Corporate Home Open Source Home
Syndicate content
Eucalyptus
Forums » Eucalyptus Support » Cannot connect from VMs to Internet
6 replies [Last post]
Mon, 03/22/2010 - 06:51
l3golas
Offline
Joined: 03/04/2010

Hello,
my problem is, as indicated in the subject, I can't connect from VMs to Internet.

  • My configuration is a frontend and 2 nodes, they all have Ubuntu Server 9.10 (Karmic Koala) x64, and I installed Ubuntu's Ecalyptus version (called by them UEC, that is Eucalyptus 1.6) following the guide on Ubuntu UEC website (so most of parameters are automatically set and I didn't change them).
  • The hypervisor is KVM.
  • The frontend and the 2 nodes are all connected to a cable Ethernet LAN: the frontend has address 151.97.9.185, while the two nodes have addresses respectively 151.97.9.179 and 151.97.9.180. I used as gateway ours (151.97.9.2) and as DNS Google DNS (8.8.8.8). All the machines ping well between each other and access Internet.
  • I installed in the frontend the last version of Hybridfox (1.6) and I started from it 2 virtual machines that have Ubuntu Server 9.10 x64 on them (from the images found in Ubuntu website). They have respectively addresses 172.19.1.2 and 172.19.1.3.
  • I can connect to each VM through SSH with no problems. Here the problem: into the VM, it seems to see only the internal network, and not outside: I mean I can ping the other VMs but not external addresses, like www.google.com or 8.8.8.8 (Google DNS). I think it's not normal...

This is the last part of my eucalyptus.conf:

VNET_MODE="MANAGED-NOVLAN"
VNET_SUBNET="172.19.0.0"
VNET_NETMASK="255.255.0.0"
VNET_DNS="8.8.8.8"
VNET_ADDRSPERNET="32"
VNET_PUBLICIPS="151.97.9.179-151.97.9.180"

This is the ifconfig -a output:

eth0 Link encap:Ethernet HWaddr 00:c0:9f:ff:a3:08
inet addr:151.97.9.185 Bcast:151.97.9.255 Mask:255.255.255.0
inet6 addr: fec0::c:2c0:9fff:feff:a308/64 Scope:Site
inet6 addr: 2002:9761:5df:c:2c0:9fff:feff:a308/64 Scope:Global
inet6 addr: fe80::2c0:9fff:feff:a308/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:144391 errors:0 dropped:0 overruns:0 frame:0
TX packets:60030 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:34926483 (34.9 MB) TX bytes:21954801 (21.9 MB)
Interrupt:19 Base address:0x1800

eth0:metadata Link encap:Ethernet HWaddr 00:c0:9f:ff:a3:08
inet addr:169.254.169.254 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:19 Base address:0x1800

eth0:priv Link encap:Ethernet HWaddr 00:c0:9f:ff:a3:08
inet addr:172.19.1.1 Bcast:172.19.1.31 Mask:255.255.255.224
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:19 Base address:0x1800

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:345181 errors:0 dropped:0 overruns:0 frame:0
TX packets:345181 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:109334299 (109.3 MB) TX bytes:109334299 (109.3 MB)

wlan0 Link encap:Ethernet HWaddr 00:14:a4:64:07:73
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

wmaster0 Link encap:UNSPEC HWaddr 00-14-A4-64-07-73-00-00-00-00-00-00-00-00-00-00
[NO FLAGS] MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

This is my sudo iptables-save output:

# Generated by iptables-save v1.4.4 on Mon Mar 22 15:32:28 2010
*nat
:PREROUTING ACCEPT [53339:5606983]
:POSTROUTING ACCEPT [85:10752]
:OUTPUT ACCEPT [16616:1004664]
-A PREROUTING -s 172.19.0.0/16 -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 169.254.169.254:8773
-A POSTROUTING ! -d 172.19.0.0/16 -j MASQUERADE
COMMIT
# Completed on Mon Mar 22 15:32:28 2010
# Generated by iptables-save v1.4.4 on Mon Mar 22 15:32:28 2010
*filter
:INPUT ACCEPT [324083:108179995]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [326584:104894038]
:admin-default - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A FORWARD ! -d 172.19.0.0/16 -j ACCEPT
-A FORWARD -s 172.19.1.0/27 -d 172.19.1.0/27 -j ACCEPT
-A FORWARD -j admin-default
-A admin-default -d 172.19.1.0/27 -p tcp -m tcp --dport 22 -j ACCEPT
COMMIT
# Completed on Mon Mar 22 15:32:28 2010

So the question is: how can i connect to outside (for example to update my Ubuntu in my VM)? Thanks in advance,

l3golas

Mon, 03/22/2010 - 07:11
#1
l3golas
Offline
Joined: 03/04/2010
Another info

Another info is a part of my nc.log in the minute I tried Internet connection: after the following part, it seems to repeat it again and again. It refers to a 151.97.9.184 node that for now is switched off (I think that's why it returns errors in nc.log).

[Mon Mar 22 15:35:59 2010][001569][EUCADEBUG ] node 151.97.9.180 idle since 1269268481: (78/300) seconds
[Mon Mar 22 15:35:59 2010][001569][EUCADEBUG ] DescribeInstances(): done
[Mon Mar 22 15:35:59 2010][001569][EUCAERROR ] bad input params to vnetAttachTunnels()
[Mon Mar 22 15:35:59 2010][001569][EUCADEBUG ] failed to attach tunnels for vlan 10 during maintainNetworkState()
[Mon Mar 22 15:35:59 2010][001569][EUCAERROR ] network state maintainance failed
[Mon Mar 22 15:35:59 2010][001188][EUCADEBUG ] calling http://151.97.9.179:8775/axis2/services/EucalyptusNC
[Mon Mar 22 15:35:59 2010][001188][EUCADEBUG ] time left for next op: 60
[Mon Mar 22 15:35:59 2010][001188][EUCAINFO ] node=151.97.9.179 mem=3800/3288 disk=26686/25652 cores=2/0
[Mon Mar 22 15:35:59 2010][001188][EUCADEBUG ] calling http://151.97.9.180:8775/axis2/services/EucalyptusNC
[Mon Mar 22 15:35:59 2010][001188][EUCADEBUG ] time left for next op: 60
[Mon Mar 22 15:35:59 2010][001188][EUCAINFO ] node=151.97.9.180 mem=3801/3801 disk=127158/127158 cores=2/2
[Mon Mar 22 15:35:59 2010][001188][EUCADEBUG ] calling http://151.97.9.184:8775/axis2/services/EucalyptusNC
[Mon Mar 22 15:35:59 2010][001188][EUCADEBUG ] time left for next op: 60
[Mon Mar 22 15:36:02 2010][031784][EUCAERROR ] ERROR: DescribeResource() could not be invoked (check NC host, port, and credentials)
[Mon Mar 22 15:36:02 2010][001188][EUCAERROR ] bad return from ncDescribeResource(151.97.9.184) (31784/1)
[Mon Mar 22 15:36:02 2010][001188][EUCADEBUG ] refresh_resources(): done
[Mon Mar 22 15:36:02 2010][001188][EUCADEBUG ] DescribeResources(): done
[Mon Mar 22 15:36:02 2010][001188][EUCAERROR ] bad input params to vnetAttachTunnels()
[Mon Mar 22 15:36:02 2010][001188][EUCADEBUG ] failed to attach tunnels for vlan 10 during maintainNetworkState()
[Mon Mar 22 15:36:02 2010][001188][EUCAERROR ] network state maintainance failed
[Mon Mar 22 15:36:05 2010][001192][EUCAWARN ] in MANAGED-NOVLAN mode, priv interface 'eth0' must be a bridge, tunneling disabled
[Mon Mar 22 15:36:05 2010][001192][EUCADEBUG ] DescribeNetworks(): called
[Mon Mar 22 15:36:05 2010][001192][EUCADEBUG ] setting localIpId: 0
[Mon Mar 22 15:36:05 2010][001435][EUCAWARN ] in MANAGED-NOVLAN mode, priv interface 'eth0' must be a bridge, tunneling disabled
[Mon Mar 22 15:36:05 2010][001568][EUCAWARN ] in MANAGED-NOVLAN mode, priv interface 'eth0' must be a bridge, tunneling disabled
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] printing instance cache in describeInstances()
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] cache: i-48B00830 0.0.0.0 172.19.1.2
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] cache: i-3A0806BB 0.0.0.0 172.19.1.3
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] cache: i-31DB060B 0.0.0.0 172.19.1.3
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] cache: i-48D5087F 0.0.0.0 172.19.1.5
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] cache: i-353F0769 0.0.0.0 172.19.1.2
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] cache: i-4D920870 0.0.0.0 172.19.1.3
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] DescribeInstances(): called
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] timeout(10/10)
[Mon Mar 22 15:36:05 2010][001193][EUCAWARN ] in MANAGED-NOVLAN mode, priv interface 'eth0' must be a bridge, tunneling disabled
[Mon Mar 22 15:36:05 2010][001193][EUCADEBUG ] DescribeResources(): called 5
[Mon Mar 22 15:36:05 2010][001193][EUCADEBUG ] cache: i-48B00830 0.0.0.0 172.19.1.2
[Mon Mar 22 15:36:05 2010][001193][EUCADEBUG ] cache: i-3A0806BB 0.0.0.0 172.19.1.3
[Mon Mar 22 15:36:05 2010][001193][EUCADEBUG ] cache: i-31DB060B 0.0.0.0 172.19.1.3
[Mon Mar 22 15:36:05 2010][001193][EUCADEBUG ] cache: i-48D5087F 0.0.0.0 172.19.1.5
[Mon Mar 22 15:36:05 2010][001193][EUCADEBUG ] cache: i-353F0769 0.0.0.0 172.19.1.2
[Mon Mar 22 15:36:05 2010][001193][EUCADEBUG ] cache: i-4D920870 0.0.0.0 172.19.1.3
[Mon Mar 22 15:36:05 2010][001193][EUCADEBUG ] refresh_resources(): called
[Mon Mar 22 15:36:05 2010][001568][EUCAINFO ] DescribeInstances(): describing instance i-4D920870, Extant, 0
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] i-4D920870 in cache
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] refreshing instance 'i-4D920870'
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] returning instance state: i-4D920870/Extant
[Mon Mar 22 15:36:05 2010][001568][EUCAINFO ] DescribeInstances(): describing instance i-353F0769, Extant, 1
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] i-353F0769 in cache
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] refreshing instance 'i-353F0769'
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] returning instance state: i-353F0769/Extant
[Mon Mar 22 15:36:05 2010][001192][EUCADEBUG ] DescribeNetworks(): done
[Mon Mar 22 15:36:05 2010][001192][EUCAERROR ] bad input params to vnetAttachTunnels()
[Mon Mar 22 15:36:05 2010][001192][EUCADEBUG ] failed to attach tunnels for vlan 10 during maintainNetworkState()
[Mon Mar 22 15:36:05 2010][001192][EUCAERROR ] network state maintainance failed
[Mon Mar 22 15:36:05 2010][001568][EUCADEBUG ] timeout(10/10)

Tue, 03/23/2010 - 08:15
#2
graziano
Offline
Joined: 01/14/2010
Hello, looking at your

Hello,

looking at your configuration, you have set the PUBLICIPS to be the same as your NCs real IPs: you need to put there unuses public IPs that are available to your instances. Does your instances comes up? What does euca-describe-instances reports?

cheers
graziano

Tue, 03/23/2010 - 14:40
#3
l3golas
Offline
Joined: 03/04/2010
I explain better the

I explain better the situation. I work at university, my team can use the addresses between 151.97.9.179 and 151.97.9.185, so I decided to use the last one for CC and the first two for NCs, so if we add other nodes we can arrive till 184. The nodes connect well to Internet, the problem is for the VMs.
Tomorrow I will post the euca-descrive-instances output

Tue, 03/23/2010 - 17:06
#4
graziano
Offline
Joined: 01/14/2010
Hello, please read again our

Hello,

please read again our network configuration document: you need to have some public IP available for instances. And those IPs needs not to be already taken. If you don't have public IPs you can start instance with private addressing but you will be able to access them only from the CC.

cheers
graziano

Wed, 03/24/2010 - 05:21
#5
l3golas
Offline
Joined: 03/04/2010
It works, but I didn't change anything...

I didn't change anything, but now it works... The VMs can ping external addresses and use Internet. I will try again, I'm happy but I don't understand what happened...

Thu, 03/25/2010 - 14:02
#6
graziano
Offline
Joined: 01/14/2010
Hello, thanks for reporting

Hello,

thanks for reporting back! I'm glad is working now, but it's a weird behavior: usually either it works or it doesn't work, we don't see intermittent failures.

cheers
graziano

Navigation
User login
Active forum topics
more