[Rdo-list] RDO + floating IPs

Kashyap Chamarthy kchamart at redhat.com
Tue May 26 15:16:54 UTC 2015 

On Tue, May 26, 2015 at 03:54:36PM +0200, Tomas Sedovic wrote:
> Hey everyone,
> 
> I tried to get RDO set up with floating IP addresses, but I'm running into
> problems I'm not sure how to debug (not that familiar with networking and
> Neutron).
> 
> I followed these guides on a clean Fedora 21 x86_64 server:
> 
> https://www.rdoproject.org/Quickstart
> https://www.rdoproject.org/Floating_IP_range
> 
[. . .]

> once all 20 requests failed, it got to a login screen, but I could not ping
> or SSH into it:
> 
> # ping 10.40.128.81
> PING 10.40.128.81 (10.40.128.81) 56(84) bytes of data.
> From 10.40.128.44 icmp_seq=1 Destination Host Unreachable
> From 10.40.128.44 icmp_seq=2 Destination Host Unreachable
> From 10.40.128.44 icmp_seq=3 Destination Host Unreachable
> From 10.40.128.44 icmp_seq=4 Destination Host Unreachable
> 
> # ssh cirros at 10.40.128.81
> ssh: connect to host 10.40.128.81 port 22: No route to host

It could be any no. of reasons, as I don't know what's going on in your
network. But, your steps sound reasonably correct. Just for comparision,
that's what I normally do:

    # Create new private network:
    $ neutron net-create $privnetname
    
    # Create a subnet
    neutron subnet-create $privnetname \
            $subnetspace/24            \
            --name $privsubnetname
    
    # Create a router
    neutron router-create $routername
    
    # Associate the router to the external network by setting its gateway
    # NOTE: This assumes the external network name is 'ext'
    
    export EXT_NET=$(neutron net-list | grep ext | awk '{print $2;}')
    export PRIV_NET=$(neutron subnet-list | grep $privsubnetname | awk '{print $2;}')
    export ROUTER_ID=$(neutron router-list | grep $routername | awk '{print $2;}'
    
    neutron router-gateway-set  \
            $ROUTER_ID $EXT_NET_ID
    
    neutron router-interface-add \
            $ROUTER_ID $PRIV_NET_ID
    
    
    # Add Neutron security groups for this test tenant
    neutron security-group-rule-create   \
            --protocol icmp              \
            --direction ingress          \
            --remote-ip-prefix 0.0.0.0/0 \
            default
    
    neutron security-group-rule-create   \
            --protocol tcp               \
            --port-range-min 22          \
            --port-range-max 22          \
            --direction ingress          \
            --remote-ip-prefix 0.0.0.0/0 \
            default
 

On a related note, all the above, inlcuding creating the Keystone
tenant, user, etc is put together in this trivial script[1], which
allows me to create tenant networks this way:

    $ ./create-new-tenant-network.sh \
      demoten1 tuser1     \
      14.0.0.0 trouter1   \
      priv-net1 priv-subnet1

It assumes your external network is named as "ext", but you can modify
the script trivially to change that.


[1] https://github.com/kashyapc/ostack-misc/blob/master/create-new-tenant-network.sh

-- 
/kashyap

More information about the dev mailing list