Need some clarification about tenant network in TripleO
Hi, It is a newbie question, but I didn't find a real answer, and I have trouble with my deployment, so some help will be appreciated. In the deployment of TripleO in network isolation, a Tenant network is created, that network (in the examples I have seen) have a VLAN-ID and a subnet. I did the same in my deployment, I created that network. My questions : - Is the Tenant network, mentioned in the deployment process, is it the first tenant network created for the admin tenant? and for new tenant I have to create a new network tenant, despite I am not seeing how I would do that? - Or is it a pipe (a conduit) used to pass the traffic of all the tenants that will be created after? Regards.
On Wed, Sep 15, 2021 at 6:07 AM wodel youchi <wodel.youchi@gmail.com> wrote:
Hi,
It is a newbie question, but I didn't find a real answer, and I have trouble with my deployment, so some help will be appreciated.
In the deployment of TripleO in network isolation, a Tenant network is created, that network (in the examples I have seen) have a VLAN-ID and a subnet. I did the same in my deployment, I created that network.
My questions : - Is the Tenant network, mentioned in the deployment process, is it the first tenant network created for the admin tenant? and for new tenant I have to create a new network tenant, despite I am not seeing how I would do that? - Or is it a pipe (a conduit) used to pass the traffic of all the tenants that will be created after?
Convention is for it to be a pipe, i.e. the second option. Usually the tenant network will be its own VLAN and then an overlay network (e.g. Geneve, VXLAN, etc) will create tenant networks on top of that VLAN when each tenant requests with a command like `openstack network create my_private_network`. On a default TripleO install you should be able to source the overcloudrc and then run that command to create these overlay networks. John
Regards.
Thank you for this explanation. To the problem now, I installed Train, then I created a new tenant with its private network, then I created another tenant with its own private network. But I used the same subnet for both networks, then I spawned 4 VMs, 2 per tenant, they got their IP addresses, and the problem is, they all can ping each other, there is no isolation between the tenants. I don't know where to begin searching. Regards. Le mer. 15 sept. 2021 à 12:16, John Fulton <johfulto@redhat.com> a écrit :
On Wed, Sep 15, 2021 at 6:07 AM wodel youchi <wodel.youchi@gmail.com> wrote:
Hi,
It is a newbie question, but I didn't find a real answer, and I have
trouble with my deployment, so some help will be appreciated.
In the deployment of TripleO in network isolation, a Tenant network is
I did the same in my deployment, I created that network.
My questions : - Is the Tenant network, mentioned in the deployment process, is it the first tenant network created for the admin tenant? and for new tenant I have to create a new network tenant, despite I am not seeing how I would do
created, that network (in the examples I have seen) have a VLAN-ID and a subnet. that?
- Or is it a pipe (a conduit) used to pass the traffic of all the tenants that will be created after?
Convention is for it to be a pipe, i.e. the second option. Usually the tenant network will be its own VLAN and then an overlay network (e.g. Geneve, VXLAN, etc) will create tenant networks on top of that VLAN when each tenant requests with a command like `openstack network create my_private_network`. On a default TripleO install you should be able to source the overcloudrc and then run that command to create these overlay networks.
John
Regards.
participants (2)
-
John Fulton
-
wodel youchi