives the error "connection timed out".

I did curl -IL "http://www.google.com" to verify the connectivity , I got the following result

HTTP/1.1 302 Found
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Via:xxxxxxxxxxxxxxxx
Date: Wed, 02 Apr 2014 11:17:50 GMT
Server: xxx
Content-Type: text/html; charset=UTF-8
Cache-Control: private
Content-Length: 277
X-Frame-Options: SAMEORIGIN
Proxy-Connection: Keep-Alive
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic

HTTP/1.1 200 OK
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
Via: xxxxxxxxxxxxxxxxxxx
Date: Wed, 02 Apr 2014 11:17:50 GMT
Server: xxx
Expires: -1
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private, max-age=0
X-Frame-Options: SAMEORIGIN
Proxy-Connection: Keep-Alive
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic

Does this mean VM s can connect to internet but are not able to download anything ?
Why only VM s are not able to download whereas I can download same thing from compute machine?(Could this be related to bridge configuration? )
I am not able to figure out what is going wrong and what could be the problem .

Can somebody help me with this ?

I am using the following configuration :
- HA mode with 3 controllers,1 compute,1 Storage
- 2 NIC configuration
- FlatDHCP
-nova network
-Havana on CentOs
-I used Fuel 4.0 installer

Thanks

Question information

Language:
English Edit question
Status:
Expired
For:
Fuel for OpenStack Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Miroslav Anashkin (manashkin) said : 		#1

Greetings Gowri,

Have you shared your external network and assigned a router to it after the OpenStack deployment?
For instance, as following:
http://docs.openstack.org/havana/install-guide/install/apt/content/install-neutron.configure-networks.html

Kind regards,
Miroslav

Revision history for this message
Launchpad Janitor (janitor) said : 		#2

This question was expired because it remained in the 'Needs information' state without activity for the last 15 days.

Revision history for this message
Natalee (leesha-amanna) said : 		#3

Hi,
I am facing the same issue.. I can ssh to the instance. I can ping google.com from the instance, but I cannot download anything on the instance. i am using Icehouse installation on Ubuntu 14.04 LTS machines. The instancehas a ubuntu server 12.04 LTS installed in it. As asked, I have done the networking part.
Could someone please help me with this issue??

Revision history for this message
Evgeny Kozhemyakin (ekozhemyakin) said : 		#4

Hi, Natalee.

It looks like your network has been configured well while you can ping google.com.
Could you please provide a little bit more information about "cannot downlod anything on the instance".

Please try running
ping -s 1500 www.google.com
curl -L "http://www.google.com"
or
wget "http://www.google.com"

Revision history for this message
Miroslav Anashkin (manashkin) said : 		#5

Greetings Natalee,

Please check the following 3 key places first:

1. Your external network should be shared in OpenStack - there is appropriate check box in network properties.

2. Applied Security Group set should allow the proper ports and traffic type. Please note, security groups exist on per-tenant basis, so, two groups with the same name, but belonging to different tenants are completely different groups.

3. Your instance network settings should not restrict the necessary ports or traffic types as well.

Ability to ping external site (google.com) shows, there is connection.

Kind regards,
Miroslav

Revision history for this message
Natalee (leesha-amanna) said : 		#6

Hi Evgeny,
None of the commands given by you work.. That is exactly what I meant when I told, download does not happen. Here are the results of the commnds
The result of ping google.com
demo@ubuntu:~$ ping google.com
PING google.com (173.194.41.164) 56(84) bytes of data.
64 bytes from lhr08s04-in-f4.1e100.net (173.194.41.164): icmp_req=1 ttl=50 time=4.68 ms
64 bytes from lhr08s04-in-f4.1e100.net (173.194.41.164): icmp_req=2 ttl=50 time=4.69 ms
64 bytes from lhr08s04-in-f4.1e100.net (173.194.41.164): icmp_req=3 ttl=50 time=4.54 ms
64 bytes from lhr08s04-in-f4.1e100.net (173.194.41.164): icmp_req=4 ttl=50 time=4.68 ms

But result of ping -s 1500 google.com
demo@ubuntu:~$ ping -s 1500 google.com
PING google.com (173.194.41.165) 1500(1528) bytes of data.

demo@ubuntu:~$ curl -L http://www.google.com

Revision history for this message
Natalee (leesha-amanna) said : 		#7

Hi Anashkin,

1) Yes, my external network is shared.
2) There is currently only one tenant.
3) How do I know if there is any restriction? There are no firewall rules set as per my knowledge!

Revision history for this message
Evgeny Kozhemyakin (ekozhemyakin) said : 		#8

Hi Natalee,
please try running:
   iptables -n -L -v
   iptables -n -L -v -t nat
on your compute node and vm instance.

Also to catch the problem you can watch your traffic flow on output interface of your compute node
while running "curl ..." command (above).
to find this interface run:
   ip route get 173.194.41.164
to watch traffic:
   tcpdump -n -i *out interface* tcp port 80