Inner-project Floating IP communication is not working

I'm having the same problem.

Check to make sure that you have enable ICMP through the security groups. Devstack and others do that by default, but it's a commonly missed setup.

Check the installation guides for an introduction on how to do this.

-joe

Can you provide your nova.conf ?

Do you have --routing_source_ip flag into it ? I'm not sure, but I think you should have it for nova-network.

Regards

I have --routing_source_ip flag, and ICMP is in the security groups. The strange thing is that associated floating IP works for communicating outside, but instance can't even ping to its own floating IP.

Everything works with floating IP from outside. If the ICMP or routing_ip flag are missed, it shouldn't work with outside, right?

Koji

I see the same as Koji: --routing_source_ip made no difference and ICMP is definitely enabled in the security groups -- ping would not work externally if it was not.

Below is my nova.conf:

--logdir=/var/log/nova
--state_path=/var/lib/nova
--lock_path=/var/lock/nova
--root_helper=sudo nova-rootwrap
--verbose=false
--public_interface=vlan20
--fixed_range=10.0.0.0/8
--image_service=nova.image.glance.GlanceImageService
--use_deprecated_auth=false
--glance_api_servers=cloud.sandbox.cybera.ca:9292
--service_down_time=60
--rabbit_port=5672
--vlan_interface=bond0
--rabbit_virtual_host=/
--vlan_start=100
--sql_connection=mysql://nova:<email address hidden>/nova
--bindir=/usr/bin
--api_paste_config=/etc/nova/api-paste.ini
--rabbit_password=password
--rabbit_userid=nova
--rabbit_host=cloud.sandbox.cybera.ca
--floating_range=199.116.232.40/29
--auth_strategy=keystone
--network_manager=nova.network.manager.VlanManager
--novncproxy_port=6080
--novncproxy_host=0.0.0.0
--metadata_host=192.168.6.2

Here's a link about the similar issue. (maybe not.)
http://serverfault.com/questions/167601/no-ip-works-for-non-internal-clients-pinging-works-internally/167607#167607

I confirmed that hairpin_mode is activated on my compute nodes. And, I'm trying to manually fix somewhere on ip route, ip rule or iptables, but no luck yet.

I also tried these flags, "--baremetal_allow_project_net_traffic=true" and "--allow_same_net_traffic=true", on nova.conf. But didn't change anything as I expected, because they're supposed to be "true" as default.

Since floating IP works fine with other projects and outside, isn't it a bug or something? Floating IP should work within the same project, too.

Any help would be appreciated...

Koji

Hello,

For me, hairpin_mode is not set on any of the vlan interfaces but is set on some of the vnet interfaces (which I think are the KVM nics?):

$ for i in `ls /sys/class/net/br1*/brif/*/hairpin_mode`; do echo $i: `cat $i`; done
/sys/class/net/br100/brif/vlan100/hairpin_mode: 0
/sys/class/net/br100/brif/vnet5/hairpin_mode: 1
/sys/class/net/br101/brif/vlan101/hairpin_mode: 0
/sys/class/net/br102/brif/vlan102/hairpin_mode: 0
/sys/class/net/br102/brif/vnet0/hairpin_mode: 0
/sys/class/net/br103/brif/vlan103/hairpin_mode: 0
/sys/class/net/br103/brif/vnet2/hairpin_mode: 0
/sys/class/net/br103/brif/vnet3/hairpin_mode: 0
/sys/class/net/br103/brif/vnet4/hairpin_mode: 1
/sys/class/net/br103/brif/vnet7/hairpin_mode: 1

Thanks,
Joe

I think /sys/class/net/br*/brif/vnet* are interfaces, so their hairpin_mode sould be 1. But /sys/class/net/br*/brif/vlan* are vlan id or something, not interfaces, so they should be fine as 0.

Koji

Joe, I submitted this as a bug, hoping we would get some more help.

https://bugs.launchpad.net/nova/+bug/1012144

Koji