Open Stack

On 8 April 2014 10:35, Zane Bitter <zbitter at redhat.com> wrote:

> To attach a port to a network and give it an IP from a specific subnet
>
>> on that network, you would use the *--fixed-ip subnet_id *option.
>>
>> Otherwise, the create port request will use the first subnet it finds
>> attached to that network to allocate the port an IP address. This is why
>> you are encountering the port-> subnet-> network chain. Subnets provide
>> the addresses. Networks are the actual layer 2 boundaries.�
>>
>
> It sounds like maybe Subnets need to be created independently of Networks
> and then passed as a list to the Network when it is created. In Heat
> there's no way to even predict which Subnet will be "first" unless the user
> adds explicit "depends_on" annotations (and even then, a Subnet could have
> been created outside of the template already).
>

A longstanding issue I've had with networks (now fixed, I believe, but
don't hold me to that) is that they don't work without subnets, but they
should - because ports don't work without an address, and yet, again, they
should - because our antispoofing is completely tied up with addresses and
has historically been hard-to-impossible to disable.  In fact, ports have
long been intended to have *one* ipv4 address - no more, which is annoying
for many sorts of IP based failover, and no fewer, which is annoying when
you're not using IP addresses in an obvious fashion (such as Openstack
deployments, if you've ever tried to use Openstack as your testbed for
testing Openstack itself).

Also, subnets seem to be branching out.

In ipv4, subnets are clearly 'here's another chunk of address space for
this network'.  You do need a router attached to be able to *reach* that
additional address space, and that's rather silly - but I've always seen
them as an artifact of ipv4 scarcity.

In ipv6, I believe we're using them, or going to use them, to allow
multiple global addresses on a port.  That's a pretty normal thing in ipv6,
which pretty much starts with the assumption that you have two addresses
per port and works upward from there.

-- 
Ian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140409/1c3c95ec/attachment.html>