[Openstack-operators] [Neutron] Floating IPs / Router Gateways

Daniel Comnea comnea.dani at gmail.com
Wed Apr 15 12:50:03 UTC 2015


sure but appreciate your response.

Dani

On Wed, Apr 15, 2015 at 1:36 PM, Jacob Godin <jacobgodin at gmail.com> wrote:

> Ah, gotcha. So you're not using overlapping subnets then.
>
> Unfortunately that hack wouldn't work in our environment, but definitely
> something that others might consider using.
>
> On Wed, Apr 15, 2015 at 4:13 AM, Mike Spreitzer <mspreitz at us.ibm.com>
> wrote:
>
>> > From: Daniel Comnea <comnea.dani at gmail.com>
>> > To: Jacob Godin <jacobgodin at gmail.com>
>> > Cc: Mike Spreitzer/Watson/IBM at IBMUS, OpenStack Operators <openstack-
>> > operators at lists.openstack.org>
>> > Date: 04/15/2015 02:34 AM
>> > Subject: Re: [Openstack-operators] [Neutron] Floating IPs / Router
>> Gateways
>> > Sent by: daniel.comnea at gmail.com
>> >
>> > Mike, pls share the solution, some are interested even if is a hack
>> > as long as it gets the job done.
>> >
>>
>> >
>> > On Tue, Apr 14, 2015 at 10:24 PM, Jacob Godin <jacobgodin at gmail.com>
>> wrote:
>> > Hey Mike,
>> >
>> > Would you send along your solution off-list? I'm curious, and I won't
>> judge :)
>> >
>> > On Tue, Apr 14, 2015 at 6:22 PM, Mike Spreitzer <mspreitz at us.ibm.com>
>> wrote:
>> > Jacob Godin <jacobgodin at gmail.com> wrote on 04/14/2015 05:12:48 PM:
>> >
>> > > Absolutely. We're trying to reduce our public IPv4 usage, so having
>> > > one per tenant network (not even including floating IPs) is a drain.
>> >
>> > I am having exactly the same issue.  I am currently solving it with
>> > a different hack that nobody likes, I will not even describe it
>> > here.  But total agreement that the problem is important.
>> >
>> > IPv6 is the ultimate answer, provided there is a reasonably smooth
>> > transition.  I think we will need to support a tenant that is using
>> > both v4 and v6 during his transition.  This will require NAT between
>> > a tenant's v4 and v6.
>> >
>> > Regards,
>> > Mike
>>
>> OK, you asked for it.  What we do is share Neutron routers, and add some
>> iptables rules that prevent communication between the tenants sharing a
>> router.  I told you it was a hack.
>>
>> Regards,
>> Mike
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150415/94f5d3df/attachment.html>


More information about the OpenStack-operators mailing list