[Openstack-operators] [Neutron] public and private fixed IPs

Matt Kassawara mkassawara at gmail.com
Sun Oct 25 23:45:20 UTC 2015


Take a look at the installation guide for Liberty at docs.openstack.org...
the architecture supports attaching VMs to public/external and
private/project networks.

On Sun, Oct 25, 2015 at 6:39 AM, Neil Jerram <Neil.Jerram at metaswitch.com>
wrote:

> For assigning a routable public IP to a VM, James and Kevin have described
> using an external network, but I think there might be a second possibility.
> Namely, a shared, non-external network, with a subnet with the routable IP
> range that you want to assign from, and connected via a Neutron router to
> the outside world.
>
> Would that also work? Would the L3 agent in that case avoid doing an
> unnecessary NAT?
>
> Thanks,
>       Neil
>
> PS. Adam - you might also like to check out my L3-only networking spec at
> https://review.openstack.org/#/c/238895/, as it describes IP addressing
> like what you describe, and might align more generally with what you have
> in mind.
>
>
>> *From: *Kevin Benton
> *Sent: *Sunday, 25 October 2015 06:34
> *To: *James Denton
> *Cc: *OpenStack Operators
> *Subject: *Re: [Openstack-operators] [Neutron] public and private fixed
> IPs
>
> Yes, as long as the network is marked as both 'shared' and external, a
> tenant can attach VMs and router gateway interfaces directly to it.
> On Oct 25, 2015 2:47 PM, "James Denton" <james.denton at rackspace.com>
> wrote:
>
>> Hi Adam,
>>
>> If you're asking whether or not a VM can be attached to an 'external'
>> network so that the 'public' ip is the fixed IP of them VM, then yes. A
>> Neutron router can also be attached to the same network so that instances
>> in non-routable tenant networks can obtain floating IPs from the same
>> 'public' network. At one time non-admin users were not allowed to attach
>> VMs to 'external' networks but I believe that restriction was removed
>> around Kilo or so.
>>
>> James
>>
>> Sent from my iPhone
>>
>> > On Oct 25, 2015, at 2:15 PM, Adam Lawson <alawson at aqorn.com> wrote:
>> >
>> > Hi everyone!
>> >
>> > When using KVM, does Neutron support binding a public routable address
>> > to one VM in one tenant as a fixed IP that is accessible outside the
>> > cloud (no floating IP for remote access) and a VM in a separate tenant
>> > with private fixed IP's with optional floating IP? Would this be
>> > possible on a per tenant or per region basis?
>> >
>> > I'm working on a cloud approach that allows either scenario.
>> >
>> > Long story short, I'm trying to support two options in the same cloud
>> > (if possible) so a department/tenant can deploy instances with public
>> > IP's that are directly accessible by the rest of the enterprise (no
>> > NAT) and a second department/tenant that deploys all of their VM's
>> > within the context of a private/isolated tenant network with optional
>> > floating IP's.
>> >
>> > Thoughts on how this would be handled? Is it as simple as assigning a
>> > public subnet to a tenant as the fixed/tenant network?
>> >
>> > //adam
>> >
>> > --
>> >
>> > *Adam Lawson*
>> >
>> > AQORN, Inc.
>> > 427 North Tatnall Street
>> > Ste. 58461
>> > Wilmington, Delaware 19801-2230
>> > Toll-free: (844) 4-AQORN-NOW ext. 101
>> > International: +1 302-387-4660
>> > Direct: +1 916-246-2072
>> >
>> > _______________________________________________
>> > OpenStack-operators mailing list
>> > OpenStack-operators at lists.openstack.org
>> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20151025/3e9103a0/attachment.html>


More information about the OpenStack-operators mailing list