VM's cannot get external/internet access

Asked by Eoghan on 2012-09-12

Working with the latest milestone-proposed Quantum branch and using the latest stack.sh to install Openstack. VM's spin up fine and do get IP's assigned. The VM's can ping each other and can ping the quantum router but they cannot get past that to the outside world.

When I looked at the router namespace it can ping the IP of the physical Openstack server but it does not have external access either.

Are there additional steps required to enable VM's to have external/internet access?

Thanks
Eoghan

Question information

Language:
English Edit question
Status:
Solved
For:
neutron Edit question
Assignee:
No assignee Edit question
Solved by:
Eoghan
Solved:
2012-09-12
Last query:
2012-09-12
Last reply:
2012-09-12

L3 support for devstack intentionally did not explictly attach to a physical interface. We did this so to avoid playing with the network configuration of the host computer.

Devstack assigns the gateway of the subnet defined for the external network to $PUBLIC_BRIDGE, so you should be able to ping it from your VMs. This will prove you that NAT is working.

If you want to bridge your VMs to the outside world - you should be able to do that with the following steps:

1) Fetch IP addresses of physical interface ($PUBLIC_INTERFACE):

salvatore@ubuntu:~/git/quantum$ ip addr show $PUBLIC_INTERFACE
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:0c:29:79:c9:50 brd ff:ff:ff:ff:ff:ff
    inet 192.168.36.100/24 brd 192.168.36.255 scope global eth0
    inet6 fe80::20c:29ff:fe79:c950/64 scope link
       valid_lft forever preferred_lft forever

you will need to parse this output in order to fetch the addresses. According to your needs you might want to parse the first address only or also additional addresses, including IPv6 addresses.

2) Flush IP addresses on this interface

salvatore@ubuntu:~/git/quantum$ sudo ip addr flush dev $PUBLIC_INTERFACE

3) Bring up interface associated with the public bridge ($PUBLIC_BRIDGE)

salvatore@ubuntu:~/git/quantum$ sudo ip link set $PUBLIC_BRIDGE up

4) Assign the Ip addresses retrieved in #1 to $PUBLIC_BRIDGE. Might be worth flushing existing addresses before doing that - but keep in mind devstack sets an IP address too there; so make sure you do not delete that one.

salvatore@ubuntu:~/git/quantum$ sudo ip addr add $PUBLIC_IP dev $PUBLIC_BRIDGE

The last command should be a loop if you fetched multiple addresses in #1 (and stored them in an array)

for IP_ADDRESS in ${PUBLIC_IPS[@])
do
  sudo ip addr add $IP_ADDR dev $PUBLIC_BRIDGE
done

5) Attach the public interface, which now should have no IP address, to the public bridge

salvatore@ubuntu:~/git/quantum$ sudo ovs-vsctl add-port $PUBLIC_BRIDGE $PUBLIC_INTERFACE

Eoghan (eoghank) said : #2

Thanks Salvatore

I was able to get external access for VM's with those steps.

Eoghan

gvdm (gvdm) said : #3

Hi,

I'm facing the same problem on my setup (Devstack + Neutron).
I followed these instructions but now my Devstack machine cannot reach the Internet and I cannot login into Horizon no more.

What should I do to gain Internet access to my VMs?

Thanks