On Mon, Oct 8, 2012 at 6:24 PM, Dan Wendlandt <span dir="ltr"><<a href="mailto:dan@nicira.com" target="_blank">dan@nicira.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="HOEnZb"><div class="h5">On Mon, Oct 8, 2012 at 7:52 AM, Jānis Ģeņģeris <<a href="mailto:janis.gengeris@gmail.com">janis.gengeris@gmail.com</a>> wrote:<br>
> Hello,<br>
><br>
> When using provider networks in Quantum, where should the metadata service<br>
> rule mapping (e.g. <a href="http://169.254.169.254:80" target="_blank">169.254.169.254:80</a> -> metadata_server:metadata_port) must<br>
> be set?<br>
><br>
> For example, for floating IPs l3-agent handles this, but for provider<br>
> networks router is not used. I tried to set custom iptables rule for this,<br>
> but have a hard time understanding where to set it, as there is openvswitch<br>
> and namespaces.<br>
><br>
> I'm using provider network configuration with VLANs.<br>
<br>
</div></div>You actually could use the Quantum L3 router as your gateway even if<br>
VMs are on a provider network, but I suspect your question is actually<br>
more along the lines of: if I want my gateway to be a physical router<br>
not managed by Quantum, how do I does the DNAT rule for metadata get<br>
applied? In this case, you need to apply the DNAT rule manually to<br>
the physical router, which I believe is the same as if you were using<br>
flat networking with Nova with a physical router.</blockquote><div>Adding the rule in physical router is not a good idea, because then the configuration of the OpenStack crosses the actual software/server border into network equipment, than can add to complexity later.</div>
<div><br></div><div>I tried to add provider network to quantum router, and the quantum CLI was rejecting it.</div><div>AFAIK router-interface-add is for internal networks, and router-gateway-set is also failing.</div><div>
<br></div><div>Which CLI command to use for adding provider network to existing quantum router?</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> </blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
There may also be a more complex solution achievable via quantum in<br>
which the provider creates a quantum router with an interface on the<br>
provider network, VMs are each given a host route to route traffic<br>
destined for <a href="http://169.254.169.254/32" target="_blank">169.254.169.254/32</a> to this quantum router IP, rather than<br>
the physical default gateway, and this quantum router performs the<br>
DNAT. However, its probably much easier to just apply this rule to<br>
your physical router.<br></blockquote><div>No, this is no good.</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
Dan<br>
<br>
<br>
><br>
> Regards,<br>
> --janis<br>
><br>
> _______________________________________________<br>
> Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
> Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
> Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
> More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
><br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
<br>
--<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
Dan Wendlandt<br>
Nicira, Inc: <a href="http://www.nicira.com" target="_blank">www.nicira.com</a><br>
twitter: danwendlandt<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
</font></span></blockquote></div><br>Regards,<br>--janis<br>