> Dan Sneddon | Principal OpenStack Engineer | dsneddon(a)redhat.com

On Mar 19, 2016, at 4:39 PM, John Alway <jalway(a)gmail.com&gt; wrote: Hello, I'm still not able to get snat to work (connecting to the Internet) with my RDO all-in-one installation, and I'm wondering if my router is the issue. My router is a Linksys WRT54G, which does not support a "DHCP reservation" feature. I was able to set a fixed ip on it, because there is a range available from 192.168.1.2 through to 192.168.1.99, also 192.168.1.150 through 192.168.1.254. This is according to "toomanydonuts" posting here: http://community.linksys.com/t5/Wireless-Routers/WRT54G-Static-IP-Questio... I've been using the lower address range. Could this be the problem, or should I look elsewhere? In my setup I have two private subnets, and three VMs. I can ping between the VMs, but can't ping the Internet. A virtual router connects the subnets and external network. I set up my external subnet as 192.168.1.0/28. I use the 28 to limit the range for my router. The external range is the same as my actual physical addresses on my LAN. I should add, I'm not a network guy. I'm learning a lot of networking on the fly here. Thanks for any feedback!! ...John _______________________________________________ Rdo-list mailing list Rdo-list(a)redhat.com https://www.redhat.com/mailman/listinfo/rdo-list To unsubscribe: rdo-list-unsubscribe(a)redhat.com

Dan, I set everything up the way you mentioned. The network I have labeled "external network" is marked as an "extnet". By which I mean, in the Dashboard, under "Network Details" for my external network... It has an entry "Provider Network-> Physical Network: extnet". I allocated a pool in the range 192.168.1.13 to 192,168.1.99 (I did this because two of the computers on my physical network are 192.168.1.11 and 192.168.1.12). The virtual router has an IP address of 192.168.1.13 on the external network, and the public_subnet on the external network has a gateway of 192.168.1.2. You're right about my physical router. Its address is 192.168.1.1 I tried pinging from a VM to the Internet, and it still fails. I then tried allocating floating IPs to a VM, and it still failed to ping the Internet. So, I'm still not solved Thanks for your feedback! Regards, ...John On Sat, Mar 19, 2016 at 9:58 PM, Dan Sneddon <dsneddon(a)redhat.com <mailto:dsneddon@redhat.com>> wrote: I don't think the range you are using is the problem, although you should be using 192.168.1.0/24 <http://192.168.1.0/24> as your subnet and 192.168.1.1 as the router gateway (assuming that the WRT is .1). You can set the allocation pool to a range like 192.168.1.10-192.168.1.99. Also, assuming your WRT router is .1, you will have to manually assign the virtual router IP (since the default is .1 when you create a router on a /24 network). You say that your VMs are connected through a virtual router. Are you using floating IPs? You can't just route the VM traffic to the WRT router without SNAT on the virtual router, so make sure you set that network to external. I suspect that the problem here might be that the virtual router was using the same IP as the WRT router, or that you were doing routing without SNAT because the network wasn't marked as external. > Dan Sneddon | Principal OpenStack Engineer | > dsneddon(a)redhat.com <mailto:dsneddon@redhat.com> On Mar 19, 2016, at 4:39 PM, John Alway <jalway(a)gmail.com <mailto:jalway@gmail.com>> wrote: > Hello, > > I'm still not able to get snat to work (connecting to the > Internet) with my RDO all-in-one installation, and I'm wondering > if my router is the issue. > > My router is a Linksys WRT54G, which does not support a "DHCP > reservation" feature. I was able to set a fixed ip on it, > because there is a range available from 192.168.1.2 through to > 192.168.1.99, also 192.168.1.150 through 192.168.1.254. > > This is according to "toomanydonuts" posting here: > http://community.linksys.com/t5/Wireless-Routers/WRT54G-Static-IP-Questio... > > I've been using the lower address range. Could this be the > problem, or should I look elsewhere? > > In my setup I have two private subnets, and three VMs. I can > ping between the VMs, but can't ping the Internet. A virtual > router connects the subnets and external network. > > I set up my external subnet as 192.168.1.0/28 > <http://192.168.1.0/28>;. I use the 28 to limit the range for my > router. The external range is the same as my actual physical > addresses on my LAN. > > I should add, I'm not a network guy. I'm learning a lot of > networking on the fly here. > > Thanks for any feedback!! > ...John > _______________________________________________ > Rdo-list mailing list > Rdo-list(a)redhat.com <mailto:Rdo-list@redhat.com> > https://www.redhat.com/mailman/listinfo/rdo-list > > To unsubscribe: rdo-list-unsubscribe(a)redhat.com > <mailto:rdo-list-unsubscribe@redhat.com>

[stack@instack ~]$ neutron net-show public +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 9959fc21-eaea-4cc8-bd72-0e711ca36cbe | | mtu | 0 | | name | public | | provider:network_type | vlan | | provider:physical_network | datacentre | | provider:segmentation_id | 10 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | e4948277-faa0-42c8-97f7-0095d1c20bfa | | tenant_id | 497f8c12b2534fb08273f59c6c8ac2c6 | +---------------------------+--------------------------------------+ On Tue, Mar 22, 2016 at 1:03 PM, Dan Sneddon <dsneddon(a)redhat.com <mailto:dsneddon@redhat.com>> wrote: On 03/20/2016 12:11 PM, John Alway wrote: > Dan, > > I set everything up the way you mentioned. The network I have labeled > "external network" is marked as an "extnet". By which I mean, in the > Dashboard, under "Network Details" for my external network... It has > an entry "Provider Network-> Physical Network: extnet". > > I allocated a pool in the range 192.168.1.13 to 192,168.1.99 (I did > this because two of the computers on my physical network are > 192.168.1.11 and 192.168.1.12). > > The virtual router has an IP address of 192.168.1.13 on the external > network, and the public_subnet on the external network has a gateway of > 192.168.1.2. > > You're right about my physical router. Its address is 192.168.1.1 > > I tried pinging from a VM to the Internet, and it still fails. > > I then tried allocating floating IPs to a VM, and it still failed to > ping the Internet. > > So, I'm still not solved > > Thanks for your feedback! > > Regards, > ...John > > > > On Sat, Mar 19, 2016 at 9:58 PM, Dan Sneddon <dsneddon(a)redhat.com <mailto:dsneddon@redhat.com> > <mailto:dsneddon@redhat.com <mailto:dsneddon@redhat.com>>> wrote: > > I don't think the range you are using is the problem, although you > should be using 192.168.1.0/24 <http://192.168.1.0/24> <http://192.168.1.0/24> as your > subnet and 192.168.1.1 as the router gateway (assuming that the WRT > is .1). You can set the allocation pool to a range like > 192.168.1.10-192.168.1.99. Also, assuming your WRT router is .1, > you will have to manually assign the virtual router IP (since the > default is .1 when you create a router on a /24 network). > > You say that your VMs are connected through a virtual router. Are > you using floating IPs? You can't just route the VM traffic to the > WRT router without SNAT on the virtual router, so make sure you set > that network to external. > > I suspect that the problem here might be that the virtual router > was using the same IP as the WRT router, or that you were doing > routing without SNAT because the network wasn't marked as external. > >> Dan Sneddon | Principal OpenStack Engineer | >> dsneddon(a)redhat.com <mailto:dsneddon@redhat.com> <mailto:dsneddon@redhat.com <mailto:dsneddon@redhat.com>> > > On Mar 19, 2016, at 4:39 PM, John Alway <jalway(a)gmail.com <mailto:jalway@gmail.com> > <mailto:jalway@gmail.com <mailto:jalway@gmail.com>>> wrote: > >> Hello, >> >> I'm still not able to get snat to work (connecting to the >> Internet) with my RDO all-in-one installation, and I'm wondering >> if my router is the issue. >> >> My router is a Linksys WRT54G, which does not support a "DHCP >> reservation" feature. I was able to set a fixed ip on it, >> because there is a range available from 192.168.1.2 through to >> 192.168.1.99, also 192.168.1.150 through 192.168.1.254. >> >> This is according to "toomanydonuts" posting here: >> http://community.linksys.com/t5/Wireless-Routers/WRT54G-Static-IP-Questio... >> >> I've been using the lower address range. Could this be the >> problem, or should I look elsewhere? >> >> In my setup I have two private subnets, and three VMs. I can >> ping between the VMs, but can't ping the Internet. A virtual >> router connects the subnets and external network. >> >> I set up my external subnet as 192.168.1.0/28 <http://192.168.1.0/28> >> <http://192.168.1.0/28>;. I use the 28 to limit the range for my >> router. The external range is the same as my actual physical >> addresses on my LAN. >> >> I should add, I'm not a network guy. I'm learning a lot of >> networking on the fly here. >> >> Thanks for any feedback!! >> ...John >> _______________________________________________ >> Rdo-list mailing list >> Rdo-list(a)redhat.com <mailto:Rdo-list@redhat.com> <mailto:Rdo-list@redhat.com <mailto:Rdo-list@redhat.com>> >> https://www.redhat.com/mailman/listinfo/rdo-list >> >> To unsubscribe: rdo-list-unsubscribe(a)redhat.com <mailto:rdo-list-unsubscribe@redhat.com> >> <mailto:rdo-list-unsubscribe@redhat.com <mailto:rdo-list-unsubscribe@redhat.com>> > > The entry you are seeing for "Provider Network->Physical Network: extnet" just references which physical network you are using. The physical network name is related to the bridge mappings. The default bridge mapping is "datacentre:br-ex", so when I create a Public network with the default settings, the physical network is "datacentre". If you have different bridge mappings, then you might have a different physical network name. The property I am referring to is "router:external=True", which I'm not sure you can see in the Horizon dashboard. If you source "overcloudrc" on the Undercloud and run "neutron net-list" and then "neutron net-show <network>" on the external network, you will see this property, like this: [stack@instack ~]$ neutron net-show public +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | id | 9959fc21-eaea-4cc8-bd72-0e711ca36cbe | | mtu | 0 | | name | public | | provider:network_type | vlan | | provider:physical_network | datacentre | | provider:segmentation_id | 10 | | router:external | True | | shared | False | | status | ACTIVE | | subnets | e4948277-faa0-42c8-97f7-0095d1c20bfa | | tenant_id | 497f8c12b2534fb08273f59c6c8ac2c6 | +---------------------------+--------------------------------------+ I have an rdo all-in-one set up right now, and don't have a "Overcloudrc". I source "keystonerc_admin". I sourced it and checked the "neutron net-show external_network" and the "router:external" network entry does show "True". The fact that you are trying to attach to "extnet" might be the problem. Did you include a physical network to bridge mapping such as "extnet:br-ex" when you deployed using the --neutron-network-bridge-mappings CLI parameter? You can check the settings in /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini on the controller(s) to see what your bridge mappings are. This is the default: bridge_mappings =datacentre:br-ex I can't find that file. I have an "/etc/neutron/plugins/ml2" directory, and inside of that there is the file "openvswitch_agent.ini". I checked "openvswitch_agent.ini" and it has the following entry: bridge_mappings = extnet:br-ex When I create an external network, I use a command line such as this (if the external net is on the native VLAN): $ neutron net-create ext-net --router:external \ --provider:physical_network datacentre \ --provider:network_type flat If the external net is on a VLAN, then I use a command like this: $ neutron net-create ext-net --router:external \ --provider:physical_network datacentre \ --provider:network_type vlan \ --provider:segmentation_id 104 Mine is set up with a "provider:network_type: flat" I assume that's right. I'm not 100% sure. According to my research, "VLAN" is distinguished from "native VLAN" by "tagging" or "trunking". I assume mine is native. So double check to make sure that you have created the network with --router:external, and that the physical network matches the bridge mappings. If these things are out of sync, you will need to correct that, and delete and recreate the network(s). Once you have worked all that out, and you are sure that you have the bridge mappings such that br-ex is hosting the external network, then you can move on to some simple troubleshooting: * Can you ping 192.168.1.1 from the namespace of the virtual router? (use "ip netns list" and "ip netns exec <namespace> ping 192.168.1.1") This fails! I get a "Destination Host Unreachable" result. * Can you ping the virtual router on the external network from the WRT router? I pinged 192.168.1.13, which is the virtual router's gateway to the external network, and it pings fine. * Can you see the outbound packets on br-ex using "sudo tcpdump -i br-ex"? Btw, I'm on CentOS. I believe so. Just learning how to do this. For example, I see 192.168.1.12.5280 > 173.194.204.106.80, which I believe is outbound. I also have settings for security as follows: "All" for TCP, UDP and ICMP, egress and ingress. So, somehow pinging from virtual router to the physical gateway fails. regards, ...John -- Dan Sneddon | Principal OpenStack Engineer dsneddon(a)redhat.com <mailto:dsneddon@redhat.com> | redhat.com/openstack <http://redhat.com/openstack> 650.254.4025 <tel:650.254.4025> | dsneddon:irc @dxs:twitter