An instance created in the OpenStack can not access the internet. I have created an instance from the ubuntu cloud image.
In the security groups, I allowed all the ports for ingress and egress request of ICMP, TCP and UDP. I can ssh the instance and ping the floating IP of the instance and all the other instances on the private network but I can not ping any other IP address outside the network. In the network topology, the router is connecting the public and private network but the instance can not access the internet and i can not ping 8.8.8.8.
Does anyone know how to resolve this issue?
check you ml2 and linuxbridge or ovs agent. this is because of miss-configuration. presumably type-driver and mechanism-driver mismatch, or provider network is not set correctly.
please post your config here, so we can find the problem.
Thanks for your answer. I was able to resolve this issue by allowing ICMP ingress requests because of port 22 in the security groups.
Related
I’ve installed openstack all-in-one in Centos 7. But, i have an issue with networking. I created an external network in ‘flat’ form (192.168.242.0/24 with gateway 192.168.242.1), and a private network (10.10.10.0/24 with gateway 10.10.10.1).
my instances can ping the router’s gateway (192.168.242.22), the floating ip (192.168.242.37), and the host (192.168.242.42), but they can’t reach the real external gateway (192.168.242.1) nor internet. The ping's message is: Destination Host Unreachable.
In return my host (192.168.242.42) can ping the tenant network’s gateway (10.10.10.1), the floating ip, and the router’s gateway.
Also i can ssh in both sides, and i've already permited ICMP in both sides.
Could you please help me with this issue? I'm really stuck with that.
Thank you in advance.
We are using a setup of Openstack-Train through a Packstack installation and Openvswitch as the backend of neutron.
We have created an external network (10.5.0.0/22), which is an internal network of our org. and an private network (10.3.0.0/22) linked via a router.
Our org. network is connected with a Pfsense firewall which has been given permission to connect the network 10.5.0.0/22 to 10.3.0.0/22 of openstack and vice versa.
In the security group of openstack, we have added the egress and ingress rule to allow traffic between the two networks.
However, we are unable to ping or SSH any VMs that are built on the private network (10.3.0.0/22) from our org. network (10.5.0.0/22).
VMs on the private network have internet connectivity and can ping google and ssh into our org. machines that are on the 10.5.0.0/22 ip range.
The only way to SSH into private network VMs seem to via a floating IP.
Is there a way to directly SSH into the private network VMs without using the floating IP?
Or is this part of openstack design?
Thank you
Do you have any physical network hardware like Switches that are configured to only allow a specific VLAN or subnet traffic?
Can you also share how your subnet is configured "openstack subnet show"
Security does isolate traffic outside a subnet so floating IP is alternative way in, but it's possible to have multiple ports on a vm with different subnets and access.
I am using Airflow on GKE and I need to access a SFTP server. This server is protected with an IP whitelisting. The thing is, everytime a worker starts, a new pod is created along with a new IP address.
Does anybody know how to assign a static outgoing ip to the cluster/workers?
You can use Cloud NAT mapping.
Then all the outgoing connections from GKE will be automatically NAT-ed with the outgoing IP of the gateway.
You can read more about it here:
Cloud NAT (https://cloud.google.com/nat/docs/overview)
You can have stable egrees IP there.
The IP of of an instance created through Openstack is 10.0.0.2. But when I tried to ping this IP from other machine, it was not successful, however I am able to ping this IP from the machine on which Openstack(Devstack) is installed.
What could be the reason and how to resolved this?
This may help you: http://www.liquidstate.net/blog/technology/openstack-havana-home-lab-on-centos6-with-external-networking/
Basically, you need a virtual router to connect from you LAN to OpenStack private network.
I think, you don't need a Floating IP exactly on each instance. Only a virtual router, then you can create a static route on each machine in you LAN, for example:
ip route add 10.0.0.0/8 via 192.168.1.100 dev em1
Good Luck!
This IP is a private one, by default, when you deploy a new instance it is deployed with a private IP.
If you want to have a public IP, you need to create a floating IP for your project and afterward, you should assign one IP from this pool to the server instance that you have created previously.
After that you could access to your server instance without any problem.
I hope that it could help you.
I'm trying to SSH into a known good instance inside a new AWS VPN
Set up so far
Elastic IP connected to VPC instance inside public subnet
IGW associated with subnet with CIDR 0.0.0.0/0
Security Groups set up
Does anyone have any debug tips? Does the configuration matter?
Mostly want to know how to debug and isolate issues like this
Check your security group make sure your allowing the SSH port and also the CIDR for the inbound traffic to bind to that port.