<html><head><title></title></head><body><!-- rte-version 0.2 9947551637294008b77bce25eb683dac --><div class="rte-style-maintainer" style="white-space: pre-wrap; font-size: small; font-family: 'Courier New', Courier; color: rgb(0, 0, 0);"data-color="global-default" bbg-color="default" data-bb-font-size="medium" bbg-font-size="medium" bbg-font-family="fixed-width">Thanks Neil, very helpful.<br><div class="rte-style-maintainer" style="font-size: small; font-family: 'Courier New', Courier; color: rgb(0, 0, 0);"data-color="global-default" bbg-color="default" data-bb-font-size="medium" bbg-font-size="medium" bbg-font-family="fixed-width"><br><div class="bbg-rte-fold-content" data-header="From: Neil.Jerram@metaswitch.com" data-digest="From: Neil.Jerram@metaswitch.com" style=""><div class="bbg-rte-fold-summary">From: Neil.Jerram@metaswitch.com </div><div>Subject: Re: [Openstack-operators] Anyone using Project Calico for tenant networking?<br></div></div><blockquote>Hi Ned,<br><br>Sorry for the delay in following up here.<br><br>On 06/02/16 14:40, Ned Rhudy (BLOOMBERG/ 731 LEX) wrote:<br>> Thanks. Having read the documentation, I have one question about the<br>> network design. Basically, our use case specifies that instances be able<br>> to have a stable IP across terminations; effectively what we'd like to<br>> do is have a setup where both the fixed and floating IPs are routable<br>> outside the cluster. Any given instance should get a routable IP when it<br>> launches, but additionally be able to take a floating IP that would act<br>> as a stable endpoint for other things to reference.<br>><br>> The Calico docs specify that you can create public/private IPv4 networks<br>> in Neutron, both with DHCP enabled. Is it possible to accomplish what<br>> I'm talking about by creating what are two public IPv4 subnets, one with<br>> DHCP enabled and one with DHCP disabled that would be used as the float<br>> pool? Or is this not possible?<br><br>For the fixed IPs, yes. For the float pool, no, I'm afraid we don't <br>have that in Calico yet, and I'm not sure if it will take precisely that <br>form when we do have floating IP support.<br><br>There is work in progress on Calico support for floating IPs, and the <br>code for this can be seen at <a spellcheck="false"bbg-destination="rte:bind" href="https://review.openstack.org/#/c/253634/" data-destination="rte:bind">https://review.openstack.org/#/c/253634/</a> <br>and <a spellcheck="false"bbg-destination="rte:bind" href="https://github.com/projectcalico/calico/pull/848"data-destination="rte:bind">https://github.com/projectcalico/calico/pull/848</a>. I can't yet say <br>when this will land, though.<br><br>In terms of how floating IPs are represented in the Neutron data model: <br>currently they require a relationship between an external Network, a <br>Router and a tenant Network. The floating IP pool is defined as a <br>subnet on the external Network; each allocated floating IP maps onto one <br>of the fixed IPs of the tenant network; and the agent that implements <br>the Router does the inbound DNAT between those two.<br><br>As you've written, floating IPs are interesting for external or provider <br>networks too, so we'd be interested in an enhancement to the Neutron <br>model to allow that, and I believe there are other interested parties <br>too. But that will take time to agree, and it isn't one of my own <br>priorities at the moment.<br><br>Hope that's useful. Best wishes,<br><br> Neil<br><br>><br>> ----- Original Message -----<br>> From: Neil Jerram <<a spellcheck="false"bbg-destination="mailto:rte:bind" href="mailto:Neil.Jerram@metaswitch.com" data-destination="mailto:rte:bind">Neil.Jerram@metaswitch.com</a><br>> <mailto:<a spellcheck="false"bbg-destination="mailto:rte:bind" href="mailto:Neil.Jerram@metaswitch.com" data-destination="mailto:rte:bind">Neil.Jerram@metaswitch.com</a>>><br>> To: EDMUND RHUDY, <a spellcheck="false"bbg-destination="mailto:rte:bind" href="mailto:openstack-operators@lists.openstack.org" data-destination="mailto:rte:bind">openstack-operators@lists.openstack.org</a><br>> <mailto:<a spellcheck="false"bbg-destination="mailto:rte:bind" href="mailto:openstack-operators@lists.openstack.org" data-destination="mailto:rte:bind">openstack-operators@lists.openstack.org</a>><br>> At: 05-Feb-2016 14:11:34<br>><br>> On 05/02/16 19:03, Ned Rhudy (BLOOMBERG/ 731 LEX) wrote:<br>> > I meant in a general sense of the networking technology that you're<br>> > using for instance networking, not in the sense of per-tenant networks,<br>> > though my wording was ambiguous. Part of our larger question centers<br>> > around the viability of tying instances directly to a provider network.<br>> > Being that we only operate a private cloud for internal consumption,<br>> > doing so would have some attractive upsides; tenants clamor for the IP<br>> > inside their instance to be the same as the floating IP that the outside<br>> > world sees, but nobody's ever asked us about the ability to roll their<br>> > own network topology, so we think we could probably do without that.<br>><br>> Cool, IMO that's a good match for what Calico provides.<br>><br><br></blockquote><br></div></div></body></html>