[Neutron] How to change the MAC address of Gateway interface of the router
Hi, I have setup a multi-host openstack cloud on AWS consisting of 3 servers i.e. Controller, Compute & Network Everything is working as expected. My requirement is that the compute instances should be able to communicate with the internet and vice-versa. However, AWS due to its security policies will drop all traffic that is sourced from the VMs because the VM traffic will have the MAC address of the gateway interface of the router when it hits the AWS switch. This MAC address is not know to AWS hence it drops this traffic. AWS will allow only that traffic that contains the registered MAC address as its source address So I need to change the MAC address of the gateway interface of the L3 router on the network node. I tried googling but could not find any solution. Is there any solution/command to do this ? Thanks, Kaushik
On Sat, 2020-05-16 at 17:05 +0000, Rahul Sharma wrote:
Hi,
I have setup a multi-host openstack cloud on AWS consisting of 3 servers i.e. Controller, Compute & Network
Everything is working as expected. My requirement is that the compute instances should be able to communicate with the internet and vice-versa.
However, AWS due to its security policies will drop all traffic that is sourced from the VMs because the VM traffic will have the MAC address of the gateway interface of the router when it hits the AWS switch. This MAC address is not know to AWS hence it drops this traffic. AWS will allow only that traffic that contains the registered MAC address as its source address
So I need to change the MAC address of the gateway interface of the L3 router on the network node. I tried googling but could not find any solution.
Is there any solution/command to do this ? you might be able to do a neutorn port update to update the neutron port mac of the router
your other options is to not add an interface directly to br-ex and instead assign the wan netwroks gateway ip to the br-ex directly and nat the traffic https://www.rdoproject.org/networking/networking-in-too-much-detail/#nat-to-...
Thanks, Kaushik
Thanks Sean.. Will definitely try this ________________________________ From: Sean Mooney <smooney@redhat.com> Sent: Monday, May 18, 2020 4:55 AM To: Rahul Sharma <rsharma1818@outlook.com>; openstack-discuss@lists.openstack.org <openstack-discuss@lists.openstack.org> Subject: Re: [Neutron] How to change the MAC address of Gateway interface of the router On Sat, 2020-05-16 at 17:05 +0000, Rahul Sharma wrote:
Hi,
I have setup a multi-host openstack cloud on AWS consisting of 3 servers i.e. Controller, Compute & Network
Everything is working as expected. My requirement is that the compute instances should be able to communicate with the internet and vice-versa.
However, AWS due to its security policies will drop all traffic that is sourced from the VMs because the VM traffic will have the MAC address of the gateway interface of the router when it hits the AWS switch. This MAC address is not know to AWS hence it drops this traffic. AWS will allow only that traffic that contains the registered MAC address as its source address
So I need to change the MAC address of the gateway interface of the L3 router on the network node. I tried googling but could not find any solution.
Is there any solution/command to do this ? you might be able to do a neutorn port update to update the neutron port mac of the router
your other options is to not add an interface directly to br-ex and instead assign the wan netwroks gateway ip to the br-ex directly and nat the traffic https://www.rdoproject.org/networking/networking-in-too-much-detail/#nat-to-...
Thanks, Kaushik
participants (2)
-
Rahul Sharma
-
Sean Mooney