[DHCP][Provider Network] Instances get IP from external DHCP server
Hi, appreciate some advice on how instances in openstack get ip from external DHCP server. For example instance is attached to port eth1 (physical port) and this port is connected to home/office lan port and requests dhcp ip. How this can be achieved. ***User don't know the dhcp ip range/gw/dns that will be provided by the dhcp sever to that instance...instance just attach to eth1 and request ip.*** Similar like our pc/notebook request dhcp ip via wifi or lan port. How to establish this in openstack. Please advise and help me. Thank you
Are you sure? you are going to danger zone :) dangerzone if you really need a RANDOM RANDOM IP, I would add network (maybe flat?) that would contain a subnet: 0.0.0.0/0 without DHCP (if such possible, if not, would contain 2 subnets: 0.0.0.0/1 and 128.0.0.0/1) and disable f=port security for that network. In the image you will use, you will need to remove cloud-init or add config option, on instance launch, that it would not autoconfigure network interface according to Cloud assigned IP. maybe for such task there are better options, such as simple KVM host with bridged network? On Fri, 29 Jan 2021 at 05:26, dangerzone ar <dangerzonen@gmail.com> wrote:
Hi, appreciate some advice on how instances in openstack get ip from external DHCP server. For example instance is attached to port eth1 (physical port) and this port is connected to home/office lan port and requests dhcp ip. How this can be achieved. ***User don't know the dhcp ip range/gw/dns that will be provided by the dhcp sever to that instance...instance just attach to eth1 and request ip.*** Similar like our pc/notebook request dhcp ip via wifi or lan port. How to establish this in openstack. Please advise and help me. Thank you
-- Ruslanas Gžibovskis +370 6030 7030
Hi, On Fri, Jan 29, 2021 at 12:20:15PM +0800, dangerzone ar wrote:
Hi, appreciate some advice on how instances in openstack get ip from external DHCP server. For example instance is attached to port eth1 (physical port) and this port is connected to home/office lan port and requests dhcp ip. How this can be achieved. ***User don't know the dhcp ip range/gw/dns that will be provided by the dhcp sever to that instance...instance just attach to eth1 and request ip.*** Similar like our pc/notebook request dhcp ip via wifi or lan port. How to establish this in openstack. Please advise and help me. Thank you
You need to disable port security on such instance. Otherwise Neutron will block traffic from such IP address which is unknown. Or You need to add this IP address which VM get to the allowed_address_pairs of the VM's port. Also, please keep in mind that You will have different IP associated to that VM in the Neutron, and that will be visible in OpenStack API and different one will be really used. -- Slawek Kaplonski Principal Software Engineer Red Hat
Hi Slawek and Ruslans, thanks for the response. In this case the instance is connected to an unknown dhcp network and requests ip from that network to get access to the lan/internet. Thus, there is no known ip range/gw/dns/subnet that configures on the neutron network. From Ruslanas in the email, propose to set subnet as 0.0.0.0/0 and disable port security ( on the instance itself or on the network that should be disabled???). The use case is I have a computer that has been configured as an openstack and with 2 nic ports. An instance created with attached to eth0 and eth1. This is a mobile mini computer that is used for demo purposes... The management openstack is set to network (eth0) 192.168.100.0/24 and the second port eth1 is the one that will be connected to the external dhcp network. For example I bring the computer to customer site A for a demo... and connect eth0 to notebook for local management and then connect eth1 to site A to get ip from dhcp server for my instance to access lan/internet from site A network. I understand if we have the details of IP range/gw/etc that can be defined as a network, but the scenario here....we don't know the network and requesting ip from unknown dhcp network. Hope it gives some ideas... Thanks On Fri, Jan 29, 2021 at 4:07 PM Slawek Kaplonski <skaplons@redhat.com> wrote:
Hi,
On Fri, Jan 29, 2021 at 12:20:15PM +0800, dangerzone ar wrote:
Hi, appreciate some advice on how instances in openstack get ip from external DHCP server. For example instance is attached to port eth1 (physical port) and this port is connected to home/office lan port and requests dhcp ip. How this can be achieved. ***User don't know the dhcp ip range/gw/dns that will be provided by the dhcp sever to that instance...instance just attach to eth1 and request ip.*** Similar like our pc/notebook request dhcp ip via wifi or lan port. How to establish this in openstack. Please advise and help me. Thank you
You need to disable port security on such instance. Otherwise Neutron will block traffic from such IP address which is unknown. Or You need to add this IP address which VM get to the allowed_address_pairs of the VM's port. Also, please keep in mind that You will have different IP associated to that VM in the Neutron, and that will be visible in OpenStack API and different one will be really used.
-- Slawek Kaplonski Principal Software Engineer Red Hat
Depends on the usage. If your instance will be the only one on that dhcp network, then on port/server would be better, but if you will need to create more instances on such dhcp usecase, then I would go for a network port security. On Sun, 31 Jan 2021, 05:54 dangerzone ar, <dangerzonen@gmail.com> wrote:
Hi Slawek and Ruslans, thanks for the response. In this case the instance is connected to an unknown dhcp network and requests ip from that network to get access to the lan/internet. Thus, there is no known ip range/gw/dns/subnet that configures on the neutron network. From Ruslanas in the email, propose to set subnet as 0.0.0.0/0 and disable port security ( on the instance itself or on the network that should be disabled???).
The use case is I have a computer that has been configured as an openstack and with 2 nic ports. An instance created with attached to eth0 and eth1. This is a mobile mini computer that is used for demo purposes... The management openstack is set to network (eth0) 192.168.100.0/24 and the second port eth1 is the one that will be connected to the external dhcp network. For example I bring the computer to customer site A for a demo... and connect eth0 to notebook for local management and then connect eth1 to site A to get ip from dhcp server for my instance to access lan/internet from site A network. I understand if we have the details of IP range/gw/etc that can be defined as a network, but the scenario here....we don't know the network and requesting ip from unknown dhcp network. Hope it gives some ideas... Thanks
On Fri, Jan 29, 2021 at 4:07 PM Slawek Kaplonski <skaplons@redhat.com> wrote:
Hi,
On Fri, Jan 29, 2021 at 12:20:15PM +0800, dangerzone ar wrote:
Hi, appreciate some advice on how instances in openstack get ip from external DHCP server. For example instance is attached to port eth1 (physical port) and this port is connected to home/office lan port and requests dhcp ip. How this can be achieved. ***User don't know the dhcp ip range/gw/dns that will be provided by the dhcp sever to that instance...instance just attach to eth1 and request ip.*** Similar like our pc/notebook request dhcp ip via wifi or lan port. How to establish this in openstack. Please advise and help me. Thank you
You need to disable port security on such instance. Otherwise Neutron will block traffic from such IP address which is unknown. Or You need to add this IP address which VM get to the allowed_address_pairs of the VM's port. Also, please keep in mind that You will have different IP associated to that VM in the Neutron, and that will be visible in OpenStack API and different one will be really used.
-- Slawek Kaplonski Principal Software Engineer Red Hat
Hi, On Sun, Jan 31, 2021 at 10:46:03AM +0200, Ruslanas Gžibovskis wrote:
Depends on the usage. If your instance will be the only one on that dhcp network, then on port/server would be better, but if you will need to create more instances on such dhcp usecase, then I would go for a network port security.
Exactly. If it is set on the network, it will be default value for all ports created on that network. See [1]. [1] https://docs.openstack.org/api-ref/network/v2/index.html#port-security
On Sun, 31 Jan 2021, 05:54 dangerzone ar, <dangerzonen@gmail.com> wrote:
Hi Slawek and Ruslans, thanks for the response. In this case the instance is connected to an unknown dhcp network and requests ip from that network to get access to the lan/internet. Thus, there is no known ip range/gw/dns/subnet that configures on the neutron network. From Ruslanas in the email, propose to set subnet as 0.0.0.0/0 and disable port security ( on the instance itself or on the network that should be disabled???).
The use case is I have a computer that has been configured as an openstack and with 2 nic ports. An instance created with attached to eth0 and eth1. This is a mobile mini computer that is used for demo purposes... The management openstack is set to network (eth0) 192.168.100.0/24 and the second port eth1 is the one that will be connected to the external dhcp network. For example I bring the computer to customer site A for a demo... and connect eth0 to notebook for local management and then connect eth1 to site A to get ip from dhcp server for my instance to access lan/internet from site A network. I understand if we have the details of IP range/gw/etc that can be defined as a network, but the scenario here....we don't know the network and requesting ip from unknown dhcp network. Hope it gives some ideas... Thanks
On Fri, Jan 29, 2021 at 4:07 PM Slawek Kaplonski <skaplons@redhat.com> wrote:
Hi,
On Fri, Jan 29, 2021 at 12:20:15PM +0800, dangerzone ar wrote:
Hi, appreciate some advice on how instances in openstack get ip from external DHCP server. For example instance is attached to port eth1 (physical port) and this port is connected to home/office lan port and requests dhcp ip. How this can be achieved. ***User don't know the dhcp ip range/gw/dns that will be provided by the dhcp sever to that instance...instance just attach to eth1 and request ip.*** Similar like our pc/notebook request dhcp ip via wifi or lan port. How to establish this in openstack. Please advise and help me. Thank you
You need to disable port security on such instance. Otherwise Neutron will block traffic from such IP address which is unknown. Or You need to add this IP address which VM get to the allowed_address_pairs of the VM's port. Also, please keep in mind that You will have different IP associated to that VM in the Neutron, and that will be visible in OpenStack API and different one will be really used.
-- Slawek Kaplonski Principal Software Engineer Red Hat
-- Slawek Kaplonski Principal Software Engineer Red Hat
participants (3)
-
dangerzone ar
-
Ruslanas Gžibovskis
-
Slawek Kaplonski