[neutron][ovn] Need VM accessible on Internet, and able to access DC resources
Chris DiLorenzo
cdilorenzo at gmail.com
Wed Apr 13 15:56:53 UTC 2022
To Internet
To Data Center Resources (10.x)
-
-/
-
-/
/
-/
/
-/
/
-/
-/
-/
/
-/
/
Public Provider Network / Private
Provider Network /
+------------------------+
+-------------------------+
| | |
|
| | |
|
| Router #1 |--------------|
Router #2 |
| SNAT Enabled | .2|
SNAT Enabled |
| | |
|
| | |
|
+------------------------+
+-------------------------+
| 192.168.1.1
|
|
|
|
|
|
|
|
| 192.168.1.10 (FIP: Public IP)
+---------|-------------+
| |
| |
| |
| VM |
| |
| |
+-----------------------+
I am running Openstack Xena with OVN and distributed FIP enabled. We
are trying to come up with a way to make a VM accessible from the
Internet and still have it able to access internal Data Center
services. Our thought is to setup a router between the tenant network
and an internet accessible provider network. We'll assign a FIP to
the VM. Then, we create an additional router that connects to the
same tenant network but routes to a provider network that has access
to everything inside the DC.
We would then add a static route on Router #1 like 10.0.0.0/8 nexthop
192.168.1.2. I've tried setting this up in our lab, but it's not
working. I can't ping to anything inside the DC. Should this work?
Any best practice here we should look at?
Thanks
Chris
More information about the openstack-discuss
mailing list