Open Stack

Howdy —

I have an Icehouse OpenStack cloud with nova-network with VLANManager in multi-host mode.

I have a need to make all instances in one particular project available to part of the core network without any sort of NAT translation in sort of a ‘hybrid infrastructure’ setup.  A ‘site-to-cloud’ VPN router seemed to be the best option to set this up, so I used OpenVPN to setup the site to site and setup the appropriate routing within the project instances and the core network.

Traffic traverses the tunnel, but it looks like because this traffic isn’t NAT’d there’s a nova-network iptables rule which assures that only local subnet traffic is accepted and the packet is dropped.  I assume this is by design to ensure the ‘walled garden’ without the use of network namespaces, but is there a workaround to this solution?  ‘cloudpipe’ seems like abandonware, and after reading the docs I’m not sure it would solve my problem.

Any insight/help appreciated!

./JRH