No connection between the physical interface and qg-
Good day! I use RHEL 7.2 and Openstack Liberty.
I can not solve a problem with access to the external network from the internal network Openstask.
The problem is that qg- interface for some reason not connected with the physical. What I mean:
# ip netns exec qrouter-
PING 172.28.5.249 (172.28.5.249) 56(84) bytes of data.
From 172.28.5.23 icmp_seq=1 Destination Host Unreachable
From 172.28.5.23 icmp_seq=2 Destination Host Unreachable
From 172.28.5.23 icmp_seq=3 Destination Host Unreachable
From 172.28.5.23 icmp_seq=4 Destination Host Unreachable
Then on network node i see:
# tcpdump -i tapf2a91744-53
tcpdump: WARNING: tapf2a91744-53: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tapf2a91744-53, link-type EN10MB (Ethernet), capture size 65535 bytes
15:20:44.043450 ARP, Request who-has 172.28.5.249 tell 172.28.5.23, length 28
15:20:44.310269 ARP, Request who-has 172.28.5.249 tell 172.28.5.23, length 28
15:20:45.045918 ARP, Request who-has 172.28.5.249 tell 172.28.5.23, length 28
And:
# ip netns exec qrouter-
? (172.28.5.249) at <incomplete> on qg-f2a91744-53
? (172.28.5.248) at <incomplete> on qg-f2a91744-53
? (10.0.0.6) at fa:16:3e:6e:da:36 [ether] on qr-b2e900d8-5e
? (172.28.5.247) at <incomplete> on qg-f2a91744-53
? (10.0.0.5) at fa:16:3e:45:54:58 [ether] on qr-b2e900d8-5e
? (172.28.5.240) at <incomplete> on qg-f2a91744-53
If i do ping from external network, then silence:
# tcpdump -i any -n -v \ 'icmp[icmptype] = icmp-echoreply or icmp[icmptype] =icmp-echo'
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
^C
0 packets captured
1 packet received by filter
0 packets dropped by kernel
Iptables enable:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
neutron-
Chain FORWARD (policy ACCEPT)
target prot opt source destination
neutron-filter-top all -- anywhere anywhere
neutron-
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
neutron-filter-top all -- anywhere anywhere
neutron-
Chain neutron-filter-top (2 references)
target prot opt source destination
neutron-
Chain neutron-
target prot opt source destination
Chain neutron-
target prot opt source destination
Chain neutron-
target prot opt source destination
Chain neutron-
target prot opt source destination
Chain neutron-
target prot opt source destination
Chain neutron-
target prot opt source destination
DROP all -- anywhere anywhere /* Default drop rule for unmatched traffic. */
# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
neutron-
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
neutron-
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
neutron-
neutron-
Chain neutron-
target prot opt source destination
Chain neutron-
target prot opt source destination
Chain neutron-
target prot opt source destination
Chain neutron-
target prot opt source destination
Chain neutron-
target prot opt source destination
neutron-
Chain neutron-
target prot opt source destination
neutron-
Question information
- Language:
- English Edit question
- Status:
- Expired
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
|
Revision history for this message
|
#1 |
