Openstack VM is not allowed to send packets with the floating ip as origin

thurlimann

11/22/22, 7:57 AM

I have the following problem, following up on my previous attempt to seek help.

I have a VM that wants to communicate with other VMs that reside somewhere outside of OpenStack. I tried doing that simply by assigning a floating ip. However this fails as soon as the VM is starting to communicate by binding to the floating ip.

This effectively means, the VM must be able to send packets originating from the floating ip. This however gets filtered out right away, and does not even leave the hypervisor node. The question now left is: How can I make OpenStack/openVSwitch obey? It should allow sending IP Packets from floating ips when the VM owns them.

Thanks so much in advance.

0 + 5

networking

openstack

openstack-neutron

berndbausch

11/22/22, 2:49 PM

Normally, you don't need a floating IP to communicate with the outside world. By default, routers with an external gateway perform SNAT, with and without floating IP. If the sending VM has a floating IP, packets will have the floating IP as source.

berndbausch

11/22/22, 2:52 PM

You seem to say that binding a socket to the floating IP fails. This is true. The VM's kernel knows nothing about the floating IP and refuses binding. Solution: Bind to the fixed IP.

thurlimann

11/23/22, 6:58 AM

@berndbausch well you're wrong... . Binding is easily possible by adding the IP locally to the VM as well. This is a common practice outside the OpenStack universe for externally routed VIPs. And I need to bind, since the daemons, flannel, calico etcd. need to know the external ip and there is no mode to tell them to operate in a non binding mode while respecting the real external ip.

berndbausch

11/23/22, 11:18 AM

Sure, you can add any IP to the VM. The question is whether you can use that IP to connect to anything. I have installed Kubernetes with flannel on OpenStack, manually and with Magnum (in case you are interested: https://itnext.io/running-a-kubernetes-cluster-on-devstack-533d579bb2f9), without the need to add the floating IP to VMs' interfaces.

thurlimann

11/26/22, 12:41 PM

well you missed the point unfortunately. @berndrausch . This will not work if you have nodes outside of openstack **and** inside openstack.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Openstack VM is not allowed to send packets with the floating ip as origin

TH: ไม่อนุญาตให้ Openstack VM ส่งแพ็กเก็ตที่มี ip แบบลอยเป็นจุดเริ่มต้น

RO: Openstack VM nu are voie să trimită pachete cu IP-ul plutitor ca origine

RU: Openstack VM не может отправлять пакеты с плавающим IP-адресом в качестве источника

VI: Openstack VM không được phép gửi các gói có ip nổi làm nguồn gốc

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.