Not able to ping/ssh instances

Question

I have succesfully installed openstack instance with Neutron using Devstack(all-in-one). Now I have a set of IPv4 addresses which I need to assign to my instances as floating IP and make them pingable / SSHable from out side the host.

Though I am able to assign the intended IP as Floating IP to my instances but neither they are pingable inside the host nor outside. I have modified the Security group rules to allow SSH and PING. Here is my network details -

stack@tanmoy:/etc/init.d$ neutron net-list
+--------------------------------------+-----------+------------------------------------------------------+
| id                                   | name      | subnets                                              |
+--------------------------------------+-----------+------------------------------------------------------+
| 1566fc4f-60a9-4170-b860-333a264f22d8 | my-public | 101675c6-7c92-4ea0-b361-7cade98fa5a2 10.158.XXX.0/24 |
| be6f76d4-954f-475e-853e-adb860508e9c | public    | 0604470a-761e-4913-998c-cc5413dcd5a6 172.24.4.0/24   |
| e816c35f-45a0-446b-b3ff-ca3196c98eb2 | private   | f4d617a7-e250-45fa-bb0a-95290cfafb20 10.0.0.0/24     |
+--------------------------------------+-----------+------------------------------------------------------+

stack@tanmoy:/etc/init.d$ neutron subnet-list
+--------------------------------------+----------------+-----------------+----------------------------------------------------+
| id                                   | name           | cidr            | allocation_pools                                   |
+--------------------------------------+----------------+-----------------+----------------------------------------------------+
| 0604470a-761e-4913-998c-cc5413dcd5a6 | public-subnet  | 172.24.4.0/24   | {"start": "172.24.4.2", "end": "172.24.4.254"}     |
| 101675c6-7c92-4ea0-b361-7cade98fa5a2 | ipcloud-dev    | 10.158.XXX.0/24 | {"start": "10.158.XXX.56", "end": "10.158.XXX.62"} |
| f4d617a7-e250-45fa-bb0a-95290cfafb20 | private-subnet | 10.0.0.0/24     | {"start": "10.0.0.2", "end": "10.0.0.254"}         |
+--------------------------------------+----------------+-----------------+----------------------------------------------------+

stack@tanmoy:/etc/init.d$ neutron router-list
+--------------------------------------+--------------+-----------------------------------------------------------------------------+
| id                                   | name         | external_gateway_info                                                       |
+--------------------------------------+--------------+-----------------------------------------------------------------------------+
| 811a483a-6faf-4dad-9d28-d51aa9530691 | ExternalLink | {"network_id": "1566fc4f-60a9-4170-b860-333a264f22d8", "enable_snat": true} |
| f71a6574-75c8-424e-ab57-ff0f9a20ef54 | router1      | {"network_id": "be6f76d4-954f-475e-853e-adb860508e9c", "enable_snat": true} |
+--------------------------------------+--------------+-----------------------------------------------------------------------------+

My security rules are as follows -

stack@tanmoy:$ nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 443       | 443     | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| tcp         | 80        | 80      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

I have tried pinging using netns but that also did not work.

stack@tanmoy:/var/log$ sudo ip netns exec qrouter-f71a6574-75c8-424e-ab57-ff0f9a20ef54 ping 10.158.XXX.60
PING 10.158.XXX.60 (10.158.XXX.60) 56(84) bytes of data.
From 10.158.XXX.71 icmp_seq=1 Destination Host Unreachable

Please let me know if I am missing something.

Answer 1

Check whether the br-ex has an ip address ? If not assign 172.24.4.1 ip address and try pining.

Answer 2

I do not think that br-ex should have an IP address assigned to it. I have a all-in one setup but built manually. I noticed that you have two routers defined. When you try to ping via ip netns you are using the namespace of router1. However if I interpret correctly your neutron router-list command this router is not attached to the outside network 10.158.XXX.0. Try doing the ip netns ping from the other router namespace.

Here is my setup that seems to work:

root@columbo:~# ifconfig br-ex
br-ex     Link encap:Ethernet  HWaddr 08:00:27:f9:7b:07  
          inet6 addr: fe80::a83d:11ff:fe5e:b595/64 Scope:Link
          inet6 addr: fd17:625c:f037:1064:19a0:c74a:caf0:b3bd/64 Scope:Global
          inet6 addr: fd17:625c:f037:1064:a00:27ff:fef9:7b07/64 Scope:Global
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:29 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2454 (2.4 KB)  TX bytes:924 (924.0 B)

root@columbo:~# neutron net-list
 +--------------------------------------+---------------+----------------------------------------------------+
| id                                   | name          | subnets                                            |
+--------------------------------------+---------------+----------------------------------------------------+
| 120a6fde-7e2d-4856-90ee-5609a5f3035f | SecondVlan    | 5432f1c9-0bb6-4619-b897-65d301071f72 5.5.5.0/25    |
| f2597437-a005-44ad-9ce2-168fbc331e56 | outside_world | 3fe35e71-53d7-4432-8c82-a06856b79316               |
| b7ab2080-a71a-44f6-9f66-fde526bb73d3 | SERVER_VLAN_1 | 87d769f1-5cf3-48cf-8741-44a01479ff3e 10.255.1.0/24 |
+--------------------------------------+---------------+----------------------------------------------------+

My router is attached to the extrenal network (f2597437-a005-44ad-9ce2-168fbc331e56):

root@columbo:~# neutron router-list
+--------------------------------------+-------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id                                   | name  | external_gateway_info                                                                                                                                                                     |
+--------------------------------------+-------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| e53979a8-8bab-4da5-9b57-58dba6d5db7b | CORE1 | {"network_id": "f2597437-a005-44ad-9ce2-168fbc331e56", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "3fe35e71-53d7-4432-8c82-a06856b79316", "ip_address": "172.16.100.50"}]} |
+--------------------------------------+-------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

My instance has the floating ip 172.16.100.51 and from the router namespace I can ping it:

root@columbo:~# nova list
+--------------------------------------+-----------+---------+--------------+-------------+------------------------------------------+
| ID                                   | Name      | Status  | Task State   | Power State | Networks                                 |
+--------------------------------------+-----------+---------+--------------+-------------+------------------------------------------+
| 624c747f-520c-4215-acac-aaa41eef2815 | CIRROSone | SHUTOFF | -            | Shutdown    | SERVER_VLAN_1=10.255.1.12                |
| 6529c62c-0754-4cc6-a012-e77e71795eb1 | CIRROSone | ACTIVE  | -            | Running     | SERVER_VLAN_1=10.255.1.15, 172.16.100.51 |
| 7784c6ed-eea8-49c9-a312-8c40a77c1758 | CIRROStwo | ACTIVE  | powering-off | Running     | SERVER_VLAN_1=10.255.1.14                |
| 7b6bfc23-f0df-4c40-b558-f8e4bb71028f | UBUNTUone | SHUTOFF | -            | Shutdown    | SERVER_VLAN_1=10.255.1.13                |
| 5c06344c-d5c1-4c0c-b074-c9a30e34759d | UBUNTUtwo | SHUTOFF | -            | Shutdown    | SecondVlan=5.5.5.2                       |
+--------------------------------------+-----------+---------+--------------+-------------+------------------------------------------+

root@columbo:~# ip netns exec qrouter-e53979a8-8bab-4da5-9b57-58dba6d5db7b ping 172.16.100.51
PING 172.16.100.51 (172.16.100.51) 56(84) bytes of data.
64 bytes from 172.16.100.51: icmp_seq=1 ttl=64 time=5.68 ms
64 bytes from 172.16.100.51: icmp_seq=2 ttl=64 time=1.86 ms
^C
--- 172.16.100.51 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.866/3.776/5.687/1.911 ms

If I compare my neutron router-list output to yours there are 2 things different:

1. Your router is not linked to the external network (I am talking about router1 from whose namespace you ran the ping). When you set it as default gateway to a specific network that one is listed there. So again try ping from the other namespace
2. I do not see an IP address mentioned in your output.Maybe you did not copy it... For me I get the first IP in the external network (that is the default behavior)

I hope it helps.