[Rdo-list] Outbound packet traffic with nova-network

Russell Bryant rbryant at redhat.com
Thu Jun 27 17:13:33 UTC 2013 

On 06/26/2013 11:58 PM, Michael Solberg wrote:
> Hi list.
> 
> I'm having some trouble with my network setup and I thought maybe the
> group could help.  I have three compute nodes with two network
> interfaces.  There's a private 192.168.32.0/24 network (fixed range) on
> eth1 and a 10.17.12.128/25 network (floating range) on eth0 on these nodes.
> 
> Networking works as expected.  Connectivity is good on the 192 network
> and traffic is forwarded from the floating range inbound to the fixed
> range correctly.  That is, I can ssh into an instance from the outside
> world using the floating address.  However, when traffic is leaving the
> instance, it doesn't seem to get translated.  Here's a concrete example:
> 
> Instance has a fixed address of 192.168.32.4.
> Instance is assigned a floating address of 10.17.12.139.
> Instance is running on a hypervisor with the address 10.17.12.12.
> 
> Pings from the instance to 10.17.12.12 return fine, but pings from the
> instance out to the internet don't work.  When I run a tcpdump, I see
> that the pings reach the destination with the source address set to
> 192.168.32.4:
> 
> [root at 10.17.12.11 ~]# tcpdump -n -i eth0 icmp
> tcpdump: WARNING: eth0: no IPv4 address assigned
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 23:55:38.238739 IP 192.168.32.4 > 10.17.12.11: ICMP echo request, id
> 45321, seq 1, length 64
> 23:55:38.238774 IP 10.17.12.11 > 192.168.32.4: ICMP echo reply, id
> 45321, seq 1, length 64
> 
> Is this expected?  If so, is there any way to get nova-network to
> translate the outbound traffic so that it looks like it's coming from
> 10.17.12.139 instead of 192.168.32.4?

Can you provide more information on your network topology?  What
nova-network mode are you using?

Your example is for "pings from the instance out to the internet", but
you're pinging an address (10.17.12.11) that's on the same private
network as the compute node (10.17.12.12).  My guess is that is
confusing things.

-- 
Russell Bryant

More information about the dev mailing list