Open Stack

Hi,

On Sun, Jan 31, 2021 at 10:46:03AM +0200, Ruslanas Gžibovskis wrote:
> Depends on the usage.
> If your instance will be the only one on that dhcp network, then on
> port/server would be better, but if you will need to create more instances
> on such dhcp usecase, then I would go for a network port security.

Exactly. If it is set on the network, it will be default value for all ports
created on that network. See [1].

[1] https://docs.openstack.org/api-ref/network/v2/index.html#port-security

> 
> On Sun, 31 Jan 2021, 05:54 dangerzone ar, <dangerzonen at gmail.com> wrote:
> 
> > Hi Slawek and Ruslans, thanks for the response. In this case the instance
> > is connected to an unknown dhcp network and requests ip from that network
> > to get access to the lan/internet. Thus, there is no known ip
> > range/gw/dns/subnet that configures on the neutron network. From Ruslanas
> > in the email, propose to set subnet as 0.0.0.0/0 and disable port
> > security ( on the instance itself or on the network that should be
> > disabled???).
> >
> > The use case is I have a computer that has been configured as an openstack
> > and with 2 nic ports. An instance created with attached to eth0 and eth1.
> > This is a mobile mini computer that is used for demo purposes...
> > The management openstack is set to network (eth0) 192.168.100.0/24 and
> > the second port eth1 is the one that will be connected to the external dhcp
> > network. For example I bring the computer to customer site A for a demo...
> > and connect eth0 to notebook for local management and then connect eth1 to
> > site A to get ip from dhcp server for my instance to access lan/internet
> > from site A network.
> > I understand if we have the details of IP range/gw/etc that can be defined
> > as a network, but the scenario here....we don't know the network and
> > requesting ip from unknown dhcp network.
> > Hope it gives some ideas... Thanks
> >
> >
> >
> >
> > On Fri, Jan 29, 2021 at 4:07 PM Slawek Kaplonski <skaplons at redhat.com>
> > wrote:
> >
> >> Hi,
> >>
> >> On Fri, Jan 29, 2021 at 12:20:15PM +0800, dangerzone ar wrote:
> >> > Hi, appreciate some advice on how instances in openstack get ip from
> >> > external DHCP server. For example instance is attached to port eth1
> >> > (physical port) and this port is connected to home/office lan port and
> >> > requests dhcp ip. How this can be achieved.
> >> > ***User don't know the dhcp ip range/gw/dns that will be provided by the
> >> > dhcp sever to that instance...instance just attach to eth1 and request
> >> > ip.***
> >> > Similar like our pc/notebook request dhcp ip via wifi or lan port.
> >> > How to establish this in openstack. Please advise and help me.
> >> > Thank you
> >>
> >> You need to disable port security on such instance. Otherwise Neutron will
> >> block traffic from such IP address which is unknown.
> >> Or You need to add this IP address which VM get to the
> >> allowed_address_pairs of
> >> the VM's port.
> >> Also, please keep in mind that You will have different IP associated to
> >> that VM
> >> in the Neutron, and that will be visible in OpenStack API and different
> >> one will
> >> be really used.
> >>
> >> --
> >> Slawek Kaplonski
> >> Principal Software Engineer
> >> Red Hat
> >>
> >

-- 
Slawek Kaplonski
Principal Software Engineer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20210131/4266b527/attachment-0001.sig>