[Rdo-list] snat and my WRT54G router

Dan Sneddon dsneddon at redhat.com
Tue Mar 22 18:03:41 UTC 2016 

On 03/20/2016 12:11 PM, John Alway wrote:
> Dan,
> 
> I set everything up the way you mentioned.  The network I have labeled
> "external network" is marked as an "extnet".  By which I mean, in the
> Dashboard, under "Network Details" for my external network...  It has
> an entry "Provider Network-> Physical Network: extnet".  
> 
> I allocated a pool in the range 192.168.1.13 to 192,168.1.99 (I did
> this because two of the computers on my physical network are
> 192.168.1.11 and 192.168.1.12).
> 
> The virtual router has an IP address of 192.168.1.13 on the external
> network, and the public_subnet on the external network has a gateway of
> 192.168.1.2.
> 
> You're right about my physical router.  Its address is 192.168.1.1
> 
> I tried pinging from a VM to the Internet, and it still fails.   
> 
> I then tried allocating floating IPs to a VM, and it still failed to
> ping the Internet.
> 
>   So, I'm still not solved
> 
> Thanks for your feedback!
> 
> Regards,
> ...John
> 
> 
> 
> On Sat, Mar 19, 2016 at 9:58 PM, Dan Sneddon <dsneddon at redhat.com
> <mailto:dsneddon at redhat.com>> wrote:
> 
>     I don't think the range you are using is the problem, although you
>     should be using 192.168.1.0/24 <http://192.168.1.0/24> as your
>     subnet and 192.168.1.1 as the router gateway (assuming that the WRT
>     is .1). You can set the allocation pool to a range like
>     192.168.1.10-192.168.1.99. Also, assuming your WRT router is .1,
>     you will have to manually assign the virtual router IP (since the
>     default is .1 when you create a router on a /24 network).
> 
>     You say that your VMs are connected through a virtual router. Are
>     you using floating IPs? You can't just route the VM traffic to the
>     WRT router without SNAT on the virtual router, so make sure you set
>     that network to external.
> 
>     I suspect that the problem here might be that the virtual router
>     was using the same IP as the WRT router, or that you were doing
>     routing without SNAT because the network wasn't marked as external. 
> 
>>         Dan Sneddon  |  Principal OpenStack Engineer  |
>>          dsneddon at redhat.com <mailto:dsneddon at redhat.com>
> 
>     On Mar 19, 2016, at 4:39 PM, John Alway <jalway at gmail.com
>     <mailto:jalway at gmail.com>> wrote:
> 
>>     Hello,
>>
>>     I'm still not able to get snat to work (connecting to the
>>     Internet) with my RDO all-in-one installation, and I'm wondering
>>     if my router is the issue.
>>
>>     My router is a Linksys WRT54G, which does not support a "DHCP
>>     reservation" feature.   I was able to set a fixed ip on it,
>>     because there is a range available from 192.168.1.2 through to
>>     192.168.1.99, also 192.168.1.150 through 192.168.1.254.
>>
>>     This is according to "toomanydonuts" posting here:
>>     http://community.linksys.com/t5/Wireless-Routers/WRT54G-Static-IP-Question/td-p/152001
>>
>>     I've been using the lower address range.  Could this be the
>>     problem, or should I look elsewhere?
>>
>>     In my setup I have two private subnets, and three VMs.  I can
>>     ping between the VMs, but can't ping the Internet.   A virtual
>>     router connects the subnets and external network.
>>
>>     I set up my external subnet as 192.168.1.0/28
>>     <http://192.168.1.0/28>.  I use the 28 to limit the range for my
>>     router.  The external range is the same as my actual physical
>>     addresses on my LAN.
>>
>>     I should add, I'm not a network guy. I'm learning a lot of
>>     networking on the fly here. 
>>
>>     Thanks for any feedback!!
>>     ...John
>>     _______________________________________________
>>     Rdo-list mailing list
>>     Rdo-list at redhat.com <mailto:Rdo-list at redhat.com>
>>     https://www.redhat.com/mailman/listinfo/rdo-list
>>
>>     To unsubscribe: rdo-list-unsubscribe at redhat.com
>>     <mailto:rdo-list-unsubscribe at redhat.com>
> 
> 

The entry you are seeing for "Provider Network->Physical Network:
extnet" just references which physical network you are using. The
physical network name is related to the bridge mappings. The default
bridge mapping is "datacentre:br-ex", so when I create a Public network
with the default settings, the physical network is "datacentre". If you
have different bridge mappings, then you might have a different
physical network name.

The property I am referring to is "router:external=True", which I'm not
sure you can see in the Horizon dashboard. If you source "overcloudrc"
on the Undercloud and run "neutron net-list" and then "neutron net-show
<network>" on the external network, you will see this property, like this:

[stack at instack ~]$ neutron net-show public
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 9959fc21-eaea-4cc8-bd72-0e711ca36cbe |
| mtu | 0 |
| name | public |
| provider:network_type | vlan |
| provider:physical_network | datacentre |
| provider:segmentation_id | 10 |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | e4948277-faa0-42c8-97f7-0095d1c20bfa |
| tenant_id | 497f8c12b2534fb08273f59c6c8ac2c6 |
+---------------------------+--------------------------------------+

The fact that you are trying to attach to "extnet" might be the
problem. Did you include a physical network to bridge mapping such as
"extnet:br-ex" when you deployed using the
--neutron-network-bridge-mappings CLI parameter?

You can check the settings in
/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini on the
controller(s) to see what your bridge mappings are. This is the default:

bridge_mappings =datacentre:br-ex

When I create an external network, I use a command line such as this
(if the external net is on the native VLAN):

$ neutron net-create ext-net --router:external \
--provider:physical_network datacentre \
--provider:network_type flat

If the external net is on a VLAN, then I use a command like this:

$ neutron net-create ext-net --router:external \
--provider:physical_network datacentre \
--provider:network_type vlan \
--provider:segmentation_id 104

So double check to make sure that you have created the network with
--router:external, and that the physical network matches the bridge
mappings. If these things are out of sync, you will need to correct
that, and delete and recreate the network(s).

Once you have worked all that out, and you are sure that you have the
bridge mappings such that br-ex is hosting the external network, then
you can move on to some simple troubleshooting:

* Can you ping 192.168.1.1 from the namespace of the virtual router?
(use "ip netns list" and "ip netns exec <namespace> ping 192.168.1.1")

* Can you ping the virtual router on the external network from the WRT
router?

* Can you see the outbound packets on br-ex using "sudo tcpdump -i br-ex"?

-- 
Dan Sneddon         |  Principal OpenStack Engineer
dsneddon at redhat.com |  redhat.com/openstack
650.254.4025        |  dsneddon:irc   @dxs:twitter

More information about the dev mailing list