[openstack-dev] Fwd: [Neutron][DVR]Neutron distributed SNAT

Angus Lees gus at inodes.org
Mon Feb 16 08:29:06 UTC 2015 

Conntrack synchronisation gets us HA on the SNAT node, but that's a long
way from distributed SNAT.

Distributed SNAT (in at least one implementation) needs a way to allocate
unique [IP + ephemeral port ranges] to hypervisors, and then some sort of
layer4 loadbalancer capable of forwarding the ingress traffic to that IP
back to the right hypervisor/guest based on the ephemeral port range.  It's
basically very much like floating IPs, only you're handing out a sub-slice
of a floating-IP to each machine - if you like.

On Mon Feb 16 2015 at 6:12:33 PM Kevin Benton <blak111 at gmail.com> wrote:

> Has there been any work to use conntrack synchronization similar to L3 HA
> in DVR so failover is fast on the SNAT node?
>
> On Sat, Feb 14, 2015 at 1:31 PM, Carl Baldwin <carl at ecbaldwin.net> wrote:
>
>>
>> On Feb 10, 2015 2:36 AM, "Wilence Yao" <wilence.yao at gmail.com> wrote:
>> >
>> >
>> > Hi all,
>> >   After OpenStack Juno, floating ip is handled by dvr, but SNAT is
>> still handled by l3agent on network node. The distributed SNAT is in future
>> plans for DVR. In my opinion, SNAT can move to DVR as well as floating ip.
>> I have searched in blueprint, there is little  about distributed SNAT. Is
>> there any different between distributed floating ip and distributed SNAT?
>>
>> The difference is that a shared snat address is shared among instances on
>> multiple compute nodes.  A floating ip is exclusive to a single instance on
>> one compute node.  I'm interested to hear your ideas for distributing it.
>>
>> Carl
>>
>> __________________________________________________________________________
>> OpenStack Development Mailing List (not for usage questions)
>> Unsubscribe:
>> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
>
>
> --
> Kevin Benton
>  ____________________________________________________________
> ______________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150216/c2753c1d/attachment.html>

More information about the OpenStack-dev mailing list