我在 Openstack 中遇到了网络问题。我的 openstack(MaaS + JuJu + Conjure-up)设置已成功部署,但当我启动一个实例时,没有互联网连接,我的路由器也没有从外部网络 ping 通(我的 Openstack VM 可以 ping 通路由器)。
任何线索都会非常有帮助。
跟踪路由 o/p:
$sudo ip netns exec qrouter-ce0ba09f-8220-4414-91e2-b6896b596aef traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 172.18.0.111 (172.18.0.111) 2999.458 ms !H 2999.416 ms !H 2999.409 ms !H
来自路由器的 iptables o/p:
来自路由器的 iptables NAT 规则
$ sudo ip netns exec qrouter-ce0ba09f-8220-4414-91e2-b6896b596aef iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
neutron-l3-agent-PREROUTING all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
neutron-l3-agent-OUTPUT all -- anywhere anywhere
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
neutron-l3-agent-POSTROUTING all -- anywhere anywhere
neutron-postrouting-bottom all -- anywhere anywhere
Chain neutron-l3-agent-OUTPUT (1 references)
target prot opt source destination
DNAT all -- anywhere 172.18.0.108 to:10.0.0.4
Chain neutron-l3-agent-POSTROUTING (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ! ctstate DNAT
Chain neutron-l3-agent-PREROUTING (1 references)
target prot opt source destination
REDIRECT tcp -- anywhere 169.254.169.254 tcp dpt:http redir ports 9697
DNAT all -- anywhere 172.18.0.108 to:10.0.0.4
Chain neutron-l3-agent-float-snat (1 references)
target prot opt source destination
SNAT all -- 10.0.0.4 anywhere to:172.18.0.108
Chain neutron-l3-agent-snat (1 references)
target prot opt source destination
neutron-l3-agent-float-snat all -- anywhere anywhere
SNAT all -- anywhere anywhere to:172.18.0.111
SNAT all -- anywhere anywhere mark match ! 0x2/0xffff ctstate DNAT to:172.18.0.111
Chain neutron-postrouting-bottom (1 references)
target prot opt source destination
neutron-l3-agent-snat all -- anywhere anywhere /* Perform source NAT on outgoing traffic. */