openstack中ping不通vm

ping不通vm的问题解决

ping不通vm,首先应考虑安全组规则的问题,查看安全组中是否有ICMP规则。

Even pinging the instance is not possible without an ICMP rule configured.


1 查看安全组及其规则

[root@-ctl ~]# nova secgroup-list
+--------------------------------------+---------+------------------------+
| Id                                   | Name    | Description            |
+--------------------------------------+---------+------------------------+
| 262b13a5-5c70-448f-9bfe-6f0c397feaff | default | Default security group |
+--------------------------------------+---------+------------------------+
[root@-ctl ~]# . zzz/openrc_user1
[root@-ctl ~]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 9903      | 9903    | 0.0.0.0/0 |              |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| tcp         | 5813      | 5813    | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
+-------------+-----------+---------+-----------+--------------+
可看出规则中没有ICMP规则

2 添加ICMP规则

[root@-ctl ~]# nova help secgroup-add-rule
usage: nova secgroup-add-rule <secgroup> <ip-proto> <from-port> <to-port>
                              <cidr>

Add a rule to a security group.

Positional arguments:
  <secgroup>   ID or name of security group.
  <ip-proto>   IP protocol (icmp, tcp, udp).
  <from-port>  Port at start of range.
  <to-port>    Port at end of range.
  <cidr>       CIDR for address range.
[root@-ctl ~]#  nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+
[root@-ctl ~]# nova secgroup-list-rules default
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range  | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp         | 9903      | 9903    | 0.0.0.0/0 |              |
| tcp         | 22        | 22      | 0.0.0.0/0 |              |
| tcp         | 5813      | 5813    | 0.0.0.0/0 |              |
|             |           |         |           | default      |
|             |           |         |           | default      |
| icmp        | -1        | -1      | 0.0.0.0/0 |              |
+-------------+-----------+---------+-----------+--------------+
ICMP规则已经添加进default安全组

3 ping虚拟机

[root@-ctl ~]# ping 172.21.0.65
PING 172.21.0.65 (172.21.0.65) 56(84) bytes of data.
64 bytes from 172.21.0.65: icmp_seq=1 ttl=63 time=18.9 ms
64 bytes from 172.21.0.65: icmp_seq=2 ttl=63 time=1.26 ms
^C
--- 172.21.0.65 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 1.261/10.080/18.900/8.820 ms


评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值