[Rdo-list] snat and my WRT54G router

John Alway jalway at gmail.com
Wed Mar 23 00:17:33 UTC 2016 

[stack at instack ~]$ neutron net-show public
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 9959fc21-eaea-4cc8-bd72-0e711ca36cbe |
| mtu | 0 |
| name | public |
| provider:network_type | vlan |
| provider:physical_network | datacentre |
| provider:segmentation_id | 10 |
| router:external | True |
| shared | False |
| status | ACTIVE |
| subnets | e4948277-faa0-42c8-97f7-0095d1c20bfa |
| tenant_id | 497f8c12b2534fb08273f59c6c8ac2c6 |
+---------------------------+--------------------------------------+

On Tue, Mar 22, 2016 at 1:03 PM, Dan Sneddon <dsneddon at redhat.com> wrote:

> On 03/20/2016 12:11 PM, John Alway wrote:
> > Dan,
> >
> > I set everything up the way you mentioned.  The network I have labeled
> > "external network" is marked as an "extnet".  By which I mean, in the
> > Dashboard, under "Network Details" for my external network...  It has
> > an entry "Provider Network-> Physical Network: extnet".
> >
> > I allocated a pool in the range 192.168.1.13 to 192,168.1.99 (I did
> > this because two of the computers on my physical network are
> > 192.168.1.11 and 192.168.1.12).
> >
> > The virtual router has an IP address of 192.168.1.13 on the external
> > network, and the public_subnet on the external network has a gateway of
> > 192.168.1.2.
> >
> > You're right about my physical router.  Its address is 192.168.1.1
> >
> > I tried pinging from a VM to the Internet, and it still fails.
> >
> > I then tried allocating floating IPs to a VM, and it still failed to
> > ping the Internet.
> >
> >   So, I'm still not solved
> >
> > Thanks for your feedback!
> >
> > Regards,
> > ...John
> >
> >
> >
> > On Sat, Mar 19, 2016 at 9:58 PM, Dan Sneddon <dsneddon at redhat.com
> > <mailto:dsneddon at redhat.com>> wrote:
> >
> >     I don't think the range you are using is the problem, although you
> >     should be using 192.168.1.0/24 <http://192.168.1.0/24> as your
> >     subnet and 192.168.1.1 as the router gateway (assuming that the WRT
> >     is .1). You can set the allocation pool to a range like
> >     192.168.1.10-192.168.1.99. Also, assuming your WRT router is .1,
> >     you will have to manually assign the virtual router IP (since the
> >     default is .1 when you create a router on a /24 network).
> >
> >     You say that your VMs are connected through a virtual router. Are
> >     you using floating IPs? You can't just route the VM traffic to the
> >     WRT router without SNAT on the virtual router, so make sure you set
> >     that network to external.
> >
> >     I suspect that the problem here might be that the virtual router
> >     was using the same IP as the WRT router, or that you were doing
> >     routing without SNAT because the network wasn't marked as external.
> >
> >>         Dan Sneddon  |  Principal OpenStack Engineer  |
> >>          dsneddon at redhat.com <mailto:dsneddon at redhat.com>
> >
> >     On Mar 19, 2016, at 4:39 PM, John Alway <jalway at gmail.com
> >     <mailto:jalway at gmail.com>> wrote:
> >
> >>     Hello,
> >>
> >>     I'm still not able to get snat to work (connecting to the
> >>     Internet) with my RDO all-in-one installation, and I'm wondering
> >>     if my router is the issue.
> >>
> >>     My router is a Linksys WRT54G, which does not support a "DHCP
> >>     reservation" feature.   I was able to set a fixed ip on it,
> >>     because there is a range available from 192.168.1.2 through to
> >>     192.168.1.99, also 192.168.1.150 through 192.168.1.254.
> >>
> >>     This is according to "toomanydonuts" posting here:
> >>
> http://community.linksys.com/t5/Wireless-Routers/WRT54G-Static-IP-Question/td-p/152001
> >>
> >>     I've been using the lower address range.  Could this be the
> >>     problem, or should I look elsewhere?
> >>
> >>     In my setup I have two private subnets, and three VMs.  I can
> >>     ping between the VMs, but can't ping the Internet.   A virtual
> >>     router connects the subnets and external network.
> >>
> >>     I set up my external subnet as 192.168.1.0/28
> >>     <http://192.168.1.0/28>.  I use the 28 to limit the range for my
> >>     router.  The external range is the same as my actual physical
> >>     addresses on my LAN.
> >>
> >>     I should add, I'm not a network guy. I'm learning a lot of
> >>     networking on the fly here.
> >>
> >>     Thanks for any feedback!!
> >>     ...John
> >>     _______________________________________________
> >>     Rdo-list mailing list
> >>     Rdo-list at redhat.com <mailto:Rdo-list at redhat.com>
> >>     https://www.redhat.com/mailman/listinfo/rdo-list
> >>
> >>     To unsubscribe: rdo-list-unsubscribe at redhat.com
> >>     <mailto:rdo-list-unsubscribe at redhat.com>
> >
> >
>
> The entry you are seeing for "Provider Network->Physical Network:
> extnet" just references which physical network you are using. The
> physical network name is related to the bridge mappings. The default
> bridge mapping is "datacentre:br-ex", so when I create a Public network
> with the default settings, the physical network is "datacentre". If you
> have different bridge mappings, then you might have a different
> physical network name.
>
> The property I am referring to is "router:external=True", which I'm not
> sure you can see in the Horizon dashboard. If you source "overcloudrc"
> on the Undercloud and run "neutron net-list" and then "neutron net-show
> <network>" on the external network, you will see this property, like this:
>
> [stack at instack ~]$ neutron net-show public
> +---------------------------+--------------------------------------+
> | Field | Value |
> +---------------------------+--------------------------------------+
> | admin_state_up | True |
> | id | 9959fc21-eaea-4cc8-bd72-0e711ca36cbe |
> | mtu | 0 |
> | name | public |
> | provider:network_type | vlan |
> | provider:physical_network | datacentre |
> | provider:segmentation_id | 10 |
> | router:external | True |
> | shared | False |
> | status | ACTIVE |
> | subnets | e4948277-faa0-42c8-97f7-0095d1c20bfa |
> | tenant_id | 497f8c12b2534fb08273f59c6c8ac2c6 |
> +---------------------------+--------------------------------------+
>


I have an rdo all-in-one set up right now, and don't have a "Overcloudrc".
  I source "keystonerc_admin".

I sourced it and checked the "neutron net-show external_network" and the
"router:external" network entry does show "True".





>
> The fact that you are trying to attach to "extnet" might be the
> problem. Did you include a physical network to bridge mapping such as
> "extnet:br-ex" when you deployed using the
> --neutron-network-bridge-mappings CLI parameter?
>
> You can check the settings in
> /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini on the
> controller(s) to see what your bridge mappings are. This is the default:
>
> bridge_mappings =datacentre:br-ex
>


     I can't find that file.  I have an "/etc/neutron/plugins/ml2"
directory, and inside of that there is the file "openvswitch_agent.ini".
I checked "openvswitch_agent.ini"  and it has the following entry:

   bridge_mappings = extnet:br-ex





>
> When I create an external network, I use a command line such as this
> (if the external net is on the native VLAN):
>
> $ neutron net-create ext-net --router:external \
> --provider:physical_network datacentre \
> --provider:network_type flat
>
> If the external net is on a VLAN, then I use a command like this:
>
> $ neutron net-create ext-net --router:external \
> --provider:physical_network datacentre \
> --provider:network_type vlan \
> --provider:segmentation_id 104
>


   Mine is set up with a "provider:network_type: flat"

   I assume that's right.  I'm not 100% sure.  According to my research,
"VLAN" is distinguished from "native VLAN" by "tagging" or "trunking".    I
assume mine is native.


>
> So double check to make sure that you have created the network with
> --router:external, and that the physical network matches the bridge
> mappings. If these things are out of sync, you will need to correct
> that, and delete and recreate the network(s).
>
> Once you have worked all that out, and you are sure that you have the
> bridge mappings such that br-ex is hosting the external network, then
> you can move on to some simple troubleshooting:
>
> * Can you ping 192.168.1.1 from the namespace of the virtual router?
> (use "ip netns list" and "ip netns exec <namespace> ping 192.168.1.1")
>

    This fails!
    I get a "Destination Host Unreachable" result.


>
> * Can you ping the virtual router on the external network from the WRT
> router?
>

    I pinged 192.168.1.13, which is the virtual router's gateway to the
external network, and it pings fine.


>
> * Can you see the outbound packets on br-ex using "sudo tcpdump -i br-ex"?
>

   Btw,  I'm on CentOS.    I believe so.   Just learning how to do this.
For example,   I see 192.168.1.12.5280 > 173.194.204.106.80, which I
believe is outbound.


    I also have settings for security as follows: "All" for TCP, UDP and
ICMP, egress and ingress.

    So, somehow pinging from virtual router to the physical gateway fails.

     regards,
    ...John


>
> --
> Dan Sneddon         |  Principal OpenStack Engineer
> dsneddon at redhat.com |  redhat.com/openstack
> 650.254.4025        |  dsneddon:irc   @dxs:twitter
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rdoproject.org/pipermail/dev/attachments/20160322/2334d00d/attachment.html>

More information about the dev mailing list