1

我已经使用 Devstack(一体机)成功安装了带有 Neutron 的 openstack 实例。现在我有一组 IPv4 地址,我需要将它们作为浮动 IP 分配给我的实例,并使它们可以从主机外部 ping/SSH。

虽然我能够将预期的 IP 作为浮动 IP 分配给我的实例,但它们在主机内部和外部都不可 ping。我已修改安全组规则以允许 SSH 和 PING。这是我的网络详细信息-

stack@tanmoy:/etc/init.d$ neutron net-list
+--------------------------------------+-----------+------------------------------------------------------+
| id                                   | name      | subnets                                              |
+--------------------------------------+-----------+------------------------------------------------------+
| 1566fc4f-60a9-4170-b860-333a264f22d8 | my-public | 101675c6-7c92-4ea0-b361-7cade98fa5a2 10.158.XXX.0/24 |
| be6f76d4-954f-475e-853e-adb860508e9c | public    | 0604470a-761e-4913-998c-cc5413dcd5a6 172.24.4.0/24   |
| e816c35f-45a0-446b-b3ff-ca3196c98eb2 | private   | f4d617a7-e250-45fa-bb0a-95290cfafb20 10.0.0.0/24     |
+--------------------------------------+-----------+------------------------------------------------------+

stack@tanmoy:/etc/init.d$ neutron subnet-list
+--------------------------------------+----------------+-----------------+----------------------------------------------------+
| id                                   | name           | cidr            | allocation_pools                                   |
+--------------------------------------+----------------+-----------------+----------------------------------------------------+
| 0604470a-761e-4913-998c-cc5413dcd5a6 | public-subnet  | 172.24.4.0/24   | {"start": "172.24.4.2", "end": "172.24.4.254"}     |
| 101675c6-7c92-4ea0-b361-7cade98fa5a2 | ipcloud-dev    | 10.158.XXX.0/24 | {"start": "10.158.XXX.56", "end": "10.158.XXX.62"} |
| f4d617a7-e250-45fa-bb0a-95290cfafb20 | private-subnet | 10.0.0.0/24     | {"start": "10.0.0.2", "end": "10.0.0.254"}         |
+--------------------------------------+----------------+-----------------+----------------------------------------------------+

stack@tanmoy:/etc/init.d$ neutron router-list
+--------------------------------------+--------------+-----------------------------------------------------------------------------+
| id                                   | name         | external_gateway_info                                                       |
+--------------------------------------+--------------+-----------------------------------------------------------------------------+
| 811a483a-6faf-4dad-9d28-d51aa9530691 | ExternalLink | {"network_id": "1566fc4f-60a9-4170-b860-333a264f22d8", "enable_snat": true} |
| f71a6574-75c8-424e-ab57-ff0f9a20ef54 | router1      | {"network_id": "be6f76d4-954f-475e-853e-adb860508e9c", "enable_snat": true} |
+--------------------------------------+--------------+-----------------------------------------------------------------------------+

My security rules are as follows -

stack@tanmoy:$ nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 443       | 443     | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| tcp         | 80        | 80      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+

我曾尝试使用 netns 进行 ping 操作,但这也不起作用。

stack@tanmoy:/var/log$ sudo ip netns exec qrouter-f71a6574-75c8-424e-ab57-ff0f9a20ef54 ping 10.158.XXX.60
PING 10.158.XXX.60 (10.158.XXX.60) 56(84) bytes of data.
From 10.158.XXX.71 icmp_seq=1 Destination Host Unreachable

如果我遗漏了什么,请告诉我。

4

2 回答 2

0

我不认为 br-ex 应该有一个 IP 地址分配给它。我有一个多合一设置,但手动构建。我注意到您定义了两个路由器。当您尝试通过ip netns ping 时,您使用的是 router1 的命名空间。但是,如果我正确解释了您的neutron router-list命令,则此路由器未连接到外部网络 10.158.XXX.0。尝试从其他路由器命名空间执行 ip netns ping。

这是我似乎可行的设置:

root@columbo:~# ifconfig br-ex
br-ex     Link encap:Ethernet  HWaddr 08:00:27:f9:7b:07  
          inet6 addr: fe80::a83d:11ff:fe5e:b595/64 Scope:Link
          inet6 addr: fd17:625c:f037:1064:19a0:c74a:caf0:b3bd/64 Scope:Global
          inet6 addr: fd17:625c:f037:1064:a00:27ff:fef9:7b07/64 Scope:Global
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:29 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2454 (2.4 KB)  TX bytes:924 (924.0 B)

root@columbo:~# neutron net-list
 +--------------------------------------+---------------+----------------------------------------------------+
| id                                   | name          | subnets                                            |
+--------------------------------------+---------------+----------------------------------------------------+
| 120a6fde-7e2d-4856-90ee-5609a5f3035f | SecondVlan    | 5432f1c9-0bb6-4619-b897-65d301071f72 5.5.5.0/25    |
| f2597437-a005-44ad-9ce2-168fbc331e56 | outside_world | 3fe35e71-53d7-4432-8c82-a06856b79316               |
| b7ab2080-a71a-44f6-9f66-fde526bb73d3 | SERVER_VLAN_1 | 87d769f1-5cf3-48cf-8741-44a01479ff3e 10.255.1.0/24 |
+--------------------------------------+---------------+----------------------------------------------------+

我的路由器连接到外部网络(f2597437-a005-44ad-9ce2-168fbc331e56):

root@columbo:~# neutron router-list
+--------------------------------------+-------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| id                                   | name  | external_gateway_info                                                                                                                                                                     |
+--------------------------------------+-------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| e53979a8-8bab-4da5-9b57-58dba6d5db7b | CORE1 | {"network_id": "f2597437-a005-44ad-9ce2-168fbc331e56", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "3fe35e71-53d7-4432-8c82-a06856b79316", "ip_address": "172.16.100.50"}]} |
+--------------------------------------+-------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

我的实例有浮动 ip 172.16.100.51并且我可以从路由器命名空间 ping 它:

root@columbo:~# nova list
+--------------------------------------+-----------+---------+--------------+-------------+------------------------------------------+
| ID                                   | Name      | Status  | Task State   | Power State | Networks                                 |
+--------------------------------------+-----------+---------+--------------+-------------+------------------------------------------+
| 624c747f-520c-4215-acac-aaa41eef2815 | CIRROSone | SHUTOFF | -            | Shutdown    | SERVER_VLAN_1=10.255.1.12                |
| 6529c62c-0754-4cc6-a012-e77e71795eb1 | CIRROSone | ACTIVE  | -            | Running     | SERVER_VLAN_1=10.255.1.15, 172.16.100.51 |
| 7784c6ed-eea8-49c9-a312-8c40a77c1758 | CIRROStwo | ACTIVE  | powering-off | Running     | SERVER_VLAN_1=10.255.1.14                |
| 7b6bfc23-f0df-4c40-b558-f8e4bb71028f | UBUNTUone | SHUTOFF | -            | Shutdown    | SERVER_VLAN_1=10.255.1.13                |
| 5c06344c-d5c1-4c0c-b074-c9a30e34759d | UBUNTUtwo | SHUTOFF | -            | Shutdown    | SecondVlan=5.5.5.2                       |
+--------------------------------------+-----------+---------+--------------+-------------+------------------------------------------+

root@columbo:~# ip netns exec qrouter-e53979a8-8bab-4da5-9b57-58dba6d5db7b ping 172.16.100.51
PING 172.16.100.51 (172.16.100.51) 56(84) bytes of data.
64 bytes from 172.16.100.51: icmp_seq=1 ttl=64 time=5.68 ms
64 bytes from 172.16.100.51: icmp_seq=2 ttl=64 time=1.86 ms
^C
--- 172.16.100.51 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.866/3.776/5.687/1.911 ms

如果我将我的neutron router-list输出与你的比较,有两点不同:

  1. 您的路由器未链接到外部网络(我说的是您从其名称空间运行 ping 的 router1)。当您将其设置为特定网络的默认网关时,那里会列出一个。所以再次尝试从另一个命名空间 ping
  2. 我没有看到您的输出中提到的 IP 地址。也许您没有复制它...对我来说,我获得了外部网络中的第一个 IP(这是默认行为)

我希望它有所帮助。

于 2015-04-05T13:48:27.727 回答
0

检查br-ex是否有IP地址?如果没有分配 172.24.4.1 ip 地址并尝试 ping。

于 2015-03-18T15:43:54.120 回答