neutron

Can't ping or ssh a VM with the trunk code

Asked by Louis Kang on 2012-08-29

I'm trying to setup a multi cloud using the latest and greatest code (folsom 3+) and Devstack.

The services are enabled as follows
ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-cpu,n-sch,horizon,mysql,rabbit,q-svc,quantum,q-agt,q-dhcp

And the network interfaces are set as shown below
PUBLIC_INTERFACE=br-int
VLAN_INTERFACE=eth1
FLAT_NETWORK_BRIDGE=br-int
FLAT_INTERFACE=eth1

ovs-vsctl show gives

root@server2:~# ovs-vsctl show
03de4a17-a1c1-4f3c-be36-1bbbd814228e
    Bridge br-tun
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port br-tun
            Interface br-tun
                type: internal
    Bridge br-int
        Port "tapddd5eabc-92"
            tag: 1
            Interface "tapddd5eabc-92"
                type: internal
        Port "tap8c899a36-eb"
            tag: 1
            Interface "tap8c899a36-eb"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port br-int
            Interface br-int
                type: internal
    ovs_version: "1.4.0+build0"

ifconfig gives

eth0 Link encap:Ethernet HWaddr 5c:f3:fc:29:83:88
          inet addr:103.6.103.114 Bcast:103.6.103.127 Mask:255.255.255.128
          inet6 addr: fe80::5ef3:fcff:fe29:8388/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:9068595 errors:0 dropped:37127 overruns:0 frame:0
          TX packets:2467020 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2052273260 (2.0 GB) TX bytes:993860232 (993.8 MB)
          Interrupt:17 Memory:91a80000-91aa0000

eth1 Link encap:Ethernet HWaddr 5c:f3:fc:29:83:89
          inet6 addr: fe80::5ef3:fcff:fe29:8389/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
          RX packets:319283 errors:0 dropped:19885 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:21711244 (21.7 MB) TX bytes:492 (492.0 B)
          Interrupt:19 Memory:91980000-919a0000

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:1138588 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1138588 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:790204635 (790.2 MB) TX bytes:790204635 (790.2 MB)

tap8c899a36-eb Link encap:Ethernet HWaddr 76:eb:d6:ee:07:de
          inet6 addr: fe80::74eb:d6ff:feee:7de/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:910 errors:0 dropped:0 overruns:0 frame:0
          TX packets:537 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:203300 (203.3 KB) TX bytes:107002 (107.0 KB)

virbr0 Link encap:Ethernet HWaddr 8e:ff:b0:24:de:ac
          inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
          UP BROADCAST MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

route command gives

Destination Gateway Genmask Flags Metric Ref Use Iface
default 103.6.103.1 0.0.0.0 UG 100 0 0 eth0
localnet * 255.255.255.128 U 0 0 0 eth0
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0

I have a VM running on the private IP 10.0.0.3

And the security group has been opened with the following command

nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0

But when I ping the IP it just hangs

stack@server2:/etc$ ping 10.0.0.3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
^C
--- 10.0.0.3 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5038ms

When I ssh the IP I get
stack@server2:/etc$ ssh cirros@10.0.0.3
ssh: connect to host 10.0.0.3 port 22: Connection timed out

What am I missing here? It seems like there is some internal network plumbing I'm forgeting.

Anyone have any ideas?

Thanks

Question information

Language:: English Edit question

Status:: Solved

For:: neutron Edit question

Assignee:: No assignee Edit question

Solved by:: Salvatore Orlando

Solved:: 2012-08-29

Last query:: 2012-08-29

Last reply:: 2012-08-29

Link existing bug

Revision history for this message

Salvatore Orlando (salvatore-orlando) said on 2012-08-29:

Hi Louis,

there are a few things to mention. Hopefully they would allow you to make
progress with your setup:
1) Quantum does not (yet) work with nova security groups. If you enable a
nova security group driver with Quantum, the result at the moment will be
that DHCP traffic is blocked.
2) The dhcp agent now uses ip namespaces. A distinct namespace for each
network is created, thus allowing us to use overlapping IP addresses. As a
result you won't be able to ping instances from outside the namespace.

Salvatore

On 29 August 2012 08:25, Louis Kang <email address hidden>wrote:

> New question #207108 on quantum:
> https://answers.launchpad.net/quantum/+question/207108
>
> I'm trying to setup a multi cloud using the latest and greatest code
> (folsom 3+) and Devstack.
>
> The services are enabled as follows
>
> ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-cpu,n-sch,horizon,mysql,rabbit,q-svc,quantum,q-agt,q-dhcp
>
> And the network interfaces are set as shown below
> PUBLIC_INTERFACE=br-int
> VLAN_INTERFACE=eth1
> FLAT_NETWORK_BRIDGE=br-int
> FLAT_INTERFACE=eth1
>
> ovs-vsctl show gives
>
> root@server2:~# ovs-vsctl show
> 03de4a17-a1c1-4f3c-be36-1bbbd814228e
> Bridge br-tun
> Port patch-int
> Interface patch-int
> type: patch
> options: {peer=patch-tun}
> Port br-tun
> Interface br-tun
> type: internal
> Bridge br-int
> Port "tapddd5eabc-92"
> tag: 1
> Interface "tapddd5eabc-92"
> type: internal
> Port "tap8c899a36-eb"
> tag: 1
> Interface "tap8c899a36-eb"
> Port patch-tun
> Interface patch-tun
> type: patch
> options: {peer=patch-int}
> Port br-int
> Interface br-int
> type: internal
> ovs_version: "1.4.0+build0"
>
> ifconfig gives
>
> eth0 Link encap:Ethernet HWaddr 5c:f3:fc:29:83:88
> inet addr:103.6.103.114 Bcast:103.6.103.127
> Mask:255.255.255.128
> inet6 addr: fe80::5ef3:fcff:fe29:8388/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:9068595 errors:0 dropped:37127 overruns:0 frame:0
> TX packets:2467020 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:2052273260 (2.0 GB) TX bytes:993860232 (993.8 MB)
> Interrupt:17 Memory:91a80000-91aa0000
>
> eth1 Link encap:Ethernet HWaddr 5c:f3:fc:29:83:89
> inet6 addr: fe80::5ef3:fcff:fe29:8389/64 Scope:Link
> UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
> RX packets:319283 errors:0 dropped:19885 overruns:0 frame:0
> TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:21711244 (21.7 MB) TX bytes:492 (492.0 B)
> Interrupt:19 Memory:91980000-919a0000
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:1138588 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1138588 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:790204635 (790.2 MB) TX bytes:790204635 (790.2 MB)
>
> tap8c899a36-eb Link encap:Ethernet HWaddr 76:eb:d6:ee:07:de
> inet6 addr: fe80::74eb:d6ff:feee:7de/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:910 errors:0 dropped:0 overruns:0 frame:0
> TX packets:537 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:500
> RX bytes:203300 (203.3 KB) TX bytes:107002 (107.0 KB)
>
> virbr0 Link encap:Ethernet HWaddr 8e:ff:b0:24:de:ac
> inet addr:192.168.122.1 Bcast:192.168.122.255
> Mask:255.255.255.0
> UP BROADCAST MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>
> route command gives
>
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> default 103.6.103.1 0.0.0.0 UG 100 0 0
> eth0
> localnet * 255.255.255.128 U 0 0 0
> eth0
> 192.168.122.0 * 255.255.255.0 U 0 0 0
> virbr0
>
> I have a VM running on the private IP 10.0.0.3
>
> And the security group has been opened with the following command
>
> nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
> nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
>
> But when I ping the IP it just hangs
>
> stack@server2:/etc$ ping 10.0.0.3
> PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
> ^C
> --- 10.0.0.3 ping statistics ---
> 6 packets transmitted, 0 received, 100% packet loss, time 5038ms
>
> When I ssh the IP I get
> stack@server2:/etc$ ssh cirros@10.0.0.3
> ssh: connect to host 10.0.0.3 port 22: Connection timed out
>
> What am I missing here? It seems like there is some internal network
> plumbing I'm forgeting.
>
> Anyone have any ideas?
>
> Thanks
>
>
> --
> You received this question notification because you are a member of
> Netstack Core Developers, which is an answer contact for quantum.
>

Hi Louis,

Salvatore

On 29 August 2012 08:25, Louis Kang <question207108@answers.launchpad.net>wrote:

> New question #207108 on quantum:
> https://answers.launchpad.net/quantum/+question/207108
>
> I'm trying to setup a multi cloud using the latest and greatest code
> (folsom 3+) and Devstack.
>
> The services are enabled as follows
>
> ENABLED_SERVICES=g-api,g-reg,key,n-api,n-crt,n-cpu,n-sch,horizon,mysql,rabbit,q-svc,quantum,q-agt,q-dhcp
>
> And the network interfaces are set as shown below
> PUBLIC_INTERFACE=br-int
> VLAN_INTERFACE=eth1
> FLAT_NETWORK_BRIDGE=br-int
> FLAT_INTERFACE=eth1
>
> ovs-vsctl show gives
>
> root@server2:~# ovs-vsctl show
> 03de4a17-a1c1-4f3c-be36-1bbbd814228e
>     Bridge br-tun
>         Port patch-int
>             Interface patch-int
>                 type: patch
>                 options: {peer=patch-tun}
>         Port br-tun
>             Interface br-tun
>                 type: internal
>     Bridge br-int
>         Port "tapddd5eabc-92"
>             tag: 1
>             Interface "tapddd5eabc-92"
>                 type: internal
>         Port "tap8c899a36-eb"
>             tag: 1
>             Interface "tap8c899a36-eb"
>         Port patch-tun
>             Interface patch-tun
>                 type: patch
>                 options: {peer=patch-int}
>         Port br-int
>             Interface br-int
>                 type: internal
>     ovs_version: "1.4.0+build0"
>
> ifconfig gives
>
> eth0      Link encap:Ethernet  HWaddr 5c:f3:fc:29:83:88
>           inet addr:103.6.103.114  Bcast:103.6.103.127
>  Mask:255.255.255.128
>           inet6 addr: fe80::5ef3:fcff:fe29:8388/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:9068595 errors:0 dropped:37127 overruns:0 frame:0
>           TX packets:2467020 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:2052273260 (2.0 GB)  TX bytes:993860232 (993.8 MB)
>           Interrupt:17 Memory:91a80000-91aa0000
>
> eth1      Link encap:Ethernet  HWaddr 5c:f3:fc:29:83:89
>           inet6 addr: fe80::5ef3:fcff:fe29:8389/64 Scope:Link
>           UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
>           RX packets:319283 errors:0 dropped:19885 overruns:0 frame:0
>           TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:21711244 (21.7 MB)  TX bytes:492 (492.0 B)
>           Interrupt:19 Memory:91980000-919a0000
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:1138588 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1138588 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:790204635 (790.2 MB)  TX bytes:790204635 (790.2 MB)
>
> tap8c899a36-eb Link encap:Ethernet  HWaddr 76:eb:d6:ee:07:de
>           inet6 addr: fe80::74eb:d6ff:feee:7de/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:910 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:537 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:500
>           RX bytes:203300 (203.3 KB)  TX bytes:107002 (107.0 KB)
>
> virbr0    Link encap:Ethernet  HWaddr 8e:ff:b0:24:de:ac
>           inet addr:192.168.122.1  Bcast:192.168.122.255
>  Mask:255.255.255.0
>           UP BROADCAST MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
>
> route command gives
>
> Destination     Gateway         Genmask         Flags Metric Ref    Use
> Iface
> default         103.6.103.1     0.0.0.0         UG    100    0        0
> eth0
> localnet        *               255.255.255.128 U     0      0        0
> eth0
> 192.168.122.0   *               255.255.255.0   U     0      0        0
> virbr0
>
> I have a VM running on the private IP 10.0.0.3
>
> And the security group has been opened with the following command
>
> nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
> nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
>
> But when I ping the IP it just hangs
>
> stack@server2:/etc$ ping 10.0.0.3
> PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
> ^C
> --- 10.0.0.3 ping statistics ---
> 6 packets transmitted, 0 received, 100% packet loss, time 5038ms
>
> When I ssh the IP  I get
> stack@server2:/etc$ ssh cirros@10.0.0.3
> ssh: connect to host 10.0.0.3 port 22: Connection timed out
>
> What am I missing here? It seems like there is some internal network
> plumbing I'm forgeting.
>
> Anyone have any ideas?
>
> Thanks
>
>
> --
> You received this question notification because you are a member of
> Netstack Core Developers, which is an answer contact for quantum.
>

Revision history for this message

Louis Kang (louiskang) said on 2012-08-29:

Thanks Salvatore Orlando, that solved my question.

Revision history for this message

Louis Kang (louiskang) said on 2012-08-29:

Thank you Salvatore for you quick reply :-)

Revision history for this message

Yang Zhenyu (yangzhenyu) said on 2012-09-03:

Hi Louis

Could you tell me how to solve this problem?

Thanks

Revision history for this message

Louis Kang (louiskang) said on 2012-09-04:

Sure,

Actually it was a combination of his answer and the answers found on here
https://answers.launchpad.net/quantum/+question/206604

So basically I didn't understand the concept of namespace and I was trying to ping from outside the namespace.

You can access the namespace using the command

$ ip netns exec <namespace> <command>
example
$ ip netns exec cb731bd2-ea13-4537-90a7-65efe6312c00 ping 10.0.0.3

and you can list the namespaces with the command

$ ip netns list
cb731bd2-ea13-4537-90a7-65efe6312c00

Hope that helps

Revision history for this message

Yang Zhenyu (yangzhenyu) said on 2012-09-04:

Thank you very much!

To post a message you must log in.

Ask a question

Edit question

neutron

Can't ping or ssh a VM with the trunk code

Question information

Related bugs

Related FAQ:

Subscribers