I am having openstack installed with packstack and my dashboard is running.
Infrastructure Details :
VM1(CentOS7) : 10.151.1.116 Compute Node
VM2(CentOS7) : 10.151.1.230 Controller Node
Network details :
Public Network : 10.151.1.240 to 10.151.1.245
Private Network : 172.16.10.0/24 DHCP ENABLED
Commands to create Networks and Router:
neutron net-create extnet --provider:network_type flat --provider:physical_network extnet --router:external=True --shared
openstack subnet create --network extnet --allocation-pool start=10.151.1.240,end=10.151.1.245 --gateway 10.151.1.1 --subnet-range 10.151.1.0/24 extnet
openstack network create private
openstack subnet create --network private --gateway 172.16.10.1 --subnet-range 172.16.10.0/24 private
openstack router create router
neutron router-interface-add router private
neutron router-gateway-set router extnet
After above steps I have restarted the network.
Now My router external interface get ip 10.151.1.242
I am able to ping this ip from controller node(i.e 10.151.1.230) but not from any other nodes in network like my localmachine which is having ip (10.122.19.138).
Note : I have allowed all protocols including ICMP from security groups.
Version of openstack : openstack-queens
Answerfile : https://gist.github.com/cthakar/277f7c813adf68b977b197d8c5a0195f
Can anyone help me for this what configuration I missed it ? It would be a great help.
Thank you!
Related
Currently I have setup an instance with one interface and a vip with keepalived. Communication to the primary interface is working but not to the vip. I have tried adding an additional port with the ip address but with no luck. Below is what I have tried and the error. (192.168.1.50 - is the vip)
openstack port create --network l_network --fixed-ip subnet=10990c09-5893-4r68-ecre-307ed7740ey6,ip-address=192.168.1.50 --mac-address=fb:17:3d:a6:08:37 port1
Unable to complete operation for network
f6601b8f-dhb2-4567-t399-124fb5hd8895. The mac address
fb:17:3d:a6:08:37 is in use.
I managed to get it working by creating an additional port and then linking it to the Openstack Instance
Create the port for VIP
neutron port-create --fixed-ip subnet_id=<subnet_id>,ip_address=192.168.1.50 --no-security-groups --name "vip" <id_of_net>
to find id of subnet and network id:
neutron net-list
link the port to the instances:
neutron port-update <port_id_of_current_instance> --allowed-address-pairs type=dict list=true ip_address=192.168.1.50
to find the port_ids:
neutron port-list
I created a vm (vm-devstack-01) using Vagrant and Virtualbox in which I installed Devstack. The vm has an enp0s3 interface in NAT mode and an enp0s8 interface in bridge mode. The real network I use in my house is 192.168.88.0/24. This network uses DHCP addressing.
vm-devstack-01:
I set FLOATING_RANGE from local.conf to 192.168.88.224/27.
My local.conf:
[[local|localrc]]
ADMIN_PASSWORD=admin
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
HOST_IP=192.168.88.43
FLAT_INTERFACE=enp0s8
FLOATING_RANGE=192.168.88.224/27
FIXED_RANGE=10.11.12.0/24
FIXED_NETWORK_SIZE=256
Later I created a debian VM (vm-debian-01) on openstack which received floating ip 192.168.88.230.
Also, the security group releasing the ping was created:
Ingress IPv4 ICMP Any 0.0.0.0/0
With this configuration it was possible to ping vm-devstack-01 to vm-debian-01 created inside openstack.
But I can't ping from the real machine (my notebook - IP 192.168.88.28) to vm-debian-01. What am I doing wrong ?
You need MASQUERADE definitions on your Openstack host machine.
That is, network translation for packets to-from your VM.
At the same time, you need routing to your Openstack host from all other networks that you want to reach VM's.
Masquerade rules
Routing
Proper Security Group settings in Openstack
I have the following topology
vm
(enp0s9 : 192.168.4.2/24)
vm1
(enp0s9 : 192.168.4.1/24)
(enp0s10 : 192.168.3.1/24)
vm2
(enp0s10 : 192.168.3.2/24)
I have the right l3 routing information set up on each vm and vm2
I am able to ping
vm -> vm1
and vm2->vm1
also
ping vm -> 192.168.3.1
and
ping vm2->192.168.4.1
but I am not able to ping
vm->vm2
and vm2->vm
I am attaching screen shots for reference
Git it resolved, I forgot to check the ip forwarding on vm1
sysctl net.ipv4.ip_forward=1
I'm new to openstack, I follow eveything in this manual: http://docs.openstack.org/mitaka/install-guide-rdo/keystone.html (http://docs.openstack.org/mitaka/inst...) and I install on 2 node (controller - compute), choose option 2 (Self-service networks) . After install I can create public network, private network, router - launch instance . I had edited rule for security group, but I can not ping from cirros instance to internet . This is error when I ping router gateway from controller node:
[root#controller ~]# ping 192.168.77.42
PING 192.168.77.42 (192.168.77.42) 56(84) bytes of data.
From 192.168.77.21 icmp_seq=1 Destination Host Unreachable
From 192.168.77.21 icmp_seq=2 Destination Host Unreachable
From 192.168.77.21 icmp_seq=3 Destination Host Unreachable
From 192.168.77.21 icmp_seq=4 Destination Host Unreachable
please tell me what i missing when install mitaka. I think problem bettwen router and public gateway. thanks you.
verify your private Network settings like DNS address ...
If you use Neutron make sure that you correctly configured your
Network Interface Card and external bridge
verify firewall settings
here is a good tutorial that may help you :
Installing Openstack Mitaka
I want to configure routing and NAT via Neutron in OpenStack, How do I get started with it?
I have created a network with two internal networks (and instances on them as well). Now I want to know the commands for configuring routing protocols and NAT. I checked OpenStack documentation but could not find anything handy.
Can someone please help me or give me an idea on how to get started with it?
Well, this will a long answer to your question. For start, I assume you understand what is external / internal network with respect to Openstack Neutron and have a working setup ( having br-ex / external bridge as well )
So first part for SNATing
First thing for simplicity, follow these steps in admin tenant / admin user using Dashboard
1- Create one internal network
2- Create a router
3- Add a VM / instance to internal network
4- Add subnet gateway interface on router
5- Now as an Admin, create external network.
External network can be created by administrator only.
6- Now add this external network as the router gateway interface
So now you have one VM in an internal network. Subnet gateway interface on router and router gateway interface from external network
Thats it from openstack point of view
Here is he list of commands to do the same from CLI
$ source keystone_admin
Here keystone_admin is my RC file
Run the following commands to enable ping and ssh on VM as well from external network directly without keypair
$ nova --no-cache secgroup-add-rule default icmp -1 -1 0.0.0.0/0
$ nova --no-cache secgroup-add-rule default tcp 22 22 0.0.0.0/0
$ neutron net-create external_network --shared --router:external=True
$ neutron subnet-create external_network --name external_subnet --allocation-pool start=192.168.122.2,end=192.168.122.20 --disable-dhcp --gateway 192.168.122.1 192.168.122.0/24
$ neutron net-create internal_network
$ neutron subnet-create internal_network --name internal_subnet --allocation-pool start=10.10.1.2,end=10.10.1.20 --disable-dhcp --gateway 10.10.1.1 10.10.1.0/24
$ neutron net-list
$ neutron subnet-list
$ neutron router-create router
$ neutron router-interface-add router internal_subnet
$ neutron router-list
$ neutron router-interface-add router internal_subnet
$ neutron router-gateway-set router external_network
Launch a VM from the Horizon ( its a long command from CLI )
Here I have assumed that the external network is 192.168.122.0/24 and internal network is 10.10.1.0/24
So now you have a ready setup from Openstack Point of view for SNAT. Now we need to add a physical interface (ethx) to the BR-EX to test it.
So all you need to do is add the physical interface on the bridge and modify the "ifcfg" files
The following are the steps for RHEL 6.5- ( For others you'll have to look up on the net- search for something like add a physical interface to an OVS Bridge in Ubuntu, etc.. )
$ cd /etc/sysconfig/network-scripts/
in this directory create these two file if not already present else modify the existing-
$ vi ifcfg-br-ex
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR= e.g. 192.168.122.153
NETMASK= e.g. 255.255.255.0 for our case- 192.168.122.0/24 for external network
GATEWAY= e.g. 192.168.122.1
ONBOOT=yes
$ vi ifcfg-ethx
DEVICE=ethx
TYPE=OVSPort
DEVICETYPE=ovs
ONBOOT=no
NM_CONTROLLED=yes
BOOTPROTO=static
OVS_BRIDGE=br-ex
now run
$ service network restart
Just to be sure that the setup is up and running
$ ifup br-ex
$ ifup eth2
Also on doing
$ ovs-ofctl show br-ex
it should display "ethx" in the output
So now you have a working SNAT setup. you can try the following in the VM / instance from the console in Dashboard-
$ ping 8.8.8.8
Now for DNAT-
run the following commands
$ neutron floatingip-create external_network
This creates a floating IP and displays the "id" ( floatingip_id )
$ neutron port-list
From this list, fetch the "id" of the VM ( port_id_of_instance )
$ neutron floatingip-associate
And BAM now you have DNAT ready.
To test the DNAT, try doing something like
$ ping
from the external network machine
I have tried to keep it direct but ofcourse this demands some sort of understanding of Openstack Neutron and Linux!! :p :)
You can refer to- https://openstack.redhat.com/Networking_in_too_much_detail