<div dir="ltr">Hello Matej,<div><br></div><div>I <u><b>think</b></u> that the best solution is to disable NAT at the Neutron L3 router but, I don't know precisely how to do that... This way, your Neutron L3 Router will not make any NAT, so, the instances will be reachable if you take care of the routing.</div>
<div><br></div><div>In fact, this is precisely the topology I'm working to achieve when with IPv6... Since there is no NAT for IPv6 (if it exists, I don't care, not supported / not desired), then, the Instances will have public reachable IP addresses "by nature" (without any kind of NAT).</div>
<div><br></div><div>I see two solutions:</div><div><br></div><div>1- Try to disable NAT at your Neutron L3 Router plus make sure the route is okay;</div><div><br></div><div>2- Wait for Neutron IPv6 and be happy! No more NAT, no more troubles and workarounds...</div>
<div><br></div><div><br></div><div>BTW, I'm working to backport Neutron IPv6 patches to IceHouse, if the work goes as expected, I'll announce it here...</div><div><br></div><div>Also, you might want to take a look here: <a href="http://www.nephos6.com/pdf/OpenStack-Havana-on-IPv6.pdf">http://www.nephos6.com/pdf/OpenStack-Havana-on-IPv6.pdf</a> - They talk about NAT at the Neutron L3 Router, I think that if you dig there, you'll find a way to disable it for IPv4 networks.</div>
<div><br></div><div>Cheers!</div><div>Thiago</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 22 April 2014 19:27, Matej <span dir="ltr"><<a href="mailto:matej@tam.si" target="_blank">matej@tam.si</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<br><br>I am using GRE tunneling and OVS and have several instances working perfectly. They get private IP addresses (range: <a href="http://10.0.0.0/24" target="_blank">10.0.0.0/24</a>) and get routed through my local IP subnet (<a href="http://192.168.22.0/24" target="_blank">192.168.22.0/24</a>) out via my HW router's 192.168.22.1. This setup works good and I am pretty happy with it.<br>
<br>What bothers me is the case where I need to delegate some of our instances a direct public IP address, without the need for any NAT whatsoever.<br>Let's declare this public subnet as: <a href="http://102.203.103.80/29" target="_blank">102.203.103.80/29</a><br>
<br>I have created a new network:<br>+---------------------------+--------------------------------------+<br>| Field | Value |<br>+---------------------------+--------------------------------------+<br>
| admin_state_up | True |<br>| id | 50ad28c9-6a7d-4579-8339-a39f29cc4485 |<br>| name | inet |<br>| provider:network_type | local |<br>
| provider:physical_network | |<br>| provider:segmentation_id | |<br>| router:external | True |<br>| shared | False |<br>
| status | ACTIVE |<br>| subnets | 6d27b5fa-191e-473e-9852-cbf47a62188e |<br>| tenant_id | a0edd2a531bb41e6b17e0fd644bfd494 |<br>+---------------------------+--------------------------------------+<br>
<br>and then assigned a subnet inside:<br>+------------------+------------------------------------------------------+<br>| Field | Value |<br>+------------------+------------------------------------------------------+<br>
| allocation_pools | {"start": "102.203.103.84", "end": "102.203.103.86"} |<br>| cidr | <a href="http://102.203.103.80/29" target="_blank">102.203.103.80/29</a> |<br>
| dns_nameservers | 8.8.8.8 |<br>| enable_dhcp | False |<br>| gateway_ip | |<br>
| host_routes | |<br>| id | 6d27b5fa-191e-473e-9852-cbf47a62188e |<br>| ip_version | 4 |<br>
| name | inet |<br>| network_id | 50ad28c9-6a7d-4579-8339-a39f29cc4485 |<br>| tenant_id | a0edd2a531bb41e6b17e0fd644bfd494 |<br>
+------------------+------------------------------------------------------+<br><br><br>When I create a new instance (CirrOS) and delegate this newly created network to it and then set IP <br><a href="http://102.203.103.84/29" target="_blank">102.203.103.84/29</a> inside it, I am unable to ping our router's public IP address, it doesn't work.<br>
I have tried to create it as a flat network, but I don't currently have physnet interface defined in ovs_neutron_plugin.ini and when I did it, my private NAT setup stopped working.<br><br>My current ovs_neutron_plugin.ini on controller:<br>
[ovs]<br>tenant_network_type = gre<br>tunnel_id_ranges = 1:1000<br>enable_tunneling = True<br>local_ip = <a href="tel:192.168.22.10" value="+551921682210" target="_blank">192.168.22.10</a><br>integration_bridge = br-int<br>
tunnel_bridge = br-tun<br>tunnel_types=gre<br><br>[agent]<br>polling_interval = 2<br>
<br>[securitygroup]<br>firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver<br><br><br><br>What is the right way to achieve this public IP assignment I would like to do? After reading a lot of docs, I still don't have any working solutions for it.<br>
<br>Thank you very much for any ideas and help. If you need any other information, I will be happy to provide it.<span class="HOEnZb"><font color="#888888"><br><br>Matej</font></span></div>
<br>_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
<br></blockquote></div><br></div>