could not access vms thru floating IP
added ICMP and ssh ingress rules to default security group as demo user
created instance VM1 and
after associating floating IP to VM, could not do ssh/ping the VM through floating IP.
[root@rdo-cc ~(keystone_demo)]# ip netns list
qrouter-b22708f6-ce45-4d81-ba7e-6879fc85bb47
qdhcp-7750e74b-cf0f-41f1-a683-883148b3a577
[root@rdo-cc ~(keystone_demo)]# openstack server show vm1
+--------------------------------------+----------------------------------------------------------+
| Field | Value |
+--------------------------------------+----------------------------------------------------------+
| OS-DCF:diskConfig | AUTO |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | Running |
| OS-EXT-STS:task_state | None |
| OS-EXT-STS:vm_state | active |
| OS-SRV-USG:launched_at | 2017-09-08T14:32:57.000000 |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | demo_int=10.0.0.3, 172.24.4.231 |
| config_drive | |
| created | 2017-09-08T14:32:43Z |
| flavor | m1.tiny (1) |
| hostId | e1baaf681fa7a822dad2bee0a626514894fa3dd08407804abbb643e7
[root@rdo-cc ~(keystone_demo)]# ip netns exec qrouter-b22708f6-ce45-4d81-ba7e-6879fc85bb47 ping 10.0.0.3
PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data.
64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=16.8 ms
64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=6.31 ms
64 bytes from 10.0.0.3: icmp_seq=3 ttl=64 time=0.859 ms
could not ping 172.24.4.231 or do ssh
what I am missing?
[root@rdo-cc ~(keystone_demo)]# ip -4 a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 104.239.240.72/24 brd 104.239.240.255 scope global eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 10.100.32.89/20 brd 10.100.47.255 scope global eth1
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 192.168.98.1/24 brd 192.168.98.255 scope global eth2
valid_lft forever preferred_lft forever
[root@rdo-cc ~(keystone_demo)]# ip r
default via 104.239.240.1 dev eth0
10.100.32.0/20 dev eth1 proto kernel scope link src 10.100.32.89
104.239.240.0/24 dev eth0 proto kernel scope link src 104.239.240.72
192.168.98.0/24 dev eth2 proto kernel scope link src 192.168.98.1
thank you in advance
Ramesh
Comments
-
Hello Ramesh,
There are a few things I would look at. First would be if the routing is working such that the 172. network would be understood and packets could move both directions. Toward that you would need an interface that has a 172 IP configured properly. In this case that may be hampered by the lab provider firewall. In order to get to that IP range, you may need for a packet to leave the system and then return to be put into the proper namespace. This could be hampered by the provider routing and/or a firewall that blocks unknown traffic.
When you snoop the ports and trace the packets which interfaces are send out the pings and SSH requests? Then look for routing rules which may affect that interface.
Best regards,
0
Categories
- All Categories
- 50 LFX Mentorship
- 103 LFX Mentorship: Linux Kernel
- 553 Linux Foundation Boot Camps
- 296 Cloud Engineer Boot Camp
- 119 Advanced Cloud Engineer Boot Camp
- 52 DevOps Engineer Boot Camp
- 53 Cloud Native Developer Boot Camp
- 4 Express Training Courses
- 4 Express Courses - Discussion Forum
- 1.9K Training Courses
- 18 LFC110 Class Forum
- 6 LFC131 Class Forum
- 25 LFD102 Class Forum
- 150 LFD103 Class Forum
- 17 LFD121 Class Forum
- LFD137 Class Forum
- 61 LFD201 Class Forum
- LFD210 Class Forum
- LFD210-CN Class Forum
- 1 LFD213 Class Forum - Discontinued
- 128 LFD232 Class Forum
- LFD237 Class Forum
- 23 LFD254 Class Forum
- 598 LFD259 Class Forum
- 102 LFD272 Class Forum
- 1 LFD272-JP クラス フォーラム
- LFD273 Class Forum
- 2 LFS145 Class Forum
- 24 LFS200 Class Forum
- 739 LFS201 Class Forum
- 1 LFS201-JP クラス フォーラム
- 3 LFS203 Class Forum
- 69 LFS207 Class Forum
- 300 LFS211 Class Forum
- 54 LFS216 Class Forum
- 47 LFS241 Class Forum
- 41 LFS242 Class Forum
- 37 LFS243 Class Forum
- 11 LFS244 Class Forum
- 34 LFS250 Class Forum
- 1 LFS250-JP クラス フォーラム
- LFS251 Class Forum
- 140 LFS253 Class Forum
- LFS254 Class Forum
- 1K LFS258 Class Forum
- 10 LFS258-JP クラス フォーラム
- 92 LFS260 Class Forum
- 130 LFS261 Class Forum
- 32 LFS262 Class Forum
- 79 LFS263 Class Forum
- 15 LFS264 Class Forum
- 11 LFS266 Class Forum
- 17 LFS267 Class Forum
- 17 LFS268 Class Forum
- 23 LFS269 Class Forum
- 203 LFS272 Class Forum
- 1 LFS272-JP クラス フォーラム
- LFS281 Class Forum
- 221 LFW211 Class Forum
- 167 LFW212 Class Forum
- SKF100 Class Forum
- 902 Hardware
- 219 Drivers
- 74 I/O Devices
- 44 Monitors
- 115 Multimedia
- 209 Networking
- 101 Printers & Scanners
- 85 Storage
- 761 Linux Distributions
- 88 Debian
- 66 Fedora
- 15 Linux Mint
- 13 Mageia
- 24 openSUSE
- 141 Red Hat Enterprise
- 33 Slackware
- 13 SUSE Enterprise
- 356 Ubuntu
- 477 Linux System Administration
- 41 Cloud Computing
- 69 Command Line/Scripting
- Github systems admin projects
- 95 Linux Security
- 77 Network Management
- 108 System Management
- 49 Web Management
- 66 Mobile Computing
- 23 Android
- 29 Development
- 1.2K New to Linux
- 1.1K Getting Started with Linux
- 536 Off Topic
- 131 Introductions
- 216 Small Talk
- 21 Study Material
- 817 Programming and Development
- 275 Kernel Development
- 508 Software Development
- 928 Software
- 260 Applications
- 184 Command Line
- 3 Compiling/Installing
- 76 Games
- 316 Installation
- 59 All In Program
- 59 All In Forum
Upcoming Training
-
August 20, 2018
Kubernetes Administration (LFS458)
-
August 20, 2018
Linux System Administration (LFS301)
-
August 27, 2018
Open Source Virtualization (LFS462)
-
August 27, 2018
Linux Kernel Debugging and Security (LFD440)