[rhos-list] floating IP not reachable

Rhys Oxenham roxenham at redhat.com
Wed Jul 24 21:48:50 UTC 2013


Hi Nicolas,

Thanks for sending that over, it looks good to me; the important NAT rules are in-place, e.g. 

-A nova-network-OUTPUT -d 10.192.76.135/32 -j DNAT --to-destination 192.168.32.3 
-A nova-network-OUTPUT -d 10.192.76.136/32 -j DNAT --to-destination 192.168.32.2
(And associated SNAT)

And then for the security groups-

ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
ACCEPT     icmp --  anywhere             anywhere    

Your em2 interface is also listening on the correct IP addresses:

inet 10.192.76.135/32 scope global em2
inet 10.192.76.136/32 scope global em2

So you're saying that you can directly access your instances by using the internal IP, i.e. the 192.168.32.0/22 network? But NOT via the floating IP's? I just need to understand what you cannot currently access; my concern is that there's no link between the local loopback device and your instances so I need to establish what works and what doesn't.

Cheers
Rhys


On 24 Jul 2013, at 16:43, Nicolas VOGEL <nvogel67 at hotmail.com> wrote:

> Hello Rhys,
> 
> Thanks for your answer.
> I put all the outputs you asked.
> The outputs were made with two VMs running and floating IPs associated (192.168.32.2/10.192.76.136 and 192.168.32.3/10.192.76.135, see nova list output).
> I connected via ssh to the first VM and I could ping the second, the I thing internal communication is OK.
> I put the complete output from iptables commands because I don't know what you want to verify and I'm not very good with iptables.
> Thanks for your help!
> 
> 1) ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
>    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>    inet 127.0.0.1/8 scope host lo
>    inet 169.254.169.254/32 scope link lo
>    inet6 ::1/128 scope host 
>       valid_lft forever preferred_lft forever
> 2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
>    link/ether 84:2b:2b:6c:fd:0f brd ff:ff:ff:ff:ff:ff
>    inet 10.192.75.190/24 brd 10.192.75.255 scope global em1
>    inet6 fe80::862b:2bff:fe6c:fd0f/64 scope link 
>       valid_lft forever preferred_lft forever
> 3: em2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
>    link/ether 84:2b:2b:6c:fd:10 brd ff:ff:ff:ff:ff:ff
>    inet 10.192.76.135/32 scope global em2
>    inet 10.192.76.136/32 scope global em2
>    inet6 fe80::862b:2bff:fe6c:fd10/64 scope link 
>       valid_lft forever preferred_lft forever
> 4: p1p1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
>    link/ether 00:1b:21:7c:b8:38 brd ff:ff:ff:ff:ff:ff
> 5: p1p2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
>    link/ether 00:1b:21:7c:b8:39 brd ff:ff:ff:ff:ff:ff
> 6: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
>    link/ether 52:54:00:d6:4f:da brd ff:ff:ff:ff:ff:ff
>    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
> 7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 500
>    link/ether 52:54:00:d6:4f:da brd ff:ff:ff:ff:ff:ff
> 9: br100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
>    link/ether fe:16:3e:04:d9:a2 brd ff:ff:ff:ff:ff:ff
>    inet 192.168.32.1/22 brd 192.168.35.255 scope global br100
>    inet6 fe80::3c6c:d7ff:fe0b:c6af/64 scope link 
>       valid_lft forever preferred_lft forever
> 10: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
>    link/ether fe:16:3e:04:d9:a2 brd ff:ff:ff:ff:ff:ff
>    inet6 fe80::fc16:3eff:fe04:d9a2/64 scope link 
>       valid_lft forever preferred_lft forever
> 11: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
>    link/ether fe:16:3e:2f:a5:0e brd ff:ff:ff:ff:ff:ff
>    inet6 fe80::fc16:3eff:fe2f:a50e/64 scope link 
>       valid_lft forever preferred_lft forever
> ==================================================================
> 
> 2) brctl show
> bridge name     bridge id               STP enabled     interfaces
> br100           8000.fe163e04d9a2       no              vnet0
>                                                        vnet1
> virbr0          8000.525400d64fda       yes             virbr0-nic
> ==================================================================
> 
> 3) nova list
> +--------------------------------------+---------+--------+-----------------------------------------+
> | ID                                   | Name    | Status | Networks                                |
> +--------------------------------------+---------+--------+-----------------------------------------+
> | 0dd1311a-f188-4570-af5d-dbf0fe62d50e | fed32-1 | ACTIVE | novanetwork=192.168.32.2, 10.192.76.136 |
> | 57960ee0-e2f2-4a08-8560-3bf39c489b78 | fed64-1 | ACTIVE | novanetwork=192.168.32.3, 10.192.76.135 |
> +--------------------------------------+---------+--------+-----------------------------------------+
> ==================================================================
> 
> 4) nova-manage network-list
> id      IPv4                    IPv6            start address   DNS1            DNS2            VlanID          project         uuid           
> 1       192.168.32.0/22         None            192.168.32.2    8.8.4.4         None            None            None            e2e597a5-7606-4335-911a-d8cadcb840d6
> ===================================================================
> 
> 5) nova secgroup-list
> +---------+-------------+
> | Name    | Description |
> +---------+-------------+
> | default | default     |
> +---------+-------------+
> ====================================================================
> 
> 6) nova secgroup-list-rules <your assigned group>
> +-------------+-----------+---------+-----------+--------------+
> | IP Protocol | From Port | To Port | IP Range  | Source Group |
> +-------------+-----------+---------+-----------+--------------+
> | icmp        | -1        | -1      | 0.0.0.0/0 |              |
> | tcp         | 22        | 22      | 0.0.0.0/0 |              |
> +-------------+-----------+---------+-----------+--------------+
> ============================================================================
> 
> 7) iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination         
> nova-network-INPUT  all  --  anywhere             anywhere            
> nova-compute-INPUT  all  --  anywhere             anywhere            
> nova-api-INPUT  all  --  anywhere             anywhere            
> ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
> ACCEPT     tcp  --  anywhere             anywhere            multiport dports http /* 001 horizon incoming */ 
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
> ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps 
> ACCEPT     tcp  --  anywhere             anywhere            multiport dports http /* 001 nagios incoming */ 
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps 
> ACCEPT     tcp  --  anywhere             anywhere            multiport dports iscsi-target,8776 /* 001 cinder incoming */ 
> ACCEPT     tcp  --  anywhere             anywhere            multiport dports 5666 /* 001 nrpe incoming */ 
> ACCEPT     tcp  --  anywhere             anywhere            multiport dports armtechdaemon /* 001 glance incoming */ 
> ACCEPT     tcp  --  anywhere             anywhere            multiport dports rsync /* 001 rsync incoming */ 
> ACCEPT     tcp  --  anywhere             anywhere            multiport dports webcache /* 001 swift proxy incoming */ 
> ACCEPT     tcp  --  anywhere             anywhere            multiport dports x11,6001,6002,rsync /* 001 swift storage incoming */ 
> ACCEPT     tcp  --  anywhere             anywhere            multiport dports commplex-main,35357 /* 001 keystone incoming */ 
> ACCEPT     tcp  --  anywhere             anywhere            multiport dports vnc-server:cvsup /* 001 nova compute incoming */ 
> ACCEPT     tcp  --  anywhere             anywhere            multiport dports mysql /* 001 mysql incoming */ 
> ACCEPT     tcp  --  anywhere             anywhere            multiport dports 6080 /* 001 novncproxy incoming */ 
> ACCEPT     tcp  --  anywhere             anywhere            multiport dports 8773,8774,8775 /* 001 novaapi incoming */ 
> ACCEPT     tcp  --  anywhere             anywhere            multiport dports amqp /* 001 qpid incoming */ 
> ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
> ACCEPT     icmp --  anywhere             anywhere            
> ACCEPT     all  --  anywhere             anywhere            
> ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
> REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 
> 
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination         
> nova-filter-top  all  --  anywhere             anywhere            
> nova-network-FORWARD  all  --  anywhere             anywhere            
> nova-compute-FORWARD  all  --  anywhere             anywhere            
> nova-api-FORWARD  all  --  anywhere             anywhere            
> ACCEPT     all  --  anywhere             192.168.122.0/24    state RELATED,ESTABLISHED 
> ACCEPT     all  --  192.168.122.0/24     anywhere            
> ACCEPT     all  --  anywhere             anywhere            
> REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
> REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable 
> REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination         
> nova-filter-top  all  --  anywhere             anywhere            
> nova-network-OUTPUT  all  --  anywhere             anywhere            
> nova-compute-OUTPUT  all  --  anywhere             anywhere            
> nova-api-OUTPUT  all  --  anywhere             anywhere            
> 
> Chain nova-api-FORWARD (1 references)
> target     prot opt source               destination         
> 
> Chain nova-api-INPUT (1 references)
> target     prot opt source               destination         
> ACCEPT     tcp  --  anywhere             10.192.75.190       tcp dpt:8775 
> 
> Chain nova-api-OUTPUT (1 references)
> target     prot opt source               destination         
> 
> Chain nova-api-local (1 references)
> target     prot opt source               destination         
> 
> Chain nova-compute-FORWARD (1 references)
> target     prot opt source               destination         
> ACCEPT     udp  --  default              255.255.255.255     udp spt:bootpc dpt:bootps 
> ACCEPT     all  --  anywhere             anywhere            
> ACCEPT     all  --  anywhere             anywhere            
> 
> Chain nova-compute-INPUT (1 references)
> target     prot opt source               destination         
> ACCEPT     udp  --  default              255.255.255.255     udp spt:bootpc dpt:bootps 
> 
> Chain nova-compute-OUTPUT (1 references)
> target     prot opt source               destination         
> 
> Chain nova-compute-inst-2 (1 references)
> target     prot opt source               destination         
> DROP       all  --  anywhere             anywhere            state INVALID 
> ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
> nova-compute-provider  all  --  anywhere             anywhere            
> ACCEPT     udp  --  192.168.32.1         anywhere            udp spt:bootps dpt:bootpc 
> ACCEPT     all  --  192.168.32.0/22      anywhere            
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
> ACCEPT     icmp --  anywhere             anywhere            
> nova-compute-sg-fallback  all  --  anywhere             anywhere            
> 
> Chain nova-compute-inst-3 (1 references)
> target     prot opt source               destination         
> DROP       all  --  anywhere             anywhere            state INVALID 
> ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
> nova-compute-provider  all  --  anywhere             anywhere            
> ACCEPT     udp  --  192.168.32.1         anywhere            udp spt:bootps dpt:bootpc 
> ACCEPT     all  --  192.168.32.0/22      anywhere            
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
> ACCEPT     icmp --  anywhere             anywhere            
> nova-compute-sg-fallback  all  --  anywhere             anywhere            
> 
> Chain nova-compute-local (1 references)
> target     prot opt source               destination         
> nova-compute-inst-2  all  --  anywhere             192.168.32.2        
> nova-compute-inst-3  all  --  anywhere             192.168.32.3        
> 
> Chain nova-compute-provider (2 references)
> target     prot opt source               destination         
> 
> Chain nova-compute-sg-fallback (2 references)
> target     prot opt source               destination         
> DROP       all  --  anywhere             anywhere            
> 
> Chain nova-filter-top (2 references)
> target     prot opt source               destination         
> nova-network-local  all  --  anywhere             anywhere            
> nova-compute-local  all  --  anywhere             anywhere            
> nova-api-local  all  --  anywhere             anywhere            
> 
> Chain nova-network-FORWARD (1 references)
> target     prot opt source               destination         
> ACCEPT     all  --  anywhere             anywhere            
> ACCEPT     all  --  anywhere             anywhere            
> 
> Chain nova-network-INPUT (1 references)
> target     prot opt source               destination         
> ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps 
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps 
> ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
> ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
> 
> Chain nova-network-OUTPUT (1 references)
> target     prot opt source               destination         
> 
> Chain nova-network-local (1 references)
> target     prot opt source               destination         
> ================================================================================
> 
> 8) iptables -L -t nat
> Chain PREROUTING (policy ACCEPT)
> target     prot opt source               destination         
> nova-network-PREROUTING  all  --  anywhere             anywhere            
> nova-compute-PREROUTING  all  --  anywhere             anywhere            
> nova-api-PREROUTING  all  --  anywhere             anywhere            
> 
> Chain POSTROUTING (policy ACCEPT)
> target     prot opt source               destination         
> nova-network-POSTROUTING  all  --  anywhere             anywhere            
> nova-compute-POSTROUTING  all  --  anywhere             anywhere            
> nova-api-POSTROUTING  all  --  anywhere             anywhere            
> MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535 
> MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535 
> MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24    
> nova-postrouting-bottom  all  --  anywhere             anywhere            
> 
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination         
> nova-network-OUTPUT  all  --  anywhere             anywhere            
> nova-compute-OUTPUT  all  --  anywhere             anywhere            
> nova-api-OUTPUT  all  --  anywhere             anywhere            
> 
> Chain nova-api-OUTPUT (1 references)
> target     prot opt source               destination         
> 
> Chain nova-api-POSTROUTING (1 references)
> target     prot opt source               destination         
> 
> Chain nova-api-PREROUTING (1 references)
> target     prot opt source               destination         
> 
> Chain nova-api-float-snat (1 references)
> target     prot opt source               destination         
> 
> Chain nova-api-snat (1 references)
> target     prot opt source               destination         
> nova-api-float-snat  all  --  anywhere             anywhere            
> 
> Chain nova-compute-OUTPUT (1 references)
> target     prot opt source               destination         
> 
> Chain nova-compute-POSTROUTING (1 references)
> target     prot opt source               destination         
> 
> Chain nova-compute-PREROUTING (1 references)
> target     prot opt source               destination         
> 
> Chain nova-compute-float-snat (1 references)
> target     prot opt source               destination         
> 
> Chain nova-compute-snat (1 references)
> target     prot opt source               destination         
> nova-compute-float-snat  all  --  anywhere             anywhere            
> 
> Chain nova-network-OUTPUT (1 references)
> target     prot opt source               destination         
> DNAT       all  --  anywhere             10.192.76.135       to:192.168.32.3 
> DNAT       all  --  anywhere             10.192.76.136       to:192.168.32.2 
> 
> Chain nova-network-POSTROUTING (1 references)
> target     prot opt source               destination         
> ACCEPT     all  --  192.168.32.0/22      10.192.75.190       
> ACCEPT     all  --  192.168.32.0/22      192.168.32.0/22     ! ctstate DNAT 
> SNAT       all  --  192.168.32.3         anywhere            ctstate DNAT to:10.192.76.135 
> SNAT       all  --  192.168.32.2         anywhere            ctstate DNAT to:10.192.76.136 
> 
> Chain nova-network-PREROUTING (1 references)
> target     prot opt source               destination         
> DNAT       tcp  --  anywhere             169.254.169.254     tcp dpt:http to:10.192.75.190:8775 
> DNAT       all  --  anywhere             10.192.76.135       to:192.168.32.3 
> DNAT       all  --  anywhere             10.192.76.136       to:192.168.32.2 
> 
> Chain nova-network-float-snat (1 references)
> target     prot opt source               destination         
> SNAT       all  --  192.168.32.3         192.168.32.3        to:10.192.76.135 
> SNAT       all  --  192.168.32.3         anywhere            to:10.192.76.135 
> SNAT       all  --  192.168.32.2         192.168.32.2        to:10.192.76.136 
> SNAT       all  --  192.168.32.2         anywhere            to:10.192.76.136 
> 
> Chain nova-network-snat (1 references)
> target     prot opt source               destination         
> nova-network-float-snat  all  --  anywhere             anywhere            
> SNAT       all  --  192.168.32.0/22      anywhere            to:10.192.75.190 
> 
> Chain nova-postrouting-bottom (1 references)
> target     prot opt source               destination         
> nova-network-snat  all  --  anywhere             anywhere            
> nova-compute-snat  all  --  anywhere             anywhere            
> nova-api-snat  all  --  anywhere             anywhere            
> ===========================================================================
> 
> 9) iptables -S -t nat
> -P PREROUTING ACCEPT
> -P POSTROUTING ACCEPT
> -P OUTPUT ACCEPT
> -N nova-api-OUTPUT
> -N nova-api-POSTROUTING
> -N nova-api-PREROUTING
> -N nova-api-float-snat
> -N nova-api-snat
> -N nova-compute-OUTPUT
> -N nova-compute-POSTROUTING
> -N nova-compute-PREROUTING
> -N nova-compute-float-snat
> -N nova-compute-snat
> -N nova-network-OUTPUT
> -N nova-network-POSTROUTING
> -N nova-network-PREROUTING
> -N nova-network-float-snat
> -N nova-network-snat
> -N nova-postrouting-bottom
> -A PREROUTING -j nova-network-PREROUTING 
> -A PREROUTING -j nova-compute-PREROUTING 
> -A PREROUTING -j nova-api-PREROUTING 
> -A POSTROUTING -j nova-network-POSTROUTING 
> -A POSTROUTING -j nova-compute-POSTROUTING 
> -A POSTROUTING -j nova-api-POSTROUTING 
> -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 
> -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 
> -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE 
> -A POSTROUTING -j nova-postrouting-bottom 
> -A OUTPUT -j nova-network-OUTPUT 
> -A OUTPUT -j nova-compute-OUTPUT 
> -A OUTPUT -j nova-api-OUTPUT 
> -A nova-api-snat -j nova-api-float-snat 
> -A nova-compute-snat -j nova-compute-float-snat 
> -A nova-network-OUTPUT -d 10.192.76.135/32 -j DNAT --to-destination 192.168.32.3 
> -A nova-network-OUTPUT -d 10.192.76.136/32 -j DNAT --to-destination 192.168.32.2 
> -A nova-network-POSTROUTING -s 192.168.32.0/22 -d 10.192.75.190/32 -j ACCEPT 
> -A nova-network-POSTROUTING -s 192.168.32.0/22 -d 192.168.32.0/22 -m conntrack ! --ctstate DNAT -j ACCEPT 
> -A nova-network-POSTROUTING -s 192.168.32.3/32 -m conntrack --ctstate DNAT -j SNAT --to-source 10.192.76.135 
> -A nova-network-POSTROUTING -s 192.168.32.2/32 -m conntrack --ctstate DNAT -j SNAT --to-source 10.192.76.136 
> -A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.192.75.190:8775 
> -A nova-network-PREROUTING -d 10.192.76.135/32 -j DNAT --to-destination 192.168.32.3 
> -A nova-network-PREROUTING -d 10.192.76.136/32 -j DNAT --to-destination 192.168.32.2 
> -A nova-network-float-snat -s 192.168.32.3/32 -d 192.168.32.3/32 -j SNAT --to-source 10.192.76.135 
> -A nova-network-float-snat -s 192.168.32.3/32 -o em2 -j SNAT --to-source 10.192.76.135 
> -A nova-network-float-snat -s 192.168.32.2/32 -d 192.168.32.2/32 -j SNAT --to-source 10.192.76.136 
> -A nova-network-float-snat -s 192.168.32.2/32 -o em2 -j SNAT --to-source 10.192.76.136 
> -A nova-network-snat -j nova-network-float-snat 
> -A nova-network-snat -s 192.168.32.0/22 -o em2 -j SNAT --to-source 10.192.75.190 
> -A nova-postrouting-bottom -j nova-network-snat 
> -A nova-postrouting-bottom -j nova-compute-snat 
> -A nova-postrouting-bottom -j nova-api-snat
> ========================================================================================
> 
> 10)em1 config file
> DEVICE=em1
> HWADDR=84:2B:2B:6C:FD:0F
> TYPE=Ethernet
> UUID=e65a3f54-594e-4b2a-bd63-b488ba0d7adb
> ONBOOT=yes
> NM_CONTROLLED=no
> BOOTPROTO=none
> IPADDR=10.192.75.190
> PREFIX=24
> GATEWAY=10.192.75.1
> DNS1=10.192.48.100
> DNS2=10.192.48.101
> ==================================================================================================
> 
> 11) em2 config file
> DEVICE=em2
> HWADDR=84:2B:2B:6C:FD:10
> TYPE=Ethernet
> UUID=ad6f5595-1df3-437d-b231-8b9e5db9c260
> ONBOOT=yes
> NM_CONTROLLED=no
> BOOTPROTO=none
> 
> =================================================================================================
> =================================================================================================
> 
> -----Original Message-----
> From: Rhys Oxenham [mailto:roxenham at redhat.com] 
> Sent: mercredi 24 juillet 2013 17:16
> To: Nicolas VOGEL
> Cc: rhos-list at redhat.com
> Subject: Re: [rhos-list] floating IP not reachable
> 
> Hi Nicolas,
> 
> When you've got the instance running and a floating-ip assigned, can you please pastebin the output of-
> 
> 1) ip a
> 2) brctl show
> 3) nova list
> 4) nova-manage network-list
> 5) nova secgroup-list
> 6) nova secgroup-list-rules <your assigned group>
> 7) iptables -L
> 8) iptables -L -t nat
> 9) iptables -S -t nat
> 
> Oh, and when you have more than one instance running, can you ping between the instances via 192.168.32.0/22? Make sure to sanitise anything you need to in the pastes.
> 
> Many thanks!
> Rhys
> 
> 
> On 24 Jul 2013, at 16:05, Nicolas VOGEL <nvogel67 at hotmail.com> wrote:
> 
>> Hi,
>> 
>> I just installed a new all-in-one controller without quantum. Everything works fine and now I wan't to use floating IPs like described here:http://openstack.redhat.com/Floating_IP_range. I want to use my second NIC (em2) for this purpose. For the installation, I use my first NIC (em1) and packstack automatically created a bridge (br100).
>> 
>> I deleted the default network and created a new one, which is matching the subnet on which em2 is connected. After that I modified the public_interface in the nova.conf to em2 and also the floating_range with the subnet I just created. I didn't modify the flat_interface and let the default value (lo).
>> 
>> I just enabled the em2 interface but didn't assign any IP address to it.
>> I added two rules to the default group to allow ping and SSH.
>> 
>> I can start VMs and they got an internal IP address (from 192.168.32.0/22). I can also associate a floating IP to each VM. But I'm unable to ping a floating IP.
>> 
>> If someone has any idea to resolve the problem it would be very helpful.
>> And if someone has a configuration who runs correctly I would be interested how you configured your network interfaces and your nova.conf.
>> 
>> Thanks,  Nicolas.
>> 
>> Here’s an output from my nova.conf :
>> public_interface=em2
>> default_floating_pool=nova
>> novncproxy_port=6080
>> dhcp_domain=novalocal
>> libvirt_type=kvm
>> floating_range=10.192.76.0/25
>> fixed_range=192.168.32.0/22
>> auto_assign_floating_ip=False
>> novncproxy_base_url=http://10.192.75.190:6080/vnc_auto.html
>> flat_interface=lo
>> vnc_enabled=True
>> flat_network_bridge=br100
>> 
>> 
>> _______________________________________________
>> rhos-list mailing list
>> rhos-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/rhos-list
> 





More information about the rhos-list mailing list