Open Stack

Howdy,

I've been at this for quite some time but can't seem to arrive at a workable solution given the combination of options available in Quantum (or at least my understanding of them).

My host machine is more or less a all-in-one installation with two interfaces:

-          eth0 (br-priv): Private 10.x.y.z/26 network on VLAN 111

-          eth1 (br-ext): Public 50.x.y.z/26 network on VLAN 222

-          Upstream private router does not route at all to the public address space, and conversely the upstream public router definitely does not route back to the private address space.

The goals for this specific deployment include:

-          Multi-tenancy within OpenStack networks (by way of GRE if necessary, as VLANs are already physically tagged within a subnet where my machine is running)

-          DHCP-allocated instance IPs from an OpenStack-only 10.b.c.d/26 subnet

-          Use metadata agent for machine configuration (not a must, but strongly prefer over an agent)

-          Tentatively allocate floating IPs from an OpenStack-only 50.b.c.d/26 subnet

-          Instances on 10.b.c.d/26 may communicate with any other physical/non-OpenStack 10.0.0.0/8 network by way of the existing eth0/br-priv

-          Instances can get out to public addresses, and receive inbound traffic if allocated a floating IP (granted everything passes security groups without a problem)

In essence, there are numerous other machines within subnets reachable on the 10.0.0.0/8 network via eth0 that I'd like to be able to access from my OpenStack instances. I have subnets I'm allocating exclusively for my instances, so there is no overlap with the host's physical interface addresses. My instance subnets and my host subnets are both routed to the same physical VLAN on my hardware switch, and arrive at the same physical interface on the host, so the subnets are effectively local to each other (in a destination sense; not literally).

So far I've tried a few different scenarios:
  (a) using OVS with a gre network type for public and private, which was able to do everything I need except reach the other 10.x subnets, as all non-local packets are being sent out over eth1/br-ext (public). From there I can't figure out the missing piece to get any other non-Quantum 10.0.0.0/8 packets to go out on br-priv/eth0;

  (b) using OVS with a flat external network type for private and keeping the existing gre for public; it seems this worked on the private network, but unfortunately it takes an instance over 1.5 hours to boot to test because of pretty ridiculous wget timeouts on the cloud-init-like bits in CirrOS. Still waiting on my first test to come up.

I've scoured every bit of documentation I can find, and this sort of setup seems elusive, but I can't be the only one that's needed to do this. Is there something major I've missed here? Glad to post more details on configuration, just want to see what upfront questions there are first.

Any guidance is greatly appreciated.

Many thanks,

▄▄▄▄   Brian Cline
▄▄▄▄   Software Engineer, Innovation Team
▄▄▄▄   bcline at softlayer.com<mailto:bcline at softlayer.com>
            214.782.7876

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130606/7d999c2c/attachment.html>