[Openstack-operators] [Neutron] public and private fixed IPs
Neil Jerram
Neil.Jerram at metaswitch.com
Sun Oct 25 12:39:32 UTC 2015
For assigning a routable public IP to a VM, James and Kevin have described using an external network, but I think there might be a second possibility. Namely, a shared, non-external network, with a subnet with the routable IP range that you want to assign from, and connected via a Neutron router to the outside world.
Would that also work? Would the L3 agent in that case avoid doing an unnecessary NAT?
Thanks,
Neil
PS. Adam - you might also like to check out my L3-only networking spec at https://review.openstack.org/#/c/238895/, as it describes IP addressing like what you describe, and might align more generally with what you have in mind.
From: Kevin Benton
Sent: Sunday, 25 October 2015 06:34
To: James Denton
Cc: OpenStack Operators
Subject: Re: [Openstack-operators] [Neutron] public and private fixed IPs
Yes, as long as the network is marked as both 'shared' and external, a tenant can attach VMs and router gateway interfaces directly to it.
On Oct 25, 2015 2:47 PM, "James Denton" <james.denton at rackspace.com<mailto:james.denton at rackspace.com>> wrote:
Hi Adam,
If you're asking whether or not a VM can be attached to an 'external' network so that the 'public' ip is the fixed IP of them VM, then yes. A Neutron router can also be attached to the same network so that instances in non-routable tenant networks can obtain floating IPs from the same 'public' network. At one time non-admin users were not allowed to attach VMs to 'external' networks but I believe that restriction was removed around Kilo or so.
James
Sent from my iPhone
> On Oct 25, 2015, at 2:15 PM, Adam Lawson <alawson at aqorn.com<mailto:alawson at aqorn.com>> wrote:
>
> Hi everyone!
>
> When using KVM, does Neutron support binding a public routable address
> to one VM in one tenant as a fixed IP that is accessible outside the
> cloud (no floating IP for remote access) and a VM in a separate tenant
> with private fixed IP's with optional floating IP? Would this be
> possible on a per tenant or per region basis?
>
> I'm working on a cloud approach that allows either scenario.
>
> Long story short, I'm trying to support two options in the same cloud
> (if possible) so a department/tenant can deploy instances with public
> IP's that are directly accessible by the rest of the enterprise (no
> NAT) and a second department/tenant that deploys all of their VM's
> within the context of a private/isolated tenant network with optional
> floating IP's.
>
> Thoughts on how this would be handled? Is it as simple as assigning a
> public subnet to a tenant as the fixed/tenant network?
>
> //adam
>
> --
>
> *Adam Lawson*
>
> AQORN, Inc.
> 427 North Tatnall Street
> Ste. 58461
> Wilmington, Delaware 19801-2230
> Toll-free: (844) 4-AQORN-NOW ext. 101
> International: +1 302-387-4660<tel:%2B1%20302-387-4660>
> Direct: +1 916-246-2072<tel:%2B1%20916-246-2072>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org<mailto:OpenStack-operators at lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators at lists.openstack.org<mailto:OpenStack-operators at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20151025/b95485a0/attachment.html>
More information about the OpenStack-operators
mailing list