search

oomichi / try-kubernetes

12 stars 5 forks source link

Test Floating IP on self-managed network #78

Closed oomichi closed 2 years ago

oomichi commented 5 years ago

https://github.com/oomichi/try-kubernetes/issues/77 で作成できるようになった self-managed network 上のPort に対して Floating IP をつけて ssh ログインできるようになることを確認する。

oomichi commented 5 years ago

Pingが通らない状態

$ nova list
+--------------------------------------+-------+--------+------------+-------------+----------------------------+
| ID                                   | Name  | Status | Task State | Power State | Networks                   |
+--------------------------------------+-------+--------+------------+-------------+----------------------------+
| 50c3b52d-9078-42de-8ce5-dee3498d1789 | test1 | ACTIVE | -          | Running     | lb-mgmt-net=192.168.10.104 |
| 7738f6a0-84ad-42a6-a460-19ba8e296334 | test2 | ACTIVE | -          | Running     | lb-mgmt-net=192.168.10.102 |
| e06cf0cb-050d-42b5-abc0-9c7a7a9c357a | test3 | ACTIVE | -          | Running     | lb-mgmt-net=192.168.10.107 |
+--------------------------------------+-------+--------+------------+-------------+----------------------------+
$ ping 192.168.10.104
PING 192.168.10.104 (192.168.10.104) 56(84) bytes of data.
^C
--- 192.168.10.104 ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 10080ms

self-managed network から外部へ繋がるための Router を作成、接続

$ openstack router create lb-mgmt-router
$ openstack router add subnet lb-mgmt-router lb-mgmt-subnet
$ openstack router set lb-mgmt-router --external-gateway provider

floating ipを外部接続network上に作成

$ openstack floating ip create provider
$ openstack floating ip list
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| ID                                   | Floating IP Address | Fixed IP Address | Port | Floating Network                     | Project                          |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+
| fa08db4e-5202-4d26-bf29-80b4633ed4e9 | 192.168.1.108       | None             | None | bfd9fd43-c9b4-43ad-bb67-930c674f2605 | 682e74f275fe427abd9eb6759f3b68c5 |
+--------------------------------------+---------------------+------------------+------+--------------------------------------+----------------------------------+

floating ip付与先のVMのPort IDを特定

$ nova list
+--------------------------------------+-------+--------+------------+-------------+----------------------------+
| ID                                   | Name  | Status | Task State | Power State | Networks                   |
+--------------------------------------+-------+--------+------------+-------------+----------------------------+
| 50c3b52d-9078-42de-8ce5-dee3498d1789 | test1 | ACTIVE | -          | Running     | lb-mgmt-net=192.168.10.104 |
...
$ openstack port list | grep 192.168.10.104
| 99ca0301-90fb-452f-ac03-077b9b85eabb |      | fa:16:3e:e2:de:e0 | ip_address='192.168.10.104', subnet_id='9b9f57fc-d967-4376-afd2-c581798ec1ab' | ACTIVE |
$

特定した Port ID を指定して Floating IPを付与 nova list で Floating IPの付与を確認

$ openstack floating ip set --port 99ca0301-90fb-452f-ac03-077b9b85eabb 192.168.1.108
$ nova list
+--------------------------------------+-------+--------+------------+-------------+-------------------------------------------+
| ID                                   | Name  | Status | Task State | Power State | Networks                                  |
+--------------------------------------+-------+--------+------------+-------------+-------------------------------------------+
| 50c3b52d-9078-42de-8ce5-dee3498d1789 | test1 | ACTIVE | -          | Running     | lb-mgmt-net=192.168.10.104, 192.168.1.108 |
...
oomichi commented 5 years ago

しかし、引き続き Ping は通らない。

$ ping 192.168.1.108
PING 192.168.1.108 (192.168.1.108) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2 Destination Host Unreachable
From 192.168.1.1 icmp_seq=3 Destination Host Unreachable

tcpdump で何処まで通っているのかを確認する。

test1 は iaas-cpu03 に存在する。

$ nova show test1
+--------------------------------------+------------------------------------------------------------+
| Property                             | Value                                                      |
+--------------------------------------+------------------------------------------------------------+
| OS-DCF:diskConfig                    | MANUAL                                                     |
| OS-EXT-AZ:availability_zone          | nova                                                       |
| OS-EXT-SRV-ATTR:host                 | iaas-cpu03                                                 |
...

iaas-cpu03 上の vxlan-24 を tcpdump。 iaas-ctrl から Ping 実行時、パケットが届いていることを確認

$ sudo tcpdump -i vxlan-24
...
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vxlan-24, link-type EN10MB (Ethernet), capture size 262144 bytes

14:29:43.513842 IP 192.168.10.104.39544 > 192.168.10.100.domain: 48522+ A? ntp.ubuntu.com. (32)
14:29:43.513981 IP 192.168.10.104.39544 > 192.168.10.100.domain: 31020+ AAAA? ntp.ubuntu.com. (32)
14:29:43.514830 IP 192.168.10.100.domain > 192.168.10.104.39544: 48522 Refused 0/0/0 (32)
14:29:43.514902 IP 192.168.10.100.domain > 192.168.10.104.39544: 31020 Refused 0/0/0 (32)
14:29:43.515404 IP 192.168.10.104.39544 > 192.168.10.100.domain: 48522+ A? ntp.ubuntu.com. (32)