0

I have OpenStack Queens deployed using Packstack on CentOS 7. My network has a pfSense firewall. I launched an instance and associated a floating IP to i. But when i try to ping it, it shows "destination unavailable".

I tried adding an entry to pfSense with the mac address of my instance and the floating IP allocated but it still doesn't seem to work. I want my virtual instances to be available in my network.

My physical network: 172.16.0.0/16.
Gateway: 172.16.0.1  
IP of my physical node(static): 172.16.9.24
Floating IP assigned: 172.16.9.65
IP of router to external network: 172.16.9.67

my ifcfg-br-ex file :

DEVICE="br-ex"
DEVICETYPE=ovs
TYPE=OVSBridge
ONBOOT=yes
IPV6INIT=no
BOOTPROTO=none
DNS1=172.16.0.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPADDR=172.16.9.24
PREFIX=16
GATEWAY=172.16.0.1

my ifcfg-p4p1 file :

NAME="p4p1"
DEVICE="p4p1"
ONBOOT=yes
IPV6INIT=no
BOOTPROTO=none
DEVICETYPE=ovs
TYPE=OVSPort
OVS_BRIDGE=br-ex

my ifconfig output :

````br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.9.24  netmask 255.255.0.0  broadcast 172.16.255.255
        inet6 fe80::84b:6fff:fe01:214f  prefixlen 64  scopeid 0x20<link>
        ether b0:83:fe:97:e1:7f  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 206  bytes 8972 (8.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 202838  bytes 34140047 (32.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 202838  bytes 34140047 (32.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

p4p1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether b0:83:fe:97:e1:7f  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qbrc9a89eb9-b7: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        ether f2:32:57:4c:c1:a6  txqueuelen 1000  (Ethernet)
        RX packets 17  bytes 916 (916.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvbc9a89eb9-b7: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1450
        inet6 fe80::f032:57ff:fe4c:c1a6  prefixlen 64  scopeid 0x20<link>
        ether f2:32:57:4c:c1:a6  txqueuelen 1000  (Ethernet)
        RX packets 18  bytes 1244 (1.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 656 (656.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

qvoc9a89eb9-b7: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1450
        inet6 fe80::78ff:b0ff:fe9b:14b1  prefixlen 64  scopeid 0x20<link>
        ether 7a:ff:b0:9b:14:b1  txqueuelen 1000  (Ethernet)
        RX packets 8  bytes 656 (656.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 18  bytes 1244 (1.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
mr_pool_404
  • 101
  • 3
  • Hello and welcome to Server Fault! Can you [edit](https://serverfault.com/posts/950155/edit) your question and share some details about your setup? – Daniele Santi Jan 22 '19 at 10:03
  • What details do you want?? – mr_pool_404 Jan 22 '19 at 16:18
  • As a start, the configuration of the virtual ip. If it doesn't ping, it means is _probably_ not associated to an interface. Or there can be a routing problem. Can you ping the IP(s) associated to the _physical_ interface? – Daniele Santi Jan 22 '19 at 16:20
  • I have edited the question. yes i can ping my physical interface but i have configured it as an ovs port as shown in the video https://youtu.be/eOlIB323c8s – mr_pool_404 Jan 22 '19 at 16:32
  • Just to be clear. You _can_ ping `172.16.9.24` but _cannot_ `172.16.9.65`? Can you ping `172.16.9.67` from the machine itself? Also, can you share the _actual_ configuration for the network, i.e. the content of the config file(s)? – Daniele Santi Jan 22 '19 at 16:35
  • yes i can ping 172.16.9.24 and not the other two.I will share the config files shortly thank you for the responses – mr_pool_404 Jan 22 '19 at 16:36
  • @MrShunz I have edited my question let me know if you need any more details. I was thinking can we add such rule in pfsense that a particular mac can get any ip? – mr_pool_404 Jan 24 '19 at 09:18

0 Answers0