<div dir="ltr">><span style="font-size:12.8px">So where do the routers and "ports" come into this?</span><div><br></div><div>So routers are just like normal routers in that they attach to multiple networks and route between them. Ports are the basic unit that represent access to a network. A VM can have an arbitrary number of ports attached to different networks and each will have its own IP, MAC address, security groups, etc.</div><div><br></div><div><span style="font-size:12.8px">>And into the real network?</span></div><div><span style="font-size:12.8px"><br></span></div><div>It depends on how you have Neutron configured. Neutron networks can correspond to VLANs, VXLAN tunnels, GRE tunnels, or even just a direct mapping to an interface on the host (so no encapsulation).</div><div><br></div><div>I think the configuration you need will depend quite a bit on what topology you want to have. If you just want a bunch of pre-configured networks that map to real VLANs in your datacenter, then you want to setup what we refer to as "provider networks": <a href="http://docs.openstack.org/mitaka/networking-guide/scenario-provider-ovs.html">http://docs.openstack.org/mitaka/networking-guide/scenario-provider-ovs.html</a></div><div><br></div><div>In general, I would suggest a read through of the basics and some of the scenarios in the networking guide: <a href="http://docs.openstack.org/mitaka/networking-guide/">http://docs.openstack.org/mitaka/networking-guide/</a></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 15, 2016 at 5:39 PM, Turbo Fredriksson <span dir="ltr"><<a href="mailto:turbo@bayour.com" target="_blank">turbo@bayour.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Jun 16, 2016, at 1:10 AM, Kevin Benton wrote:<br>
<br>
> It's essentially the equivalent of Amazon VPC: <a href="https://aws.amazon.com/vpc/" rel="noreferrer" target="_blank">https://aws.amazon.com/vpc/</a><br>
<br>
</span>Ah, perfect. That cleared up a lot, I've worked with<br>
VPCs before. Not much, but enough to get the picture.<br>
Thanx!<br>
<br>
So where do the routers and "ports" come into this?<br>
And into the real network?<br>
<br>
<br>
This is what my current network looks like:<br>
<br>
+ [external_ip - internet]<br>
+- Gateway/Firewall (DHCP, DNS, NTP)<br>
+ [192.168.4/24] -+- Old VMs, Static IPs<br>
+ [192.168.5/24] -+- Old VMs, Dynamic IPs<br>
+ [192.168.63/24] -+- Guest network<br>
+ [192.168.69/24] -+- Physical machines<br>
+- SAN (Block Storage - 30TB+/ZoL, LDAP, Kerberos V, SMB, AFP, AFS, NFS, iSCSI)<br>
+- Current VM host<br>
+ [10.0.0/16] -+- Blade Center<br>
+ [10.0.1/24] -+- Management/iLO network (Blade Center 1)<br>
+ [10.0.2/24] -+- Management/iLO network (Blade Center 2)<br>
+ [10.0.3/24] -+- Blade Center 1 - Blade hosts, eth0<br>
+ [10.0.4/24] -+- Blade Center 1 - Blade hosts, eth1<br>
+ [10.0.5/24] -+- Blade Center 2 - Blade hosts, eth0<br>
+ [10.0.6/24] -+- Blade Center 2 - Blade hosts, eth1<br>
+ [10.9x.0/24] -+- Virtual Machines<br>
<br>
So my (currently only) Control node (where I, among other things, run<br>
Neutron) have the IP "10.0.4.1", which is connected to the physical network<br>
via eth1, and routed to/via "the gateway/firewall" machine.<br>
<br>
I was thinking that eth0 on the Control node(s) would be my (internal?)<br>
"Openstack Network" (?) and provide the 10.9x/24 networks to the virtual<br>
machines (I might not need 10 C-class networks, but I'm pretty sure I'll<br>
be needing more than one in a "not to distant future" so better safe than<br>
sorry).<br>
<br>
<br>
So in OS I create the 10.9x/24 network(s) (?), served by a DHCP server<br>
listening on eth0 only (because there's a DHCP "broadcasting" on eth1<br>
serving the physical network), add a router with IP 10.99.0.1 (?) and<br>
"bind" it to the physical machines eth0 (?).<br>
<br>
<br>
This is where it again gets really fuzzy. How do I do that? How do I<br>
make that router "connect" to the physical network? As in, route between<br>
eth0 and eth1?<br>
<br>
As in, one leg on the physical network (eth1) and the other on my VM<br>
network (eth0). No, that didn't make much sense, but I hope you understand<br>
what I mean..<br>
<br>
And I guess I need some kind of firewall on that as well, just for good<br>
measure.<br>
<br>
<br>
And, yes, I now see a logical error I've made. I've allocated a 10.0/16<br>
network for all the eth0 interfaces.<br>
<br>
I was kind'a in a hurry when I started allocating the 10/8 network and<br>
I didn't know what OS wanted of me so I didn't think that through completely.<br>
Although it doesn't matter that much. It's fairly simple for me to change<br>
that. It doesn't matter in this context though. Using the 10.9x/24 networks<br>
for my VMs should be fine anyway.<br>
--<br>
Life sucks and then you die<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
_______________________________________________<br>
Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
Post to : <a href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a><br>
Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br>
</div></div></blockquote></div><br></div>