<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class=""><br class=""></div><div class="">The traffic shows that neutron is doing the right thing,</div><div class=""><br class=""></div><div class="">Check that your ESX is not applying any MAC anti spoof on the </div><div class="">vmware vswitch, it looks like the ARP requests could be blocked at switch level</div><div class="">since every qrouter is going to have it’s own MAC address (separate from your own</div><div class="">VM one).</div><div class=""><br class=""></div><div class="">Otherwise connect other machine to the physical switch on vlan30 and check if</div><div class="">the ARP requests (it’s broadcast traffic) are arriving to confirm my above theory.</div><div class=""><br class=""></div><div class=""><br class=""></div><br class=""><div><blockquote type="cite" class=""><div class="">On 17/4/2015, at 13:51, pauline phaure <<a href="mailto:phaurep@gmail.com" class="">phaurep@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">i found these lines on the input file of <u class=""><i class="">tcpdump -e -n -v -v -v -i eth0 <br class=""><br class=""></i></u>192.168.2.72 > <a href="http://10.0.0.4/" class="">10.0.0.4</a>: ICMP host 192.168.2.1 unreachable, length 92<br class=""> 192.168.2.72 > <a href="http://10.0.0.4/" class="">10.0.0.4</a>: ICMP host 192.168.2.1 unreachable, length 92<br class=""> 192.168.2.72 > <a href="http://10.0.0.4/" class="">10.0.0.4</a>: ICMP host 192.168.2.1 unreachable, length 92<br class=""> 192.168.2.72 > <a href="http://10.0.0.4/" class="">10.0.0.4</a>: ICMP host 192.168.2.1 unreachable, length 92<br class="">11:41:46.661008 fa:16:3e:34:d5:6e > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.1 tell 192.168.2.72, length 28<br class="">11:41:47.663307 fa:16:3e:34:d5:6e > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.1 tell 192.168.2.72, length 28<br class="">11:41:48.665301 fa:16:3e:34:d5:6e > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.1 tell 192.168.2.72, length 28<br class=""><u class=""><i class=""><br class=""></i></u></div><div class="gmail_extra"><br class=""><div class="gmail_quote">2015-04-17 11:52 GMT+02:00 pauline phaure <span dir="ltr" class=""><<a href="mailto:phaurep@gmail.com" target="_blank" class="">phaurep@gmail.com</a>></span>:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">hey Miguel, thank you for your response, plz found below the output of the commands:<br class=""><br class=""><br class=""> <u class="">ip netns exec qrouter-f7194985-eb13-41bf-8158-f0e78fc932c4 ip a</u><br class="">1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN<br class=""> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br class=""> inet <a href="http://127.0.0.1/8" target="_blank" class="">127.0.0.1/8</a> scope host lo<br class=""> valid_lft forever preferred_lft forever<br class=""> inet6 ::1/128 scope host<br class=""> valid_lft forever preferred_lft forever<br class="">12: qr-207805ae-39: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN<br class=""> link/ether fa:16:3e:1c:62:a8 brd ff:ff:ff:ff:ff:ff<br class=""> inet <a href="http://10.0.0.1/24" target="_blank" class="">10.0.0.1/24</a> brd 10.0.0.255 scope global qr-207805ae-39<br class=""> valid_lft forever preferred_lft forever<br class=""> inet6 fe80::f816:3eff:fe1c:62a8/64 scope link<br class=""> valid_lft forever preferred_lft forever<br class="">13: qg-52b4d686-58: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN<br class=""> link/ether fa:16:3e:34:d5:6e brd ff:ff:ff:ff:ff:ff<br class=""> inet <a href="http://192.168.2.70/24" target="_blank" class="">192.168.2.70/24</a> brd 192.168.2.255 scope global qg-52b4d686-58<br class=""> valid_lft forever preferred_lft forever<br class=""> inet <b class=""><a href="http://192.168.2.72/32" target="_blank" class="">192.168.2.72/32</a></b> brd 192.168.2.72 scope global <b class=""><font size="4" class=""><u class="">qg-52b4d686-58</u></font></b><br class=""> valid_lft forever preferred_lft forever<br class=""> inet6 fe80::f816:3eff:fe34:d56e/64 scope link<br class=""> valid_lft forever preferred_lft forever<br class=""><br class=""><br class=""><u class=""><b class="">ip netns exec qrouter-f7194985-eb13-41bf-8158-f0e78fc932c4 tcpdump -e -n -v -v -v -i qg-52b4d686-58</b></u><br class=""><br class="">equest who-has 192.168.2.1 tell 192.168.2.72, length 28<br class="">11:49:19.705378 fa:16:3e:34:d5:6e > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.1 tell 192.168.2.72, length 28<br class="">11:49:20.707292 fa:16:3e:34:d5:6e > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.1 tell 192.168.2.72, length 28<br class="">11:49:22.706910 fa:16:3e:34:d5:6e > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.1 tell 192.168.2.72, length 28<br class="">11:49:23.707412 fa:16:3e:34:d5:6e > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.1 tell 192.168.2.72, length 28<br class="">11:49:24.709292 fa:16:3e:34:d5:6e > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.1 tell 192.168.2.72, length 28<br class="">11:49:26.710264 fa:16:3e:34:d5:6e > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.1 tell 192.168.2.72, length 28<br class="">11:49:27.711297 fa:16:3e:34:d5:6e > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.1 tell 192.168.2.72, length 28<br class="">11:49:28.002005 00:23:48:9e:85:7c > Broadcast, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.42 (Broadcast) tell 192.168.2.1, length 46<br class="">11:49:28.002064 fa:16:3e:34:d5:6e > 00:23:48:9e:85:7c, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 58298, offset 0, flags [DF], proto ICMP (1), length 84)<br class=""> 192.168.2.72 > <a href="http://192.168.2.1/" target="_blank" class="">192.168.2.1</a>: ICMP echo request, id 19201, seq 494, length 64<br class="">11:49:28.002079 fa:16:3e:34:d5:6e > 00:23:48:9e:85:7c, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 58299, offset 0, flags [DF], proto ICMP (1), length 84)<br class=""> 192.168.2.72 > <a href="http://192.168.2.1/" target="_blank" class="">192.168.2.1</a>: ICMP echo request, id 19201, seq 495, length 64<br class="">11:49:28.040439 00:23:48:9e:85:7c > Broadcast, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.5 (Broadcast) tell 192.168.2.1, length 46<br class="">11:49:28.079105 00:23:48:9e:85:7c > Broadcast, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.20 (Broadcast) tell 192.168.2.1, length 46<br class="">11:49:28.115671 00:23:48:9e:85:7c > Broadcast, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.34 (Broadcast) tell 192.168.2.1, length 46<br class="">11:49:28.179014 00:23:48:9e:85:7c > Broadcast, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.22 (Broadcast) tell 192.168.2.1, length 46<br class="">11:49:28.223391 00:23:48:9e:85:7c > Broadcast, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.2.240 (Broadcast) tell 192.168.2.1, length 46<br class=""><br class=""><br class=""> <u class=""><i class="">tcpdump -e -n -v -v -v -i eth0 </i></u><br class=""><br class="">11:41:44.953118 00:0c:29:56:d9:09 > 74:46:a0:9e:ff:a5, ethertype IPv4 (0x0800), length 166: (tos 0x10, ttl 64, id 10881, offset 0, flags [DF], proto TCP (6), length 152)<br class=""> 192.168.2.19.ssh > 192.168.2.99.53021: Flags [P.], cksum 0x8651 (incorrect -> 0x9f53), seq 2550993953:2550994065, ack 2916435463, win 146, length 112<br class="">11:41:44.953804 74:46:a0:9e:ff:a5 > 00:0c:29:56:d9:09, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 31471, offset 0, flags [DF], proto TCP (6), length 40)<br class=""> 192.168.2.99.53021 > 192.168.2.19.ssh: Flags [.], cksum 0x7b65 (correct), seq 1, ack 112, win 16121, length 0<br class="">11:41:45.017729 00:0c:29:91:4c:ea > 00:0c:29:56:d9:09, ethertype IPv4 (0x0800), length 99: (tos 0x0, ttl 64, id 17044, offset 0, flags [DF], proto TCP (6), length 85)<br class=""> 192.168.2.22.45167 > 192.168.2.19.amqp: Flags [P.], cksum 0x7339 (correct), seq 2968653045:2968653078, ack 1461763310, win 123, options [nop,nop,TS val 222978 ecr 218783], length 33<br class="">11:41:45.018242 00:0c:29:56:d9:09 > 00:0c:29:91:4c:ea, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 47485, offset 0, flags [DF], proto TCP (6), length 64)<br class=""> 192.168.2.19.amqp > 192.168.2.22.45167: Flags [P.], cksum 0x85ac (incorrect -> 0x4c5d), seq 1:13, ack 33, win 330, options [nop,nop,TS val 223746 ecr 222978], length 12<br class="">11:41:45.018453 00:0c:29:91:4c:ea > 00:0c:29:56:d9:09, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 17045, offset 0, flags [DF], proto TCP (6), length 52)<br class=""> 192.168.2.22.45167 > 192.168.2.19.amqp: Flags [.], cksum 0x8701 (correct), seq 33, ack 13, win 123, options [nop,nop,TS val 222979 ecr 223746], length 0<br class=""><br class=""><br class=""></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br class=""><div class="gmail_quote">2015-04-17 10:42 GMT+02:00 Miguel Angel Ajo Pelayo <span dir="ltr" class=""><<a href="mailto:mangelajo@redhat.com" target="_blank" class="">mangelajo@redhat.com</a>></span>:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">To troubleshoot this I’d recommend you<br class="">
<br class="">
1) doing a tcpdump in the controller node, on the external interface attached to br-ex,<br class="">
and find what’s going on,<br class="">
<br class="">
tcpdump -e -n -v -v -v -i ethX<br class="">
<br class="">
note: as per your schema you may use an “external flat network”<br class="">
(no segmentation) from your network/controller node, so the packets going out from the router<br class="">
should not be tagged in your tcpdump.<br class="">
<br class="">
If you set the external network as vlan tagged, you may have to change it into flat. (such operation<br class="">
may require removing the floating ips from instances, removing legs from router (External, and internal),<br class="">
and then removing the router, then the external network/subnet).<br class="">
<br class="">
<br class="">
In a separate terminal, it may help to ..<br class="">
2) look for the router netns:<br class="">
<br class="">
# ip netns<br class="">
qrouter-8f2f7e69-02c3-4b75-9b25-e23b64757935<br class="">
<br class="">
note : this is the “virtual router”, it lives in a network namespace which is another isolated<br class="">
instance of the linux networking stack., you will find the interfaces and IPs attached with<br class="">
the following command:<br class="">
<br class="">
# ip netns exec qrouter-8f2f7e69-02c3-4b75-9b25-e23b64757935 ip a<br class="">
<br class="">
(here look for the external leg of the router, it will have the external router IP and the floating ip attached)<br class="">
it should look like qg-xxxxxxxx-xx<br class="">
<br class="">
<br class="">
# ip netns exec qrouter-8f2f7e69-02c3-4b75-9b25-e23b64757935 tcpdump -e -n -v -v -v -i qg-xxxxxxx-xx<br class="">
<br class="">
<br class="">
Please tell us how is it going .<br class="">
<span class=""><br class="">
<br class="">
<br class="">
> On 17/4/2015, at 9:48, pauline phaure <<a href="mailto:phaurep@gmail.com" target="_blank" class="">phaurep@gmail.com</a>> wrote:<br class="">
><br class="">
> Hello everyone,<br class="">
> I have some troubles making the floating IP work. When I associate a floating IP to my instance, the instance can reach the neutron-router and ping but cannot ping the external gateway. any ideas where to look?<br class="">
><br class="">
><br class="">
</span>> <image.png><br class="">
> _______________________________________________<br class="">
> Rdo-list mailing list<br class="">
> <a href="mailto:Rdo-list@redhat.com" target="_blank" class="">Rdo-list@redhat.com</a><br class="">
> <a href="https://www.redhat.com/mailman/listinfo/rdo-list" target="_blank" class="">https://www.redhat.com/mailman/listinfo/rdo-list</a><br class="">
><br class="">
> To unsubscribe: <a href="mailto:rdo-list-unsubscribe@redhat.com" target="_blank" class="">rdo-list-unsubscribe@redhat.com</a><br class="">
<span class=""><font color="#888888" class=""><br class="">
Miguel Angel Ajo<br class="">
<br class="">
<br class="">
<br class="">
</font></span></blockquote></div><br class=""></div>
</div></div></blockquote></div><br class=""></div>
</div></blockquote></div><br class=""><div class="">
<div class="">Miguel Angel Ajo</div><div class=""><br class=""></div><br class="Apple-interchange-newline">
</div>
<br class=""></body></html>