<div dir="ltr">Nova currently is preventing one from attaching multiple nics on the same L2. That said I don't think we've clearly determined a use case for having multiple nics on the same L2. One reason why we don't allow this is doing so would allow a tenant to easily loop the network and cause a bcast storm and neutron doesn't have any mechanism today to break these loops today. One could just enable STP on ovs to do so though I think we should come up with a good use case before allowing this type of thing. </div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 16, 2014 at 11:53 PM, Kevin Benton <span dir="ltr"><<a href="mailto:blak111@gmail.com" target="_blank">blak111@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">This seems painful for a tenant workflow to get multiple addresses. I would like to improve this during the Juno cycle. What is the limitation that is blocking the multi-nic use cases? Is it Nova? </div><div class="HOEnZb">
<div class="h5"><div class="gmail_extra">
<br><br><div class="gmail_quote">On Wed, Apr 16, 2014 at 11:27 PM, Aaron Rosen <span dir="ltr"><<a href="mailto:aaronorosen@gmail.com" target="_blank">aaronorosen@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi Kevin, <div><br></div><div>You'd would just create ports that aren't attached to instances and steal their ip_addresses from those ports and put those in the allowed-address-pairs on a port OR you could change the allocation range on the subnet to ensure these ips were never handed out. That's probably the right approach. </div>
<span><font color="#888888">
<div><br>Aaron </div></font></span></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 16, 2014 at 10:03 PM, Kevin Benton <span dir="ltr"><<a href="mailto:blak111@gmail.com" target="_blank">blak111@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Yeah, I was aware of allowed address pairs, but that doesn't help with the IP allocation part. <div>
<br></div><div>Is this the tenant workflow for this use case?</div><div><br><div>1. Create an instance.</div>
<div>2. Wait to see what which subnet it gets an allocation from.</div><div>3. Pick an IP from that subnet that doesn't currently appear to be in use.</div><div>4. Use the neutron-cli or API to update the port object with the extra IP.</div>
<div>5. Hope that Neutron will never allocate that IP address for something else.</div></div></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 16, 2014 at 9:46 PM, Aaron Rosen <span dir="ltr"><<a href="mailto:aaronorosen@gmail.com" target="_blank">aaronorosen@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Whoops Akihiro beat me to it :) </div><div><div><div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Wed, Apr 16, 2014 at 9:46 PM, Aaron Rosen <span dir="ltr"><<a href="mailto:aaronorosen@gmail.com" target="_blank">aaronorosen@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">The allowed-address-pair extension that was added here (<a href="https://review.openstack.org/#/c/38230/" target="_blank">https://review.openstack.org/#/c/38230/</a>) allows us to add arbitrary ips to an interface to allow them. This is useful if you want to run something like VRRP between two instances.
</div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 16, 2014 at 9:39 PM, Kevin Benton <span dir="ltr"><<a href="mailto:blak111@gmail.com" target="_blank">blak111@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I was under the impression that the security group rules blocked addresses not assigned by neutron[1].<div>
<br></div><div>1.<a href="https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_firewall.py#L188" target="_blank">https://github.com/openstack/neutron/blob/master/neutron/agent/linux/iptables_firewall.py#L188</a></div>
<div><div>
<div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 16, 2014 at 9:20 PM, Aaron Rosen <span dir="ltr"><<a href="mailto:aaronorosen@gmail.com" target="_blank">aaronorosen@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">You can do it with ip aliasing and use one interface: <div><br></div><div>ifconfig eth0 <a href="http://10.0.0.22/24" target="_blank">10.0.0.22/24</a></div>
<div><div>ifconfig eth0:1 <a href="http://10.0.0.23/24" target="_blank">10.0.0.23/24</a></div>
</div><div><div>ifconfig eth0:2 <a href="http://10.0.0.24/24" target="_blank">10.0.0.24/24</a></div></div><div><br></div><div><div>2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000</div>
<div> link/ether 40:6c:8f:1a:a9:31 brd ff:ff:ff:ff:ff:ff</div>
<div> inet <a href="http://10.0.0.22/24" target="_blank">10.0.0.22/24</a> brd 10.0.0.255 scope global eth0</div><div> valid_lft forever preferred_lft forever</div><div> inet <a href="http://10.0.0.23/24" target="_blank">10.0.0.23/24</a> brd 10.0.0.255 scope global secondary eth0:1</div>
<div> valid_lft forever preferred_lft forever</div><div> inet <a href="http://10.0.0.24/24" target="_blank">10.0.0.24/24</a> brd 10.0.0.255 scope global secondary eth0:2</div><div> valid_lft forever preferred_lft forever</div>
</div><div><br></div></div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 16, 2014 at 8:53 PM, Kevin Benton <span dir="ltr"><<a href="mailto:blak111@gmail.com" target="_blank">blak111@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Web server running multiple SSL sites that wants to be compatible with clients that don't support the SNI extension. There is no way for a server to get multiple IP addresses on the same interface is there?</div>
<div class="gmail_extra"><div><div><br><br><div class="gmail_quote">On Wed, Apr 16, 2014 at 5:50 PM, Aaron Rosen <span dir="ltr"><<a href="mailto:aaronorosen@gmail.com" target="_blank">aaronorosen@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">This is true. Several people have asked this same question over the years though I've yet to hear a use case why one really need to do this. Do you have one? </div>
<div><div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Wed, Apr 16, 2014 at 3:12 PM, Ronak Shah <span dir="ltr"><<a href="mailto:ronak@nuagenetworks.net" target="_blank">ronak@nuagenetworks.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div>Hi Vikash,</div>Currently this is not supported. the NIC not only needs to be in different subnet, they have to be in different network as well (container for the subnet)<br><div class="gmail_extra"><br>
</div><div class="gmail_extra">Thanks</div><div class="gmail_extra">Ronak<br><br><div class="gmail_quote"><div><div>On Wed, Apr 16, 2014 at 3:51 AM, Vikash Kumar <span dir="ltr"><<a href="mailto:vikash.kumar@oneconvergence.com" target="_blank">vikash.kumar@oneconvergence.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><span style="color:rgb(61,133,198)"><b>With 'interfaces' I mean 'nics' of VM</b>.</span><br>
</div><div><div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Apr 16, 2014 at 4:18 PM, Vikash Kumar <span dir="ltr"><<a href="mailto:vikash.kumar@oneconvergence.com" target="_blank">vikash.kumar@oneconvergence.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Hi, <br><br></div> I want to launch one VM which will have two Ethernet interfaces with IP of single subnet. Is this supported now in openstack ? Any suggestion ?<br>
<br><br></div>Thanx<br></div>
</blockquote></div><br></div>
</div></div><br></div></div>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div></div>
<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div></div></div><span><font color="#888888">-- <br><div>Kevin Benton</div>
</font></span></div>
<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Kevin Benton</div>
</div></div></div></div>
<br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Kevin Benton</div>
</div>
</div></div><br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Kevin Benton</div>
</div>
</div></div><br>_______________________________________________<br>
OpenStack-dev mailing list<br>
<a href="mailto:OpenStack-dev@lists.openstack.org">OpenStack-dev@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div>