Answer by dbaxps for I am pretty close. I can load Cirros instance on Compute, log in via VNC and run nslookup inside it. Everything is fine with IP's and routing. However , i cannot connect via ssh to both Cirros and Fedora 19 instances. Might it be gre tunnelling problem ? Details :- On Controller :- # neutron security-group-rule-create --protocol tcp \ --port-range-min 22 --port-range-max 22 \ --direction ingress --remote-ip-prefix 0.0.0.0/0 default Multiple security_group matches found for name 'default', use an ID to be more specific. # neutron security-group-list +--------------------------------------+---------+-------------+ | id | name | description | +--------------------------------------+---------+-------------+ | a085748d-92c0-40e0-a4c1-bc86935ec0ee | default | default | | b6203882-561d-4f7b-9e2e-441c57e83419 | default | default | | c70b80d3-f060-4002-af22-6603c745a6cf | default | default | +--------------------------------------+---------+-------------+ # neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --direction ingress --remote-ip-prefix 0.0.0.0/0 a085748d-92c0-40e0-a4c1-bc86935ec0ee 409-{u'NeutronError': {u'message': u'Security group rule already exists. Group id is 6d15d6cc-ed13-4c26-89ff-7ff10e6c4656.', u'type': u'SecurityGroupRuleExists', u'detail': u''}} # neutron security-group-rule-create --protocol tcp --port-range-min 22 --port-range-max 22 --direction ingress --remote-ip-prefix 0.0.0.0/0 b6203882-561d-4f7b-9e2e-441c57e83419 Created a new security_group_rule: +-------------------+--------------------------------------+ | Field | Value | +-------------------+--------------------------------------+ | direction | ingress | | ethertype | IPv4 | | id | 97232fb3-6ba1-46a3-a8e3-2f25ba0c70dc | | port_range_max | 22 | | port_range_min | 22 | | protocol | tcp | | remote_group_id | | | remote_ip_prefix | 0.0.0.0/0 | | security_group_id | b6203882-561d-4f7b-9e2e-441c57e83419 | | tenant_id | 751cda6ede504ccd9562edd233b32b34 | +-------------------+--------------------------------------+ # neutron floatingip-show \ 3d40ed62-ad78-4042-8342-9f76c419c8c1 +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | fixed_ip_address | 10.0.0.2 | | floating_ip_address | 192.169.142.105 | | floating_network_id | 8e2df372-544d-4921-ad58-e164e5128410 | | id | 3d40ed62-ad78-4042-8342-9f76c419c8c1 | | port_id | 41da6b37-dfd8-49a2-8dae-45d9a99ef7d7 | | router_id | ba157037-747e-4a44-84d5-13d7d30e88ac | | tenant_id | 751cda6ede504ccd9562edd233b32b34 | +---------------------+--------------------------------------+ I can ping from Controller 192.169.142.105 # ssh -l fedora -i oskey1.priv 192.169.142.105 Hangs I double checked iptables on compute node . It's OK

Workaround Well .. I can live with that due to blog of Sandro Mathys cat ./myfile.txt #cloud-config password: mysecret chpasswd: { expire: False } ssh_pwauth: True fedora's password will be "mysecret" via VNC connection [root@ip-192-169-142-57 ~(keystone_admin)]$ nova boot --flavor 2 --user-data=./myfile.txt \ --image fae71063-3ddb-4771-b464-7c8facae3e95 VF19QW +--------------------------------------+--------------------------------------+ | Property | Value | +--------------------------------------+--------------------------------------+ | OS-EXT-STS:task_state | scheduling | | image | Fedora 19 x86_64 | | OS-EXT-STS:vm_state | building | | OS-EXT-SRV-ATTR:instance_name | instance-00000016 | | OS-SRV-USG:launched_at | None | | flavor | m1.small | | id | 58da990b-a5c2-48fc-a1e9-09e4f5fa8529 | | security_groups | [{u'name': u'default'}] | | user_id | ae5d131493904e89b6175940af592b34 | | OS-DCF:diskConfig | MANUAL | | accessIPv4 | | | accessIPv6 | | | progress | 0 | | OS-EXT-STS:power_state | 0 | | OS-EXT-AZ:availability_zone | nova | | config_drive | | | status | BUILD | | updated | 2014-01-22T16:00:04Z | | hostId | | | OS-EXT-SRV-ATTR:host | None | | OS-SRV-USG:terminated_at | None | | key_name | None | | OS-EXT-SRV-ATTR:hypervisor_hostname | None | | name | VF19QW | | adminPass | bmi3iX4AHCM2 | | tenant_id | 751cda6ede504ccd9562edd233b32b34 | | created | 2014-01-22T16:00:04Z | | os-extended-volumes:volumes_attached | [] | | metadata | {} | +--------------------------------------+--------------------------------------+ [root@ip-192-169-142-57 ~(keystone_admin)]$ nova list +--------------------------------------+-----------+-----------+------------+-------------+---------------------------------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+-----------+-----------+------------+-------------+---------------------------------+ | 1155abf9-365b-4d2b-8655-f27bb5989f84 | Cirros311 | SUSPENDED | None | Shutdown | int01=10.0.0.2, 192.169.142.107 | | abe6528c-fe1a-47d6-96b5-deb61164c833 | Cirros315 | ACTIVE | None | Running | int01=10.0.0.5, 192.169.142.106 | | 58da990b-a5c2-48fc-a1e9-09e4f5fa8529 | VF19QW | ACTIVE | None | Running | int01=10.0.0.4 | +--------------------------------------+-----------+-----------+------------+-------------+--------------------------------- + [root@ip-192-169-142-57 ~(keystone_admin)]$ neutron port-list --device-id 58da990b-a5c2-48fc-a1e9-09e4f5fa8529 +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+ | id | name | mac_address | fixed_ips | +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+ | 6554364f-64f2-4fa1-8343-61ffbf2715d3 | | fa:16:3e:40:0e:3a | {"subnet_id": "0342ee64-e844-48ce-88cb-cd721ef8664a", "ip_address": "10.0.0.4"} | +--------------------------------------+------+-------------------+---------------------------------------------------------------------------------+ [root@ip-192-169-142-57 ~(keystone_admin)]$ neutron floatingip-create ext Created a new floatingip:  [root@ip-192-169-142-57 ~(keystone_admin)]$ neutron floatingip-associate 8f9fdc2b-00b6-42e3-9e72-4bac099d3ce2 6554364f-64f2-4fa1-8343-61ffbf2715d3 Associated floatingip 8f9fdc2b-00b6-42e3-9e72-4bac099d3ce2 [root@ip-192-169-142-57 ~(keystone_admin)]$ ping 192.169.142.108 PING 192.169.142.108 (192.169.142.108) 56(84) bytes of data. 64 bytes from 192.169.142.108: icmp_seq=1 ttl=63 time=19.5 ms Solution to make ssh working from Controller to instance running on Compute (192.168.1.108) :- On cloud instance issue as root :- $ ifconfig eth0 mtu 1400 up Then from Controller (192.168.1.127) [root@dfw02 ~(keystone_admin)]$ ssh fedora@192.168.1.108 fedora@192.168.1.108's password: Last login: Tue Jan 30 10:53:22 2014 from 192.168.1.127 [fedora@vf19vlgl ~]$ ifconfig eth0: flags=4163 mtu 1400 inet 10.0.0.6 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::f816:3eff:fe4b:9790 prefixlen 64 scopeid 0x20 ether fa:16:3e:4b:97:90 txqueuelen 1000 (Ethernet) RX packets 15986 bytes 19358438 (18.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4907 bytes 490901 (479.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 0 (Local Loopback) RX packets 14 bytes 1400 (1.3 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 14 bytes 1400 (1.3 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4099 mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255 ether 0e:4f:43:b0:f9:c3 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0