[Neutron] How to change the MAC address of Gateway interface of the router
Rahul Sharma
rsharma1818 at outlook.com
Wed May 20 13:32:57 UTC 2020
Thanks Sean.. Will definitely try this
________________________________
From: Sean Mooney <smooney at redhat.com>
Sent: Monday, May 18, 2020 4:55 AM
To: Rahul Sharma <rsharma1818 at outlook.com>; openstack-discuss at lists.openstack.org <openstack-discuss at lists.openstack.org>
Subject: Re: [Neutron] How to change the MAC address of Gateway interface of the router
On Sat, 2020-05-16 at 17:05 +0000, Rahul Sharma wrote:
> Hi,
>
> I have setup a multi-host openstack cloud on AWS consisting of 3 servers i.e. Controller, Compute & Network
>
> Everything is working as expected. My requirement is that the compute instances should be able to communicate with the
> internet and vice-versa.
>
> However, AWS due to its security policies will drop all traffic that is sourced from the VMs because the VM traffic
> will have the MAC address of the gateway interface of the router when it hits the AWS switch. This MAC address is not
> know to AWS hence it drops this traffic. AWS will allow only that traffic that contains the registered MAC address as
> its source address
>
> So I need to change the MAC address of the gateway interface of the L3 router on the network node. I tried googling
> but could not find any solution.
>
> Is there any solution/command to do this ?
you might be able to do a neutorn port update to update the neutron port mac of the router
your other options is to not add an interface directly to br-ex and instead assign the wan netwroks
gateway ip to the br-ex directly and nat the traffic
https://www.rdoproject.org/networking/networking-in-too-much-detail/#nat-to-host-addres
>
> Thanks,
> Kaushik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20200520/34d6e603/attachment.html>
More information about the openstack-discuss
mailing list