OpenStack的，中子，不能ping外網

我跟了冰窖文檔安裝一個3節點環境我OpenStack的節點都在CentOS的OpenStack的，中子，不能ping外網

http://docs.openstack.org/icehouse/install-guide/install/yum/content/basics-networking-neutron.html

建造，如同使用libvirt的虛擬機在我的網絡節點，外部NIC被配置不用其他IP按照文檔。（PROMISC = 「是」）

DEVICE="eth1" 
TYPE="Ethernet" 
ONBOOT="yes" 
PROMISC="yes" 
BOOTPROTO="none" 
HWADDR="52:54:00:D3:92:E2" 
UUID="7f8a9e99-fbd0-4c59-900f-2369c9e8f780"

然而，後增加網絡服務。 我無法在下面的階段ping外部網絡。 >外（外部geteway）

[[email protected] ~]# ping 192.168.125.254 
PING 192.168.125.254 (192.168.125.254) 56(84) bytes of data. 
From 192.168.125.54 icmp_seq=1 Destination Host Unreachable 
From 192.168.125.54 icmp_seq=2 Destination Host Unreachable 
From 192.168.125.54 icmp_seq=3 Destination Host Unreachable

2）外 - - >內部

[[email protected] ~]# ping 192.168.125.150 
PING 192.168.125.150 (192.168.125.150) 56(84) bytes of data. 
--> receive no response

這是

http://docs.openstack.org/icehouse/install-guide/install/yum/content/neutron_initial-networks-verify.html

網絡節點上（租戶路由器網關）的內部1）我的環境信息：

1）control LER節點

###The status of the port for external is "DOWN"### 

[[email protected]]# ip a 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
    inet 127.0.0.1/8 scope host lo 
    inet6 ::1/128 scope host 
     valid_lft forever preferred_lft forever 
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 
    link/ether 52:54:00:91:4e:06 brd ff:ff:ff:ff:ff:ff 
    inet 10.0.0.11/24 brd 10.0.0.255 scope global eth0 
    inet6 fe80::5054:ff:fe91:4e06/64 scope link 
     valid_lft forever preferred_lft forever 
[[email protected]]# 
[[email protected]]# neutron net-list 
+--------------------------------------+----------+-------------------------------------------------------+ 
| id         | name  | subnets            | 
+--------------------------------------+----------+-------------------------------------------------------+ 
| 9cebb2a6-fd73-4ef7-81d2-188652f57ecd | demo-net | c66648c9-c34b-4806-af39-3c982378a411 172.30.1.0/24 | 
| e5f7b93c-475c-4c9d-95e4-8d1cf7728013 | ext-net | a1e1fcc6-d596-4959-8923-9b46d64445af 192.168.125.0/24 | 
+--------------------------------------+----------+-------------------------------------------------------+ 
[[email protected]]# neutron subnet-list 
+--------------------------------------+-------------+------------------+--------------------------------------------------------+ 
| id         | name  | cidr    | allocation_pools          | 
+--------------------------------------+-------------+------------------+--------------------------------------------------------+ 
| a1e1fcc6-d596-4959-8923-9b46d64445af | ext-subnet | 192.168.125.0/24 | {"start": "192.168.125.150", "end": "192.168.125.159"} | 
| c66648c9-c34b-4806-af39-3c982378a411 | demo-subnet | 172.30.1.0/24 | {"start": "172.30.1.2", "end": "172.30.1.254"}   | 
+--------------------------------------+-------------+------------------+--------------------------------------------------------+ 
[[email protected]]# 
[[email protected]]# neutron port-list 
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+ 
| id         | name | mac_address  | fixed_ips                    | 
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+ 
| 9810105a-edf5-41bc-a140-81ccf71f6bc4 |  | fa:16:3e:34:fd:cb | {"subnet_id": "a1e1fcc6-d596-4959-8923-9b46d64445af", "ip_address": "192.168.125.150"} | 
| 98c762ea-d7f7-4c1d-9b74-73efc9990236 |  | fa:16:3e:cb:0c:11 | {"subnet_id": "c66648c9-c34b-4806-af39-3c982378a411", "ip_address": "172.30.1.1"}  | 
| f5eec840-e629-448b-ba9a-fbcd60501247 |  | fa:16:3e:ae:a6:fa | {"subnet_id": "c66648c9-c34b-4806-af39-3c982378a411", "ip_address": "172.30.1.2"}  | 
+--------------------------------------+------+-------------------+----------------------------------------------------------------------------------------+ 
[[email protected]]# 
[[email protected]]# neutron port-show 9810105a-edf5-41bc-a140-81ccf71f6bc4 
+-----------------------+----------------------------------------------------------------------------------------+ 
| Field     | Value                     | 
+-----------------------+----------------------------------------------------------------------------------------+ 
| admin_state_up  | True                     | 
| allowed_address_pairs |                      | 
| binding:host_id  | os-network                    | 
| binding:profile  | {}                      | 
| binding:vif_details | {"port_filter": true, "ovs_hybrid_plug": true}           | 
| binding:vif_type  | ovs                     | 
| binding:vnic_type  | normal                     | 
| device_id    | 8ae4b1fa-fb60-4690-bbe2-febbfbcf7555             | 
| device_owner   | network:router_gateway                 | 
| extra_dhcp_opts  |                      | 
| fixed_ips    | {"subnet_id": "a1e1fcc6-d596-4959-8923-9b46d64445af", "ip_address": "192.168.125.150"} | 
| id     | 9810105a-edf5-41bc-a140-81ccf71f6bc4             | 
| mac_address   | fa:16:3e:34:fd:cb                  | 
| name     |                      | 
| network_id   | e5f7b93c-475c-4c9d-95e4-8d1cf7728013             | 
| security_groups  |                      | 
| status    | DOWN                     | 
| tenant_id    |                      | 
+-----------------------+----------------------------------------------------------------------------------------+ 
[[email protected]]# 
[[email protected]]# neutron router-show demo-router 
+-----------------------+-----------------------------------------------------------------------------+ 
| Field     | Value                  | 
+-----------------------+-----------------------------------------------------------------------------+ 
| admin_state_up  | True                  | 
| external_gateway_info | {"network_id": "e5f7b93c-475c-4c9d-95e4-8d1cf7728013", "enable_snat": true} | 
| id     | 8ae4b1fa-fb60-4690-bbe2-febbfbcf7555          | 
| name     | demo-router                 | 
| routes    |                    | 
| status    | ACTIVE                  | 
| tenant_id    | c94f1dc5870a4d06a8b6ba947e1ac554           | 
+-----------------------+-----------------------------------------------------------------------------+ 
[[email protected]]# 
[[email protected]]# neutron router-list 
+--------------------------------------+-------------+-----------------------------------------------------------------------------+ 
| id         | name  | external_gateway_info              | 
+--------------------------------------+-------------+-----------------------------------------------------------------------------+ 
| 8ae4b1fa-fb60-4690-bbe2-febbfbcf7555 | demo-router | {"network_id": "e5f7b93c-475c-4c9d-95e4-8d1cf7728013", "enable_snat": true} | 
+--------------------------------------+-------------+-----------------------------------------------------------------------------+ 
[[email protected]]# 
[[email protected]]#

2）網絡節點

[[email protected] ~]# ip a 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 
    inet 127.0.0.1/8 scope host lo 
    inet6 ::1/128 scope host 
     valid_lft forever preferred_lft forever 
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 
    link/ether 52:54:00:f6:31:07 brd ff:ff:ff:ff:ff:ff 
    inet 10.0.0.21/24 brd 10.0.0.255 scope global eth0 
    inet6 fe80::5054:ff:fef6:3107/64 scope link 
     valid_lft forever preferred_lft forever 
3: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 
    link/ether 52:54:00:d3:92:e2 brd ff:ff:ff:ff:ff:ff 
    inet6 fe80::5054:ff:fed3:92e2/64 scope link 
     valid_lft forever preferred_lft forever 
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 
    link/ether 52:54:00:48:c8:65 brd ff:ff:ff:ff:ff:ff 
    inet 10.0.1.21/24 brd 10.0.1.255 scope global eth2 
    inet6 fe80::5054:ff:fe48:c865/64 scope link 
     valid_lft forever preferred_lft forever 
5: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether ea:8e:aa:ad:57:60 brd ff:ff:ff:ff:ff:ff 
6: br-ex: <BROADCAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether a2:f1:0b:6b:34:4f brd ff:ff:ff:ff:ff:ff 
    inet6 fe80::a0f1:bff:fe6b:344f/64 scope link 
     valid_lft forever preferred_lft forever 
9: br-int: <BROADCAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether 32:a4:53:15:fc:4f brd ff:ff:ff:ff:ff:ff 
    inet6 fe80::30a4:53ff:fe15:fc4f/64 scope link 
     valid_lft forever preferred_lft forever 
12: gre0: <NOARP> mtu 1476 qdisc noop state DOWN 
    link/gre 0.0.0.0 brd 10.0.0.31 
13: gretap0: <BROADCAST,MULTICAST> mtu 1476 qdisc noop state DOWN qlen 1000 
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff 
22: [email protected]: <POINTOPOINT,NOARP> mtu 1476 qdisc noqueue state DOWN 
    link/gre 0.0.0.0 peer 10.0.0.31 
    inet 10.0.1.21 peer 10.0.1.31/32 scope global tun0 
24: br-tun: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether de:a8:a4:b1:b1:46 brd ff:ff:ff:ff:ff:ff 
    inet6 fe80::dc0e:8cff:fe67:d352/64 scope link 
     valid_lft forever preferred_lft forever 
[[email protected] ~]# 
[[email protected] ~]# ovs-vsctl show 
23804a8f-7c89-4422-9b9f-67bf26a34c51 
    Bridge br-int 
     fail_mode: secure 
     Port br-int 
      Interface br-int 
       type: internal 
     Port "qr-98c762ea-d7" 
      tag: 1 
      Interface "qr-98c762ea-d7" 
       type: internal 
     Port patch-tun 
      Interface patch-tun 
       type: patch 
       options: {peer=patch-int} 
     Port "tapf5eec840-e6" 
      tag: 1 
      Interface "tapf5eec840-e6" 
       type: internal 
    Bridge br-ex 
     Port "eth1" 
      Interface "eth1" 
     Port br-ex 
      Interface br-ex 
       type: internal 
     Port "qg-9810105a-ed" 
      Interface "qg-9810105a-ed" 
       type: internal 
    Bridge br-tun 
     Port patch-int 
      Interface patch-int 
       type: patch 
       options: {peer=patch-tun} 
     Port "gre-0a00011f" 
      Interface "gre-0a00011f" 
       type: gre 
       options: {in_key=flow, local_ip="10.0.1.21", out_key=flow, remote_ip="10.0.1.31"} 
     Port br-tun 
      Interface br-tun 
       type: internal 
    ovs_version: "1.11.0" 
[[email protected] ~]# 
[[email protected] ~]# ip netns list 
qdhcp-9cebb2a6-fd73-4ef7-81d2-188652f57ecd 
qrouter-8ae4b1fa-fb60-4690-bbe2-febbfbcf7555 
[[email protected] ~]# 
[[email protected] ~]# ip netns exec qrouter-8ae4b1fa-fb60-4690-bbe2-febbfbcf7555 route -n 
Kernel IP routing table 
Destination  Gateway   Genmask   Flags Metric Ref Use Iface 
172.30.1.0  0.0.0.0   255.255.255.0 U  0  0  0 qr-98c762ea-d7 
192.168.125.0 0.0.0.0   255.255.255.0 U  0  0  0 qg-9810105a-ed 
0.0.0.0   192.168.125.254 0.0.0.0   UG 0  0  0 qg-9810105a-ed 
[[email protected] ~]#

任何提示，將不勝感激！

乾杯，

hbseo

來源

2014-08-28 jazzsir

我處於同樣的情況，你有沒有找到解決辦法？ – 2014-12-27 16:32:08

我知道已經晚了......但讓我試着回答。無法ping外部網絡可能與虛擬化和混雜模式有關，但我認爲這一步不應該起作用。我會試着解釋爲什麼。有關如何設置網絡的非常好的解釋，您可以查看此演示文稿：https://www.hastexo.com/system/files/neutron_packet_flows-notes-handout.pdf

您在此處涉及多個並行網絡空間。

首先你有主機的全局或主要路由表。在網絡節點的情況下，您有3個以太網接口，兩個帶有和IP地址，另一個沒有。

第二你有你的外部網絡。這未在您的網絡主機上配置。如果你想運行

的netstat -rn

你不會看到對外部網絡的路由。這意味着當您向外部網關發送ICMP數據包時，它們將轉到在網絡節點上設置的默認網關，而不會被回答。這個網絡存在於中子路由器的網絡命名空間中。

第三，您擁有的租戶網絡也不在您的主要網絡空間中，而是位於相同的中子路由器命名空間中。

舉例說明我會告訴你它是如何在我的設置中看起來的。我有一個在Virtualbox機器內運行的節點，它運行的是Ubuntu Trusty。我的接口是管理員eth0（也是我的默認網關連接到Virtualbox中的NAT網絡），eth1是通道，eth2是我的外部網絡（也連接到172.16.100.0/24範圍內的NAT網絡）。

這裏是Ubuntu的虛擬機的路由表的樣子：

[email protected]:~# netstat -rn 
Kernel IP routing table 
Destination  Gateway   Genmask   Flags MSS Window irtt Iface 
0.0.0.0   10.0.1.1  0.0.0.0   UG  0 0   0 eth0 
10.0.1.0  0.0.0.0   255.255.255.0 U   0 0   0 eth0 
10.0.2.0  0.0.0.0   255.255.255.0 U   0 0   0 eth1 
192.168.56.0 0.0.0.0   255.255.255.0 U   0 0   0 eth3 
192.168.122.0 0.0.0.0   255.255.255.0 U   0 0   0 virbr0

因此，沒有我的外部網（172.16.100.1）的跡象。如果我嘗試ping它，我得到什麼：

ping 172.16.100.1 
PING 172.16.100.1 (172.16.100.1) 56(84) bytes of data. 
^C 
--- 172.16.100.1 ping statistics --- 
3 packets transmitted, 0 received, 100% packet loss, time 2004ms

現在你可以看到什麼樣的網絡命名空間，你必須使用命令IP netns列表

[email protected]:~# ip netns list 
qrouter-e53979a8-8bab-4da5-9b57-58dba6d5db7b 
qdhcp-120a6fde-7e2d-4856-90ee-5609a5f3035f 
qdhcp-b7ab2080-a71a-44f6-9f66-fde526bb73d3

在裏面你可以運行一個命名空間大部分正常命令 - 請參閱波紋管

[email protected]:~# ip netns exec qrouter-e53979a8-8bab-4da5-9b57-58dba6d5db7b netstat -rn 
Kernel IP routing table 
Destination  Gateway   Genmask   Flags MSS Window irtt Iface 
0.0.0.0   172.16.100.1 0.0.0.0   UG  0 0   0 qg-c69702a9-ae 
10.255.1.0  0.0.0.0   255.255.255.0 U   0 0   0 qr-e706aba1-46 
172.16.100.0 0.0.0.0   255.255.255.0 U   0 0   0 qg-c69702a9-ae

和

[email protected]:~# ip netns exec qrouter-e53979a8-8bab-4da5-9b57-58dba6d5db7b arp -an 
? (10.255.1.12) at fa:16:3e:40:50:36 [ether] on qr-e706aba1-46 
? (172.16.100.1) at 52:54:00:12:35:00 [ether] on qg-c69702a9-ae 
? (10.255.1.14) at fa:16:3e:75:5f:b4 [ether] on qr-e706aba1-46

，現在平就可以了（命名空間內）

[email protected]:~# ip netns exec qrouter-e53979a8-8bab-4da5-9b57-58dba6d5db7b ping 172.16.100.1 
PING 172.16.100.1 (172.16.100.1) 56(84) bytes of data. 
64 bytes from 172.16.100.1: icmp_seq=1 ttl=255 time=2.55 ms 
64 bytes from 172.16.100.1: icmp_seq=2 ttl=255 time=0.555 ms 
^C 
--- 172.16.100.1 ping statistics --- 
2 packets transmitted, 2 received, 0% packet loss, time 1002ms 
rtt min/avg/max/mdev = 0.555/1.554/2.553/0.999 ms

我也可以ping其IP 172.16.100.50路由器：

[email protected]:~# ip netns exec qrouter-e53979a8-8bab-4da5-9b57-58dba6d5db7b ping 172.16.100.50 
PING 172.16.100.50 (172.16.100.50) 56(84) bytes of data. 
64 bytes from 172.16.100.50: icmp_seq=1 ttl=64 time=0.065 ms 
64 bytes from 172.16.100.50: icmp_seq=2 ttl=64 time=0.065 ms 
^C 
--- 172.16.100.50 ping statistics --- 
2 packets transmitted, 2 received, 0% packet loss, time 999ms 
rtt min/avg/max/mdev = 0.065/0.065/0.065/0.000 ms

同樣爲我的租戶網絡

[email protected]:~# neutron net-list 
+--------------------------------------+---------------+------------------------------------------------------+ 
| id         | name   | subnets            | 
+--------------------------------------+---------------+------------------------------------------------------+ 
| 120a6fde-7e2d-4856-90ee-5609a5f3035f | SecondVlan | 5432f1c9-0bb6-4619-b897-65d301071f72 5.5.5.0/25  | 
| f2597437-a005-44ad-9ce2-168fbc331e56 | outside_world | 3fe35e71-53d7-4432-8c82-a06856b79316 172.16.100.0/24 | 
| b7ab2080-a71a-44f6-9f66-fde526bb73d3 | SERVER_VLAN_1 | 87d769f1-5cf3-48cf-8741-44a01479ff3e 10.255.1.0/24 | 
+--------------------------------------+---------------+------------------------------------------------------+

ping在服務器VLAN

[email protected]:~# ip netns exec qrouter-e53979a8-8bab-4da5-9b57-58dba6d5db7b ping 10.255.1.1 
PING 10.255.1.1 (10.255.1.1) 56(84) bytes of data. 
64 bytes from 10.255.1.1: icmp_seq=1 ttl=64 time=0.050 ms 
64 bytes from 10.255.1.1: icmp_seq=2 ttl=64 time=0.064 ms 
^C 
--- 10.255.1.1 ping statistics --- 
2 packets transmitted, 2 received, 0% packet loss, time 999ms 
rtt min/avg/max/mdev = 0.050/0.057/0.064/0.007 ms

我希望這是對別人的和有用的並不完全有缺陷的租客路由器。

來源

2015-03-26 11:18:40

OpenStack的，中子，不能ping外網

回答

相關問題