<html><body>
<p><font size="2" face="sans-serif">Would this work? We used to have warnings in Neutron docs indicating that instances should not be attached to external networks:</font><br>
<font size="2" face="sans-serif">"</font><font size="3" face="Verdana">It is important to understand that you should not attach the instance to Ext-Net directly. Instead, you must use a floating IP to make it accessible from the external network.</font><font size="2" face="sans-serif">"</font><br>
<br>
<font size="2" face="sans-serif">In this particular case and with the OVS plugin, the traffic on the external network which now hosts tenant VMs (on OpenStack compute nodes) should get routed from the br-int to the external bridge br-ex using for example the appropriate vlan id (what if external network does not use vlan?) and then to the external network without doing the NATing. Would this traffic go through the veth pair connecting the br-int and br-ex?</font><br>
<br>
<font size="2" face="sans-serif">Mohammad</font><br>
<br>
<img width="16" height="16" src="cid:1__=0ABBF7ADDFC5E9468f9e8a93df938@us.ibm.com" border="0" alt="Inactive hide details for Kevin Benton ---08/23/2014 01:37:28 AM---Yes, you should be able to create a shared/external network "><font size="2" color="#424282" face="sans-serif">Kevin Benton ---08/23/2014 01:37:28 AM---Yes, you should be able to create a shared/external network within Neutron to accomplish this.</font><br>
<br>
<font size="1" color="#5F5F5F" face="sans-serif">From: </font><font size="1" face="sans-serif">Kevin Benton <blak111@gmail.com></font><br>
<font size="1" color="#5F5F5F" face="sans-serif">To: </font><font size="1" face="sans-serif">"OpenStack Development Mailing List (not for usage questions)" <openstack-dev@lists.openstack.org></font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Date: </font><font size="1" face="sans-serif">08/23/2014 01:37 AM</font><br>
<font size="1" color="#5F5F5F" face="sans-serif">Subject: </font><font size="1" face="sans-serif">Re: [openstack-dev] [Neutron] Use public IP address as instance fixed IP</font><br>
<hr width="100%" size="2" align="left" noshade style="color:#8091A5; "><br>
<br>
<br>
<font size="3" face="serif">Yes, you should be able to create a shared/external network within Neutron to accomplish this.</font><br>
<font size="3" face="serif"><br>
</font><br>
<font size="3" face="serif">On Fri, Aug 22, 2014 at 7:25 AM, Bao Wang <</font><a href="mailto:bywang98@gmail.com" target="_blank"><font size="3" color="#0000FF" face="serif"><u>bywang98@gmail.com</u></font></a><font size="3" face="serif">> wrote:</font>
<ul style="padding-left: 9pt"><font size="3" face="serif">Thank you for your response. Could this be done naturally with Openstack neutron or have to be done manually outside neutron ? As we are expecting to orchestrate hundreds of NFV with all similar network configuration, programmability is another key element.</font><br>
<font size="3" face="serif"><br>
</font><br>
<font size="3" face="serif">On Thu, Aug 21, 2014 at 3:52 PM, Kevin Benton <</font><a href="mailto:blak111@gmail.com" target="_blank"><font size="3" color="#0000FF" face="serif"><u>blak111@gmail.com</u></font></a><font size="3" face="serif">> wrote:</font>
<ul style="padding-left: 9pt"><font size="3" face="serif">Have you tried making the external network shared as well? Instances that need a private IP with NAT attach to an internal network and go through the router like normal. Instances that need a public IP without NAT would just attach directly to the external network.</font><br>
<font size="3" face="serif"><br>
</font><br>
<font size="3" face="serif">On Thu, Aug 21, 2014 at 7:06 AM, Bao Wang <</font><a href="mailto:bywang98@gmail.com" target="_blank"><font size="3" color="#0000FF" face="serif"><u>bywang98@gmail.com</u></font></a><font size="3" face="serif">> wrote:</font>
<ul style="padding-left: 9pt"><font size="3" face="serif">I have a very complex Openstack deployment for NFV. It could not be deployed as Flat. It will have a lot of isolated private networks. Some interfaces of a group VM instances will need bridged network with their fixed IP addresses to communicate with outside world while other interfaces from the same set of VM should keep isolated with real private/fixed IP addresses. What happen if we use public IP addresses directly as fixed IP on those interfaces ? Will this work with Openstack neutron networking ? Will Openstack do NAT automatically on those ? </font>
<p><font size="3" face="serif">Overall, the requirement is to use the fixed/public IP to communicate with outside directly on some interfaces of some VM instances while keeping others as private. The floating IP is not an option here</font><br>
<br>
<font size="3" face="serif">_______________________________________________<br>
OpenStack-dev mailing list</font><font size="3" color="#0000FF" face="serif"><u><br>
</u></font><a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank"><font size="3" color="#0000FF" face="serif"><u>OpenStack-dev@lists.openstack.org</u></font></a><font size="3" color="#0000FF" face="serif"><u><br>
</u></font><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank"><font size="3" color="#0000FF" face="serif"><u>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</u></font></a><font size="3" face="serif"><br>
</font></ul>
<font size="3" color="#888888" face="serif"><br>
</font><br>
<br>
<font size="3" color="#888888" face="serif">-- </font><br>
<font size="3" color="#888888" face="serif">Kevin Benton</font><br>
<font size="3" face="serif"><br>
_______________________________________________<br>
OpenStack-dev mailing list</font><font size="3" color="#0000FF" face="serif"><u><br>
</u></font><a href="mailto:OpenStack-dev@lists.openstack.org" target="_blank"><font size="3" color="#0000FF" face="serif"><u>OpenStack-dev@lists.openstack.org</u></font></a><font size="3" color="#0000FF" face="serif"><u><br>
</u></font><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank"><font size="3" color="#0000FF" face="serif"><u>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</u></font></a><font size="3" face="serif"><br>
</font></ul>
<br>
<font size="3" face="serif"><br>
_______________________________________________<br>
OpenStack-dev mailing list</font><font size="3" color="#0000FF" face="serif"><u><br>
</u></font><a href="mailto:OpenStack-dev@lists.openstack.org"><font size="3" color="#0000FF" face="serif"><u>OpenStack-dev@lists.openstack.org</u></font></a><font size="3" color="#0000FF" face="serif"><u><br>
</u></font><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank"><font size="3" color="#0000FF" face="serif"><u>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</u></font></a><font size="3" face="serif"><br>
</font></ul>
<font size="3" face="serif"><br>
</font><br>
<br>
<font size="3" face="serif">-- </font><br>
<font size="3" face="serif">Kevin Benton</font><tt><font size="2">_______________________________________________<br>
OpenStack-dev mailing list<br>
OpenStack-dev@lists.openstack.org<br>
</font></tt><tt><font size="2"><a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a></font></tt><tt><font size="2"><br>
</font></tt><br>
</body></html>