[neutron] Shared tenant network allow duplicate IP's?

Adam Peacock alawson at aqorn.com
Thu Feb 27 03:35:53 UTC 2020 

What I'm referring to here are two separate tenants in the same region -
each with their own unique Layer 2 broadcast domain but sharing the same
subnet definition - with DHCP requiring the use of namespaces and ... the
other element escapes me. But subnets don't necessarily presume Layer 3.
Routing/switching between subnets yes, the use of a subnet definition is
not.

This used to be supported as far back as the Icehouse release, just not
clear when the support for this configuration was changed or removed.

//adam

/a/dam,

*Adam Peacock*

Principal Architect
Office: +1-916-794-5706


On Wed, Feb 26, 2020 at 2:13 PM Jeremy Stanley <fungi at yuggoth.org> wrote:

> On 2020-02-26 13:26:43 -0800 (-0800), Dan Sneddon wrote:
> [...]
> > That has never been supported. It is not feasible to have two VMs on the
> > same network+subnet that have the same IP, even if they are owned by
> > different tenants. That isn't a Neutron limitation, that's a limitation
> of
> > IP-over-Ethernet that applies to all networks.
> >
> > Think of the non-virtualized equivalent, if you had a physical network
> > subnet with two computers using the same IP address there would be a
> > conflict, even if one computer was owned by Alice and the other computer
> > was owned by Bob. There is no way to make that work in a virtualized
> cloud
> > environment unless the two tenants are using different network subnets.
>
> It's probably useful to level-set on terminology, since not all
> these same words are used to mean the same things in different
> contexts. From Neutron's perspective "network" is your OSI layer 2
> broadcast domain, and "subnet" is your OSI layer 3 addressing.
> Obviously to reuse the same layer 3 (IP) addresses on different
> systems you need them to reside on separate layer 2 (Ethernet)
> networks and have independent routing, most likely with some layer 3
> address translation in place if they are ever expected to
> communicate with one another.
>
> As Dan points out, though, this has nothing to do with multi-tenancy
> and everything to do with the fundamentals rules of network
> engineering.
> --
> Jeremy Stanley
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200226/1282ab5f/attachment.html>

More information about the openstack-discuss mailing list