[Openstack-operators] [neutron] Routing to tenant networks

Dan Sneddon dsneddon at redhat.com
Tue Jan 12 18:32:34 UTC 2016


On 01/12/2016 09:42 AM, Matt Kassawara wrote:
> Sure, you can use 'neutron router-gateway-set --disable-snat
> <publicnetwork>' to disable NAT... just add routes where necessary.
> 
> Seems like implementation of RFC 6598 would occur outside of neutron...
> maybe on the service provider network between clouds? Perhaps someone
> from a service provider can provide more information.
> 
> On Tue, Jan 12, 2016 at 9:46 AM, Mike Spreitzer <mspreitz at us.ibm.com
> <mailto:mspreitz at us.ibm.com>> wrote:
> 
>     Is there any condition under which a Neutron router will route
>     packets from a provider network to a tenant network with
>     destination address unmolested? E.g., non-RFC1918 addresses on the
>     tenant network?  Does Neutron know anything about RFC6598?
> 
>     Thanks,
>     Mike
> 
> 
> 
>     _______________________________________________
>     OpenStack-operators mailing list
>     OpenStack-operators at lists.openstack.org
>     <mailto:OpenStack-operators at lists.openstack.org>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> 
> 
> 
> 
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> 

I can confirm that OpenStack doesn't have Carrier Grade NAT (CGN), but
this RFC simply sets aside a set of addresses which can be used for CGN
(100.64.0.0/10), and lays out some required and best practices for
running a CGN network.

I don't see any reason why these addresses couldn't be used. In fact,
giving RFC 6598 a readthrough it appears that Neutron NAT would fulfill
the requirements of this RFC, as long as 100.64.0.0/10 were only used
for Tenant networks and not floating IP addresses.

That said, we already have 192.168.X.X, 172.X.X.X, and 10.X.X.X
addresses. If a customer were already using all of these throughout
their network, then I could see using 100.64.0.0/10 in order to have
unique addresses within the OpenStack deployment.

-- 
Dan Sneddon         |  Principal OpenStack Engineer
dsneddon at redhat.com |  redhat.com/openstack
650.254.4025        |  dsneddon:irc   @dxs:twitter



More information about the OpenStack-operators mailing list