<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello Operators,</p>
<p>For reasons not yet amenable to persuasion otherwise, a customer
of our ML2+OVS classic implemented OpenStack would like to map two
floating IPs pulled from two separate external network floating IP
pools, to two different vNICs on his instances.</p>
<p>The floating IP pools correspond to one pool routable from the
external Internet and another, RFC1918 pool routable from internal
University networks.<br>
</p>
<p>The tenant private networks are arranged as two RFC1918 VXLANs,
each with a router to one of the two external networks.</p>
<p>10.0.0.0/24 -> route to -> 128.232.226.0/23
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</p>
<p>10.0.16.0/24 -> route to -> 172.24.46.0/23</p>
<p><br>
</p>
<p>Mapping two floating IPs to instances isn't possible in Horizon,
but is possible from command-line. This doesn't immediately work,
however, as the return traffic from the instance needs to be sent
back through the correct router gateway interface and not the
instance default gateway.<br>
</p>
<p>I'd initially thought this would be possible by placing a second
routing table on the instances to handle the return traffic;</p>
<p>debian@test1:/etc/iproute2$ less rt_tables <br>
#<br>
# reserved values<br>
#<br>
255 local<br>
254 main<br>
253 default<br>
0 unspec<br>
#<br>
# local<br>
#<br>
#1 inr.ruhep<br>
1 rt2<br>
</p>
<p>debian@test1:/etc/network$ less interfaces<br>
# The loopback network interface<br>
auto lo<br>
iface lo inet loopback<br>
</p>
<p># The first vNIC, eth0<br>
auto eth0<br>
iface eth0 inet dhcp<br>
</p>
<p># The second vNIC, eth1<br>
auto eth1<br>
iface eth1 inet static<br>
address 10.0.16.11 <br>
netmask 255.255.255.0<br>
post-up ip route add 10.0.16.0/24 dev eth1 src 10.0.16.11
table rt2<br>
post-up ip route add default via 10.0.16.1 dev eth1 table
rt2<br>
post-up ip rule add from 10.0.16.11/32 table rt2<br>
post-up ip rule add to 10.0.16.11/32 table rt2<br>
</p>
<p>And this works well for SSH and ICMP, but curiously not for HTTP
traffic.</p>
<p><br>
</p>
<p>Requests to a web-server listening on all vNICs are sent but
replies not received when the requests are sent to the second
mapped floating IP (HTTP requests and replies work as expected
when sent to the first mapped floating IP). The requests are
logged in both cases however, so traffic is making it to the
instance in both cases.<br>
</p>
<p>I'd say this is clearly an unusual (and possibly un-natural)
arrangement, but I was wondering whether anyone else on Operators
had come across a similar situation in trying to map floating IPs
from two different external networks to an instance?</p>
<p>Kind regards,</p>
<p>Paul Browne<br>
</p>
<pre class="moz-signature" cols="72"><span style="color: rgb(51, 51, 51); font-family: "Open Sans", Helvetica, Arial, sans-serif; font-size: 13px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(245, 245, 245); display: inline !important; float: none;">
</span>--
*******************
Paul Browne
Research Computing Platforms
University Information Services
Roger Needham Building
JJ Thompson Avenue
University of Cambridge
Cambridge
United Kingdom
E-Mail: <a class="moz-txt-link-abbreviated" href="mailto:pfb29@cam.ac.uk">pfb29@cam.ac.uk</a>
Tel: 0044-1223-46548
*******************</pre>
</body>
</html>