neutron

Unable to ping from one network to other

Asked by aditya neelkanth

Hi,
I have two private networks
In net1, i have subnet1 (10.10.10.0/24) and VM1 with IP 10.10.10.2
in net2, i have subnet2 (20.20.20.0/24) and VM2 with IP 20.20.20.2

I have a bridge VM12 with interfaces to both subnet1 (of net1) and subnet2 (of net2) with IPs 10.10.10.4 and 20.20.20.4 respectively.

I set the default gateways for net1 and net2 with:
route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.10.10.4
route add -net 20.20.20.0 netmask 255.255.255.0 gw 20.20.20.4

and I even enabled IPv4 forwarding for VM12 with sysctl -w net.ipv4.ip_forward=1.
But i am unable to ping from VM1 to VM2 or vice versa.

in My controller node, /etc/sysctl.conf too, net.ipv4.ip_forward is set to 1

Thanks.

Question information

Language:
English Edit question
Status:
Answered
For:
neutron Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Jianyong Chen (jianyong-jychen) said : 		#1

I test the scenario you said.

VM1(1.1.1.2)--------(1.1.1.4)VM12(2.2.2.4)-----VM2(2.2.2.2)

The result is it works. I think you can check the route with route command in the VM1, VM12 and VM2. And then check the VM12 with ifconfig and route. And see if the ip_forward is really set by 'cat /proc/sys/net/ipv4/ip_forward'.

Jianyong

Revision history for this message
aditya neelkanth (aditya-neel09) said : 		#2

in VM12 i did 'cat /proc/sys/net/ipv4/ip_forward and the output is '1'

I dont see any error in the result of the route command:

VM1
Destination Gateway
default 10.10.10.4
10.10.10.0 *

VM2
Destination Gateway
default 20.20.20.4
20.20.20.0 *

VM12
Destination Gateway
10.10.10.0 10.10.10.4
10.10.10.0 *
20.20.20.0 20.20.20.4
20.20.20.0 *

I did traceroute and the output for the hops were * * *

The thing is, when I create VM12 (or any VM with multiple interfaces), it only shows one interface 'eth0' when i do ifconfig
so i had to do this:
sudo ifconfig eth1 20.20.20.4 netmask 255.255.255.0

Could this be the issue?

Revision history for this message
aditya neelkanth (aditya-neel09) said : 		#3

ok i enabled the remaining interfaces by editing /etc/network/interfaces but that too didnt help.

Revision history for this message
yong sheng gong (gongysh) said : 		#4

I think it is the sg blocks the ping traffic. so you need to add related sg rules.

Revision history for this message
Jianyong Chen (jianyong-jychen) said : 		#5

Hi Adi,

From the following comments of yours:

The thing is, when I create VM12 (or any VM with multiple interfaces), it only shows one interface 'eth0' when i do ifconfig
so i had to do this:
sudo ifconfig eth1 20.20.20.4 netmask 255.255.255.0

Things may be the interface and ip address is added manually. Maybe it's not in the network of 20.20.20.x. Can u please give the output of "ovs-vsctl show" in VM12?

Revision history for this message
Jianyong Chen (jianyong-jychen) said : 		#6

Sorry not in VM12 but for VM12 in its host node.

Revision history for this message
aditya neelkanth (aditya-neel09) said : 		#7

Hi,
I have added all the security group rules for tcp, udp and icmp so i think there is no problem over there.

I did the ovs-vsctl on the host and below is the result....unfortunately i am quite new so dont know how to run 'ovs-vsctl show' on a particular instance

root@controller:~# ovs-vsctl show
10f5f273-a7a0-47e1-a848-597df19d3a74
    Bridge br-int
        Port "tapf10a0e2a-d9"
            tag: 4095
            Interface "tapf10a0e2a-d9"
                type: internal
        Port "qvo38bc7050-80"
            tag: 16
            Interface "qvo38bc7050-80"
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
        Port "qvof0b73ab0-f9"
            tag: 1
            Interface "qvof0b73ab0-f9"
        Port "qvo424c5f5c-55"
            tag: 2
            Interface "qvo424c5f5c-55"
        Port br-int
            Interface br-int
                type: internal
        Port "qr-28572bb9-a6"
            tag: 3
            Interface "qr-28572bb9-a6"
                type: internal
        Port "tap0595b2c3-90"
            tag: 4095
            Interface "tap0595b2c3-90"
                type: internal
        Port "tap5fceccb8-a7"
            tag: 1
            Interface "tap5fceccb8-a7"
                type: internal
        Port "tap1fbce3bb-f5"
            tag: 4095
            Interface "tap1fbce3bb-f5"
                type: internal
        Port "tap3f7a0453-8e"
            tag: 3
            Interface "tap3f7a0453-8e"
                type: internal
        Port "qvo042c3e0b-21"
            tag: 7
            Interface "qvo042c3e0b-21"
        Port "tap6ca28777-22"
            tag: 4095
            Interface "tap6ca28777-22"
                type: internal
        Port "qvobff6b5ef-fe"
            tag: 1
            Interface "qvobff6b5ef-fe"
        Port "tapcfbe10b2-e2"
            tag: 4095
            Interface "tapcfbe10b2-e2"
                type: internal
        Port "qvo6ebccb67-9a"
            tag: 2
            Interface "qvo6ebccb67-9a"
        Port "tapd9ada95d-a0"
            tag: 2
            Interface "tapd9ada95d-a0"
                type: internal
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "qg-c6f52b23-ac"
            Interface "qg-c6f52b23-ac"
                type: internal
    Bridge br-tun
        Port br-tun
            Interface br-tun
                type: internal
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
    ovs_version: "1.4.0+build0"

Thanks

Revision history for this message
Liping Mao (limao) said : 		#8

Hi,
I think you need to check step by step:
VM1(1.1.1.2)--------(1.1.1.4)VM12(2.2.2.4)-----VM2(2.2.2.2)

1. on VM1, VM2, VM12 the interface ip and route is correct.
2. if 1 is right, you need to use tcpdump to catch the icmp packet on interface 1.1.1.4 , 2.2.2.4 and 2.2.2.2 to find where block your packets.

Can you help with this problem?

Provide an answer of your own, or ask aditya neelkanth for more information if necessary.

To post a message you must log in.