[openstack-dev] [Neutron] Use public IP address as instance fixed IP

Kevin Benton blak111 at gmail.com
Tue Aug 26 21:34:19 UTC 2014


VLAN tag, VXLAN id, etc.


On Tue, Aug 26, 2014 at 2:27 PM, Bao Wang <bywang98 at gmail.com> wrote:

> Sorry, not good with neutron. Could you explain what "use a regular
> segmentation identifer like the rest of the network" ? What is this
> segmentation identifier ?
>
>
> On Tue, Aug 26, 2014 at 3:07 PM, Kevin Benton <blak111 at gmail.com> wrote:
>
>> No, the gateway_external_network_id option just refers to how your
>> network is deployed. If the external network uses a regular segmentation
>> identifier like the rest of the networks, this will work. If not, it won't
>> because the instances will try to use a segmentation identifier.
>>
>> In other words, if you have a separate physical interface for external
>> networks on your L3 agent nodes, this will not work.
>> On Aug 26, 2014 12:14 PM, "Bao Wang" <bywang98 at gmail.com> wrote:
>>
>>> Just want to clarify something. this public ip as private ip is only for
>>> external facing interfaces on a set of VM instances. At the same time, the
>>> majority of interfaces on hte same set of VM instances will not have public
>>> ip and their subnets are isolated networks. Will this change your
>>> conclusion when you mentioned "the gateway_external_network_id is left
>>> blank for the L3 agent" ?
>>>
>>>
>>> On Mon, Aug 25, 2014 at 1:07 AM, Kevin Benton <blak111 at gmail.com> wrote:
>>>
>>>> I think this will depend on the deployment type for the L3 agent. If
>>>> the gateway_external_network_id is left blank for the L3 agent, the
>>>> external network is vlan tagged just like any regular network and doesn't
>>>> have an independent bridge.[1] In that deployment scenario it should work
>>>> fine.
>>>>
>>>>
>>>> On Sun, Aug 24, 2014 at 9:30 AM, Mohammad Banikazemi <mb at us.ibm.com>
>>>> wrote:
>>>>
>>>>>  Would this work? We used to have warnings in Neutron docs indicating
>>>>> that instances should not be attached to external networks:
>>>>> "It is important to understand that you should not attach the
>>>>> instance to Ext-Net directly. Instead, you must use a floating IP to make
>>>>> it accessible from the external network."
>>>>>
>>>>> In this particular case and with the OVS plugin, the traffic on the
>>>>> external network which now hosts tenant VMs (on OpenStack compute nodes)
>>>>> should get routed from the br-int to the external bridge br-ex using for
>>>>> example the appropriate vlan id (what if external network does not use
>>>>> vlan?) and then to the external network without doing the NATing. Would
>>>>> this traffic go through the veth pair connecting the br-int and br-ex?
>>>>>
>>>>> Mohammad
>>>>>
>>>>> [image: Inactive hide details for Kevin Benton ---08/23/2014 01:37:28
>>>>> AM---Yes, you should be able to create a shared/external network]Kevin
>>>>> Benton ---08/23/2014 01:37:28 AM---Yes, you should be able to create a
>>>>> shared/external network within Neutron to accomplish this.
>>>>>
>>>>> From: Kevin Benton <blak111 at gmail.com>
>>>>> To: "OpenStack Development Mailing List (not for usage questions)" <
>>>>> openstack-dev at lists.openstack.org>
>>>>> Date: 08/23/2014 01:37 AM
>>>>> Subject: Re: [openstack-dev] [Neutron] Use public IP address as
>>>>> instance fixed IP
>>>>> ------------------------------
>>>>>
>>>>>
>>>>>
>>>>> Yes, you should be able to create a shared/external network within
>>>>> Neutron to accomplish this.
>>>>>
>>>>>
>>>>> On Fri, Aug 22, 2014 at 7:25 AM, Bao Wang <*bywang98 at gmail.com*
>>>>> <bywang98 at gmail.com>> wrote:
>>>>>
>>>>>    Thank you for your response. Could this be done naturally with
>>>>>    Openstack neutron or have to be done manually outside neutron ?  As we are
>>>>>    expecting to orchestrate hundreds of NFV with all similar network
>>>>>    configuration, programmability is another key element.
>>>>>
>>>>>
>>>>>    On Thu, Aug 21, 2014 at 3:52 PM, Kevin Benton <*blak111 at gmail.com*
>>>>>    <blak111 at gmail.com>> wrote:
>>>>>       Have you tried making the external network shared as well?
>>>>>       Instances that need a private IP with NAT attach to an internal network and
>>>>>       go through the router like normal. Instances that need a public IP without
>>>>>       NAT would just attach directly to the external network.
>>>>>
>>>>>
>>>>>       On Thu, Aug 21, 2014 at 7:06 AM, Bao Wang <*bywang98 at gmail.com*
>>>>>       <bywang98 at gmail.com>> wrote:
>>>>>          I have a very complex Openstack deployment for NFV. It could
>>>>>          not be deployed as Flat. It will have a lot of isolated private networks.
>>>>>          Some interfaces of a group VM instances will need bridged network with
>>>>>          their fixed IP addresses to communicate with outside world while other
>>>>>          interfaces from the same set of VM should keep isolated with real
>>>>>          private/fixed IP addresses. What happen if we use public IP addresses
>>>>>          directly as fixed IP on those interfaces ? Will this work with Openstack
>>>>>          neutron networking ? Will Openstack do NAT automatically on those ?
>>>>>
>>>>>          Overall, the requirement is to use the fixed/public IP to
>>>>>          communicate with outside directly on some interfaces of some VM instances
>>>>>          while keeping others as private. The floating IP is not an option here
>>>>>
>>>>>          _______________________________________________
>>>>>          OpenStack-dev mailing list
>>>>> *OpenStack-dev at lists.openstack.org*
>>>>>          <OpenStack-dev at lists.openstack.org>
>>>>> *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev*
>>>>>          <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>>>>>
>>>>>
>>>>>
>>>>>       --
>>>>>       Kevin Benton
>>>>>
>>>>>       _______________________________________________
>>>>>       OpenStack-dev mailing list
>>>>> *OpenStack-dev at lists.openstack.org*
>>>>>       <OpenStack-dev at lists.openstack.org>
>>>>> *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev*
>>>>>       <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>>>>>
>>>>>
>>>>>    _______________________________________________
>>>>>    OpenStack-dev mailing list
>>>>> *OpenStack-dev at lists.openstack.org*
>>>>>    <OpenStack-dev at lists.openstack.org>
>>>>> *http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev*
>>>>>    <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Kevin Benton_______________________________________________
>>>>> OpenStack-dev mailing list
>>>>> OpenStack-dev at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> OpenStack-dev mailing list
>>>>> OpenStack-dev at lists.openstack.org
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Kevin Benton
>>>>
>>>> _______________________________________________
>>>> OpenStack-dev mailing list
>>>> OpenStack-dev at lists.openstack.org
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>>
>>>>
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Kevin Benton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140826/7951313e/attachment.html>


More information about the OpenStack-dev mailing list