neutron

Vms cannot ping dhcp server on another network with a router

Asked by yong sheng gong

HI,
I create two networks and with one subnet on each:
10.0.1.0/24 on private net1
20.0.1.0/24 on private net2
then I start one VM on each of this network:
server1 with 10.0.1.3 IP
server2 with 20.0.1.3 IP.
then I create a router and add two interfaces to this router:
quantum router-interface-add router1 subnet1
quantum router-interface-add router1 subnet2
then In Vm server1, I can ping 20.0.1.3 (server2)and 20.0.1.1 (router)
but I cannot ping 20.0.1.2(dhcp server)
in VM server2, I can ping 10.0.1.3 and 10.0.1.1, but I cannot ping 10.0.1.2 either.
in router namespace, I can ping 10.0.1.2 and 20.0.1.2:
sudo ip netns exec qrouter-3d7229c6-2594-425e-8551-665817ecbb99 ping 10.0.1.2
PING 10.0.1.2 (10.0.1.2) 56(84) bytes of data.
64 bytes from 10.0.1.2: icmp_req=1 ttl=64 time=0.580 ms
64 bytes from 10.0.1.2: icmp_req=2 ttl=64 time=0.083 ms

any one can explain this?

Question information

Language:
English Edit question
Status:
Solved
For:
neutron Edit question
Assignee:
No assignee Edit question
Solved by:
dan wendlandt
Solved:
Last query:
Last reply:
Revision history for this message
dan wendlandt (danwent) said : 		#1

interesting, I will try to repro.

can a VM ping its local DHCP IP? In the example about, you showed that VMs cannot reach the DHCP server in the other subnet.

Revision history for this message
yong sheng gong (gongysh) said : 		#2

Yes. It can ping its own DHCP server.

Revision history for this message
Best dan wendlandt (danwent) said : 		#3

Hi Yong,

Sorry it took me so long to fully investigate this. It turns out the answer is actually quite simple, it just took me a while to figure it out.

The reason you're seeing this behavior is that the namespace for the DHCP server only has a route to a local subnet, it does not have a "default route" to reach other subnets. Thus, you can ping it from an IP in the same subnet as the DHCP server, but not from any server in a different subnet.

Arguably this is the right thing, as their is no reason anyone outside of the local subnet needs to contact the DHCP server.

Revision history for this message
yong sheng gong (gongysh) said : 		#4

Yes, I agree with you. In fact, I answer other's email with the same idea as yours here.

Thanks

Revision history for this message
yong sheng gong (gongysh) said : 		#5

Thanks dan wendlandt, that solved my question.