0

I looking for a scenario where i can reach a instance created in a OPENSTACK Rocky version with an IP directly on the network created (inst-1 launched on 172.6.0.0/24 network) got an ip address of 172.6.0.5 So i want to ping 172.6.0.5 directly from controller machine without using the floating ip.

I know the provider network concept by associating a floating ip for the instance to reach the VM externally. But i am checking for the other approach to directly get access the VM IP from controller. Can someone help me out if you have any suggestion on this.

Thanks in advance.

praveen velugubantla
  • 15
  • 4

1 Answers1

3

You need a route to the tenant network to which the instance is attached. In case the external bridge, often named br-ex, is located on that controller, just create a suitable routing table entry. Assuming the subnet is 172.6.0.0/24, this command takes care of it:

ip route add 172.6.0.0/24 dev br-ex

How to make this route persistent depends on the network management tool used on that server.

Note that this only gives you access to that instance from that controller, not from other devices.

berndbausch
  • 869
  • 10
  • 18
  • Yeah i tried this "ip route add 172.6.0.0/24 dev br-provider" but still not able to reach the host, "From 20.0.0.1 icmp_seq=1 Destination Host Unreachable" – praveen velugubantla Dec 15 '20 at 12:11
  • Have you set up the instance's security groups? Can the instance reach outside devices? If yes, I would have to look at your server to understand what's going on. Routing tables, bridge configuration, network parameters in the corresponding network namespace and the like. Was this a manual setup or did you use a deployment tool? – berndbausch Dec 17 '20 at 04:37
  • Sorry for the late response, Yes my instance had default security group and it is able to reach the outside lan network where my controller resides and able to ping google also. I had not used any deployment tool for this setup, Fully done based on the documentation provided in the openstack docs. – praveen velugubantla Dec 24 '20 at 11:53
  • By default, the *default* security group blocks all incoming traffic and allows all outgoing traffic. If you did not add rules to the *default* security group, all attempts to connect to the instance will be blocked. – berndbausch Dec 25 '20 at 15:29
  • Thanks berndbaush, I will try to add the rules which can allow all the incoming traffic also. Last time you told, you want to check my server to investigate further, so shall we have some call to do it. – praveen velugubantla Dec 26 '20 at 16:28
  • Befriend me on LinkedIn https://www.linkedin.com/in/berndbausch (or is there a messaging function on Stackoverflow?). But first, try creating the rules. – berndbausch Dec 27 '20 at 14:20
  • Sure will check those and get back. Thank you – praveen velugubantla Dec 28 '20 at 06:09