Open Stack

Hello Matej,

I *think* that the best solution is to disable NAT at the Neutron L3 router
but, I don't know precisely how to do that... This way, your Neutron L3
Router will not make any NAT, so, the instances will be reachable if you
take care of the routing.

In fact, this is precisely the topology I'm working to achieve when with
IPv6... Since there is no NAT for IPv6 (if it exists, I don't care, not
supported / not desired), then, the Instances will have public reachable IP
addresses "by nature" (without any kind of NAT).

I see two solutions:

1- Try to disable NAT at your Neutron L3 Router plus make sure the route is
okay;

2- Wait for Neutron IPv6 and be happy! No more NAT, no more troubles and
workarounds...


BTW, I'm working to backport Neutron IPv6 patches to IceHouse, if the work
goes as expected, I'll announce it here...

Also, you might want to take a look here:
http://www.nephos6.com/pdf/OpenStack-Havana-on-IPv6.pdf - They talk about
NAT at the Neutron L3 Router, I think that if you dig there, you'll find a
way to disable it for IPv4 networks.

Cheers!
Thiago


On 22 April 2014 19:27, Matej <matej at tam.si> wrote:

> Hi,
>
> I am using GRE tunneling and OVS and have several instances working
> perfectly. They get private IP addresses (range: 10.0.0.0/24) and get
> routed through my local IP subnet (192.168.22.0/24) out via my HW
> router's 192.168.22.1. This setup works good and I am pretty happy with it.
>
> What bothers me is the case where I need to delegate some of our instances
> a direct public IP address, without the need for any NAT whatsoever.
> Let's declare this public subnet as: 102.203.103.80/29
>
> I have created a new network:
> +---------------------------+--------------------------------------+
> | Field                     | Value                                |
> +---------------------------+--------------------------------------+
> | admin_state_up            | True                                 |
> | id                        | 50ad28c9-6a7d-4579-8339-a39f29cc4485 |
> | name                      | inet                                 |
> | provider:network_type     | local                                |
> | provider:physical_network |                                      |
> | provider:segmentation_id  |                                      |
> | router:external           | True                                 |
> | shared                    | False                                |
> | status                    | ACTIVE                               |
> | subnets                   | 6d27b5fa-191e-473e-9852-cbf47a62188e |
> | tenant_id                 | a0edd2a531bb41e6b17e0fd644bfd494     |
> +---------------------------+--------------------------------------+
>
> and then assigned a subnet inside:
> +------------------+------------------------------------------------------+
> | Field            | Value                                                |
> +------------------+------------------------------------------------------+
> | allocation_pools | {"start": "102.203.103.84", "end": "102.203.103.86"} |
> | cidr             | 102.203.103.80/29
> |
> | dns_nameservers  | 8.8.8.8                                          |
> | enable_dhcp      | False                                                |
> | gateway_ip       |                                                      |
> | host_routes      |                                                      |
> | id               | 6d27b5fa-191e-473e-9852-cbf47a62188e                 |
> | ip_version       | 4                                                    |
> | name             | inet                                                 |
> | network_id       | 50ad28c9-6a7d-4579-8339-a39f29cc4485                 |
> | tenant_id        | a0edd2a531bb41e6b17e0fd644bfd494                     |
> +------------------+------------------------------------------------------+
>
>
> When I create a new instance (CirrOS) and delegate this newly created
> network to it and then set IP
> 102.203.103.84/29 inside it, I am unable to ping our router's public IP
> address, it doesn't work.
> I have tried to create it as a flat network, but I don't currently have
> physnet interface defined in ovs_neutron_plugin.ini and when I did it, my
> private NAT setup stopped working.
>
> My current ovs_neutron_plugin.ini on controller:
> [ovs]
> tenant_network_type = gre
> tunnel_id_ranges = 1:1000
> enable_tunneling = True
> local_ip = 192.168.22.10
> integration_bridge = br-int
> tunnel_bridge = br-tun
> tunnel_types=gre
>
> [agent]
> polling_interval = 2
>
> [securitygroup]
> firewall_driver =
> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
>
>
>
> What is the right way to achieve this public IP assignment I would like to
> do? After reading a lot of docs, I still don't have any working solutions
> for it.
>
> Thank you very much for any ideas and help. If you need any other
> information, I will be happy to provide it.
>
> Matej
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140422/aa1204be/attachment.html>