Develop Reference

Cannot ping instances of OpenStack machine from external net

I used DevStack(victoria branch) to quick-deploy the OpenStack all-in-one on my Ubuntu-20.04 system. This machine has a public ip address 222.XXX.XXX.XXX on interface eno1, and the DevStack script has automatically added br-ex and virbr0 interfaces on this machine. Here is my config.
#ifconfig
br-ex: inet 172.24.4.1 netmask 255.255.255.0 broadcast 0.0.0.0
eno1: inet 222.XXX.XXX.XXX netmask 255.255.255.128 broadcast 222.XXX.XXX.XXX
virbr0: inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
Now I created an VM instance on image cirros. On my OpenStack dashboard, I created a private network demo-net of type vxlan, and it has a subnet 'demo-subnet', with the CIDR 10.56.1.0/24 and Gateway 10.56.1.1. The DHCP option is on.
Meanwhile, DevStack has already created a public net with CIDR 172.24.4.0/24(bonded to br-ex) and Gateway 172.24.4.1.
There is a router connecting the demo-net and public net.
I allocated a floating IP 172.24.4.124 in the public net's pool to this instance. I can ping this IP on this machine, and vice versa. But the problem is, when I ping 172.24.4.124 on another machine, it fails. I hope to access the VM instance outside the host, so what should I do to fix it?
Any help will be greatly appreciated! Thank you.

By default, Devstack creates an isolated "external" network which it calls public. You can only connect to this network, and all virtual networks that are attached to it, from the Devstack host. You could try to configure port forwarding (iptables command) on the Devstack host, but the real solution is below.
You need to configure Devstack so that it uses your external network 222.XXX.XXX.XXX. The way this is done is documented at https://docs.openstack.org/devstack/latest/networking.html#shared-guest-interface (assuming your Devstack host has a single NIC eno1). In your case, you need to put this in local.conf:
PUBLIC_INTERFACE=eno1
HOST_IP=222.x.x.x
FLOATING_RANGE=222.x.y.z/PREFIX
PUBLIC_NETWORK_GATEWAY=your router, probably 222.something
Q_FLOATING_ALLOCATION_POOL=start=222.a.b.c,end=222.d.e.f
FLOATING_RANGE is the CIDR for the subnet to which eno1 is connected, and PREFIX is the prefix used by eno1. Q_FLOATING_ALLOCATION_POOL is the range of IP addresses in the 222.x.x.x network that you want to use for floating IPs.
You will have to recreate a Devstack (although it might be possible to change the configuration of the current cloud, I would not know how). Before you do that, I would also strongly recommend reinstalling Ubuntu, to ensure no unwanted configurations from your current setup remain.

Devstack networking/can't ping instances

I am facing a problem how to set up network correctly while using ubuntu 17.10 in virtualbox. I have problem with pinging my instances from host PC and even from guest VM. Same problem in instances, they can't ping VMs or host pc. In virtualbox I am using 3 network adapters (NAT for internet access, 2x host only network paravirtualized [one for communication between nodes another one was meant to be public interface for instances]).
/etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
# VirtualBox NAT -- for Internet access to VM
auto enp0s3
iface enp0s3 inet dhcp
auto enp0s8
iface enp0s8 inet static
address 172.18.161.6
netmask 255.255.255.0
auto enp0s9
iface enp0s9 inet manual
up ip link set dev $iface up
down ip link set dev $iface down
And devstack local.conf was from this page (tried all of them):
https://docs.openstack.org/devstack/latest/guides/neutron.html

I don't know what your configuration files looks like, but for sure, I can suggest for these kinda issues, try to debug step by step.
1: From instance, ping default GW, i.e. virtual router connecting internal network with the external network. If success, go to step 2. If fail, you got your culprit.
2: from the virtual router, ping host endpoint. If successful, try the other way round. If fail, you got your culprit.
If everything works fine, check configuration files, default gw, routing rules etc ...
Do let me, if it works or not !!

After to successfully install Devstack, if you want to grant access from and to instances, you need configure a bunch of settings:
In Security Groups add ingress rules to ICMP, SSH, HTTP, HTTPS, etc;
In the private Network, edit private-subnet to add a DNS Name Servers (8.8.8.8, 1.1.1.1, etc);
Allocated some Floating IP's;
Launch some instances;
Associate a floating IP to each instance;
Set the proxy_arp and iptables (in the host Devstack).
Try to follow this:
How to expose the Devstack floating ip to the external world?

The VM can ping the host machine, but can not ping other public IP

I in a remote Server (I call it host machine) setup the OpenStack Ocata.
And in the OpenStack Ocata I created a VM, the VM use the Security Group (named allow ping & ssh), which is created by myself:
Now, I can use my Mac ping the VM. but can not ssh connect to the VM.
And in the VM(it's IP is 192.168.1.4 and floating IP is 103.35.202.3), I can ping 192.168.1.1 and 103.35.202.1(the host machine's public IP), but can not ping google.com or other public IP.
Why in my Mac I can ping the VM but can not ssh to it?
Why in the VM I can ping the host machine, but can not ping other public IP?
where is the issue?

Currently the only Egress traffic allowed out is for ICMP. Egress is missing for TCP/UDP. Add in Egress rules for both UDP (should help resolve the DNS issue) and TCP (should resolve the SSH issue.)
After adding in the Egress rules for TCP - test ssh again.
After adding in the Egress rules for UDP - test DNS resolution, if you are still running into issues then you may want to verify the DNS servers used when configuring the network.

Xen guest VM with two static IP address

I have installed Xen4Centos on Centos7, having single NIC with bridge network and have two VMs on that.
In one VM, I want to add two static IP one for webserver and one for mail server.
So I have created IP alias in guest VM, it was created but it was not pinging from outside public network or from the host.
So if you have any idea how to add second IP in the guest VM then please let me know.
I have searched on Google but most of the tutorials had given example for one IP only.

I have figure out the way to listen the second IP from public network.
I have added second interface in the VM configuration file with MAC address, so inside VM it looks like eth0 and eth1.
Then I have created a routing table for eth1 and added default gateway to eth1. [ ip route add default via XXX.XX.XXX.112 dev eth1 table eth1].
So doing this way second IP in VM was reachable from public network.

NAT'ing on Oracle Virtual Box doesnt works with static host-only IPs

I am facing the below problem on Oracle Virtual Box. Posting it here
in case anyone has faced the similar issue.
I have a 2 node Juno setup on Oracle VBox.
I have configured one of my interfaces as NAT (For internet access,
package downloads etc)
The other interfaces are configured as Host-Only so that I can SSH
into the VM from my Windows machine.
I have assigned static IPs (192.168.56.*) to these host only
interfaces due to OpenStack configuration.
Observation:
When I give a static IP , the NAT interfaces doesn;t gets IP. When i
run dhclient for the NAT interface, it gets 10.0.2.15 as its IP. Even
after that internet doesn't works.
I have edited nameserver in /etc/resolv.conf, even then it doesnt works.
So the question is:
In a VM having 2 interfaces(NAT and host-only), if we give a static IP
to host only interface (192.168.56 series), the internet access doesnt
works on the NAT interface.

It worked after commenting gateway IP in /etc/network/interfaces.
Ref: https://askubuntu.com/questions/446183/how-to-set-up-nat-and-host-only-networking-with-static-ip-address-in-virtualbox
auto eth1
iface eth1 inet static
address 192.168.56.104
netmask 255.255.255.0
#gateway 192.168.56.1
Thanks