I installed Octavia service in Openstack and it worked! But in my openstack port list there are two related ports (amphora and loadbalancer) and LB port is down! What's wrong?
Note that my loadbalancer has active and online statuses, but I don't know why its port is down or what is its effect.
Summary: This is completely normal and how Octavia manages high availability.
Octavia uses a VIP address that can be moved between amphora (service VMs) for recovery from hypervisor failures. Inside the amphora, the port gets this VIP address assigned as a "secondary" IP.
In neutron, this address is handled with a VIP port, which reserves the VIP IP address (so we can move it to a replacement amphora VM if needed). This port is in the "DOWN" status.
To allow multiple IPs on a neutron port you have to use what neutron calls an "allowed address pair". If you look at the details of the port that is up, you will see the "allowed address pair" setting on the port that references the VIP port information and IP.
Related
I am running Devstack on my machine and i would like to know if it is possible to ping an instance from Host. The default external network of Devstack is 172.24.4.0/24 and br-ex on Host has the IP 172.24.4.1. I launch an instance using the internal network of Devstack (192.168.233.0/24) and the instance gets the IP 192.168.233.100. My Host's IP is 192.168.1.10. Is there a way to ping 192.168.233.100 from my Host? Another thing i thought is to boot up a VM directly to the external network (172.24.4.0/24) but the VM does not boot up correctly. I can only use that network for associating floating IP's.
I have edited the security group and i have allowed ICMP and SSH, so this is not a problem.
I have created a firewall rule in VPC network for port 22 by assigning an IP with the port e.g (192.168.xx.yy) instead of 0.0.0.0/0 in the rules. Now, when I create a compute engine VM instance in Google Cloud Platform and SSH into it, it states that "cannot connect to port 22".
I don't want the port tcp:22 to have ip range 0.0.0.0/0 but only have a single ip as stated above? How can I solve this issue?
The 192.168.x.x is an internal IP address, and in your situation would apply to a VM instance within the same network as the instance you want to connect to.
If you want to connect from outside that network, you'll need to set the source of the firewall rule to the external IP of the instance/machine you want to connect from. You can get your external IP by going to https://whatismyipaddress.com for example.
The firewall rule setting would be something like this:
Direction of traffic: Ingress
Action on match: Allow
Targets: Specified target tags (for example)
Source filter: IP ranges
Source IP ranges: x.x.x.x/32 (your external IP)
If you would not like to have your GCE instance's port 22 open to internet, but you would like to connect to it, I propose you 2 different solutions:
Create a bastion host. This VM is a proxy to access to your GCE instances. You log into the bastion and then you can perform a ssh hop to your GCE instance. Only the bastion host is opened to internet on port 22. And you can start this Bastion VM only when you need to connect to your others GCE instances, that increase the security and decrease the risk of attack on this "backdoor" instance.
For both the bastion and for directly reaching your VM on port 22, you can limit the source IP of your firewall rule to your current IP.
But remember, the IP is not a source of truth.
Hello Everyone!
I want to know that is there any way to access a photocopier machine which is connected to a computer through Ethernet wire and that computer is connected to my WiFi network?
P.S: What if I don't know the IP assigned to that Photocopier machine?
If the wireless network is part of the wired network you should have any problem reaching the photocopier.
If you don't know the IP address, you can reach it by host name if the DHCP and DNS are working properly. If you are on an Active Directory infrastructure and DHCP and DNS are integrated it should be transparent.
If you are on your home with a "home" router they usually do the hostname to IP resolve (DNS).
You can nslookup hostname in your machine to see if your dns is resolving the ip address. you can also ping hostname or ping ip address to test that you can reach the desired host. Some hosts block ping (ICMP) requests, please note that ping is ping does not respond is not a definitive solution.
Please note that in your home router you should use your router or default gateway to be the DNS also, and then add the google public DNS or your ISP.
Also when connecting the access point to an existing network you may have 2 DHCP servers providing IP addresses to hosts, you should disable DHCP on the Access Point and connect the AP to the network using the switch port and not the WAN port (the WAN port will try to do NAT and assign a different set of IP addresses).
I have this neutron private subnet 10.200.206.0/23
when I created a port using this subnet, it should give me 10.200.206.1 as I expected since nobody uses this .1 ip yet.
Instead it gave me 10.200.206.20
Note this subnet had been used previously and deleted all ports/ip that used by other instances. I am 100% that this ip 10.200.206.1 is not in-used.
DHCP is disabled.
Can we actually reset the old info from this subnet in OpenStack DB backend?
Once you start using a subnet, Neutron DB will keep track of used IP addresses and doesn't reassign until all the addresses are used once.
Easiest way to reset is to remove the subnet and recreate it again.
I have created two network in openstack (Hawana -ubuntu 12.04 LTS) (192.168.1.0/28, 192.168.1.16/28) and both network have their instances. Instances can ping the gateway of another network
but instance can not ping another instance in that network.
for example Network one: 192.168.1.0/28 gateway is 192.168.1.1 and Instance ip 192.168.1.2
network two: 192.168.1.16/28 gateway is 192.168.1.17 and instance ip is 192.168.1.18
now 192.168.1.18 machine can ping 192.168.1.1 but not 192.168.1.2
please tell me the exact problem of it.
The two networks (subnets, actually) should be connected via a single router for instances on the networks to reach each other.
And as #Brenne mentioned, ICMP packets (ping) have to be explicitly enabled in the security group. By default, they are not allowed.