[Openstack-operators] Multiple floating IPs mapped to multiple vNICs (multi-homing)

Paul Browne pfb29 at cam.ac.uk
Thu Dec 1 12:08:07 UTC 2016 

Hello Operators,

For reasons not yet amenable to persuasion otherwise, a customer of our 
ML2+OVS classic implemented OpenStack would like to map two floating IPs 
pulled from two separate external network floating IP pools, to two 
different vNICs on his instances.

The floating IP pools correspond to one pool routable from the external 
Internet and another, RFC1918 pool routable from internal University 
networks.

The tenant private networks are arranged as two RFC1918 VXLANs, each 
with a router to one of the two external networks.

10.0.0.0/24 -> route to -> 128.232.226.0/23

10.0.16.0/24 -> route to -> 172.24.46.0/23


Mapping two floating IPs to instances isn't possible in Horizon, but is 
possible from command-line. This doesn't immediately work, however, as 
the return traffic from the instance needs to be sent back through the 
correct router gateway interface and not the instance default gateway.

I'd initially thought this would be possible by placing a second routing 
table on the instances to handle the return traffic;

debian at test1:/etc/iproute2$ less rt_tables
#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep
1 rt2

debian at test1:/etc/network$ less interfaces
# The loopback network interface
auto lo
iface lo inet loopback

# The first vNIC, eth0
auto eth0
iface eth0 inet dhcp

# The second vNIC, eth1
auto eth1
iface eth1 inet static
         address 10.0.16.11
         netmask 255.255.255.0
         post-up ip route add 10.0.16.0/24 dev eth1 src 10.0.16.11 table rt2
         post-up ip route add default via 10.0.16.1 dev eth1 table rt2
         post-up ip rule add from 10.0.16.11/32 table rt2
         post-up ip rule add to 10.0.16.11/32 table rt2

And this works well for SSH and ICMP, but curiously not for HTTP traffic.


Requests to a web-server listening on all vNICs are sent but replies not 
received when the requests are sent to the second mapped floating IP 
(HTTP requests and replies work as expected when sent to the first 
mapped floating IP). The requests are logged in both cases however, so 
traffic is making it to the instance in both cases.

I'd say this is clearly an unusual (and possibly un-natural) 
arrangement, but I was wondering whether anyone else on Operators had 
come across a similar situation in trying to map floating IPs from two 
different external networks to an instance?

Kind regards,

Paul Browne

-- 
*******************
Paul Browne
Research Computing Platforms
University Information Services
Roger Needham Building
JJ Thompson Avenue
University of Cambridge
Cambridge
United Kingdom
E-Mail: pfb29 at cam.ac.uk
Tel: 0044-1223-46548
*******************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20161201/8ee653da/attachment.html>

More information about the OpenStack-operators mailing list