[Openstack-operators] Outbound and inbound external access for projects
Adam Huffman
adam.huffman at gmail.com
Wed Jul 15 15:24:02 UTC 2015
Hello
We're at the stage of working out how to integrate our Icehouse system
with the external network, using Neutron.
We have a limited set of public IPs available for inbound access, and
we'd also like to make outbound access optional, in case some projects
want to be completely isolated.
One suggestion is as follows:
- each project is allocated a single /24 VLAN
- within this VLAN, there are 2 subnets
- the first subnet (/25) would be for outbound access, using floating IPs
- the second (/25) subnet would be for inbound access, drawing from
the limited public pool, also with floating IPs
Does that sound sensible/feasible? The Cisco hardware that's providing
the route to the external network has constraints in the numbers of
VLANs it will support, so we prefer this approach to having separate
per-project VLANs for outbound and inbound access.
If there's a different way of achieving this, I'd be interested to
hear that too.
Cheers,
Adam
More information about the OpenStack-operators
mailing list