[openstack-dev] [Neutron] DVR SNAT shortcut

Yongsheng Gong gongysh at unitedstack.com
Wed Jun 25 09:42:31 UTC 2014


Hi,
for each compute node to have SNAT to Internet, I think we have the
drawbacks:
1. SNAT is done in router, so each router will have to consume one public
IP on each compute node, which is money.
2. for each compute node to go out to Internet, the compute node will have
one more NIC, which connect to physical switch, which is money too

So personally, I like the design:
 floating IPs and 1:N SNAT still use current network nodes, which will have
HA solution enabled and we can have many l3 agents to host routers. but
normal east/west traffic across compute nodes can use DVR.

yong sheng gong


On Wed, Jun 25, 2014 at 4:30 PM, Zang MingJie <zealot0630 at gmail.com> wrote:

> Hi:
>
> In current DVR design, SNAT is north/south direction, but packets have
> to go west/east through the network node. If every compute node is
> assigned a public ip, is it technically able to improve SNAT packets
> w/o going through the network node ?
>
> SNAT versus floating ips, can save tons of public ips, in trade of
> introducing a single failure point, and limiting the bandwidth of the
> network node. If the SNAT performance problem can be solved, I'll
> encourage people to use SNAT over floating ips. unless the VM is
> serving a public service
>
> --
> Zang MingJie
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140625/9a5a02e0/attachment.html>


More information about the OpenStack-dev mailing list