[openstack-dev] [neutron]

Brian Haley haleyb.dev at gmail.com
Thu Jan 24 18:38:15 UTC 2019


On 1/23/19 4:20 PM, Sean Mooney wrote:
> On Wed, 2019-01-23 at 15:46 -0500, Brian Haley wrote:
>> On 1/22/19 1:56 PM, Farhad Sunavala wrote:
>>> Hi,
>>>
>>>
>>> I am open to suggestions.
>>> We have a need to switch traffic from our project to other projects
>>> without first getting out
>>> on the internet, floating IPs, etc.
>>>
>>> The other projects will be sharing their networks with our project.
>>> As shown in figure below, the orange network belongs to our project
>>> (10.0.0.0/26)
>>>
>>> The green network (172.31.0.0/24) belongs to another project
>>> and
>>> has an overlapping network with the red tenant (172.31.0.0/16)
>>>
>>> For now, the solution is to create VMs in our project and make sure none
>>> of the interfaces
>>> having overlapping CIDRs.  Thus, there is a VM attached to the 'orange'
>>> and 'red' nets
>>> and another VM attached to the 'orange' and 'green' nets.
>>>
>>> Problem: Too much resources (VMs) will need to be created if we have 100
>>> tenants with overlapping networks.
>>>
>>> Solution:
>>> Is there a way I can minimize VM resource in our project by not
>>> allocating a separate VM
>>> for shared networks with overlapping CIDRs?
>>
>> Have you tried setting allow_overlapping_ips=False in neutron.conf and
>> restarting the server?
> correct me if im wrong but setting allow_overlapping_ips=false would effectivly prevent overlaping CIDRs
> https://docs.openstack.org/neutron/latest/configuration/neutron.html#DEFAULT.allow_overlapping_ips
> 
> you would generally only do that if you were using routed network or didnt want teanat to have overlapping CIDRs
> for there networks.

Right, I thought that's what his picture showed - two tenants with the same private subnet CIDR.

> if we removed the requirement to allowing overlapping cidrs then setting
> allow_overlapping_ips=false and configuring a default subnet pool so that tenant networks automatically got
> issued non over lapping subnets that would work but that is not what the original question was.

Yes, that would be the other (preferred) way, then tenants would only have to ask for a CIDR from the pool.

-Brian



More information about the openstack-discuss mailing list