To Internet To Data Center Resources (10.x) - -/ - -/ / -/ / -/ / -/ -/ -/ / -/ / Public Provider Network / Private Provider Network / +------------------------+ +-------------------------+ | | | | | | | | | Router #1 |--------------| Router #2 | | SNAT Enabled | .2| SNAT Enabled | | | | | | | | | +------------------------+ +-------------------------+ | 192.168.1.1 | | | | | | | | | 192.168.1.10 (FIP: Public IP) +---------|-------------+ | | | | | | | VM | | | | | +-----------------------+ I am running Openstack Xena with OVN and distributed FIP enabled. We are trying to come up with a way to make a VM accessible from the Internet and still have it able to access internal Data Center services. Our thought is to setup a router between the tenant network and an internet accessible provider network. We'll assign a FIP to the VM. Then, we create an additional router that connects to the same tenant network but routes to a provider network that has access to everything inside the DC. We would then add a static route on Router #1 like 10.0.0.0/8 nexthop 192.168.1.2. I've tried setting this up in our lab, but it's not working. I can't ping to anything inside the DC. Should this work? Any best practice here we should look at? Thanks Chris