[Openstack-operators] Juno neutron - Tenant Network with multiple routers, how to nat/filter ?

Saverio Proto zioproto at gmail.com
Fri Nov 27 19:28:31 UTC 2015


I have a cloud user that is trying to implement the following topology

ext_net <|R1|>  internal_net  <|R2|>  dbservers_network

- internal_net:
- dbservers_net:

Now according to the documentation:

My user was able to set up the necessary static routes on R1 to reach
the dbservers_network and on R2 to have a default via R1

However, it seems impossible to manipulate Nat rules on R1 and R2.
R1 for example will SNAT traffic only for source IPs into
making impossible for hosts in dbservers_network to access the

To see the configuration, I can as an Operator use iptables commands
into the namespaces on the network node. But what can users do ?

So far, I ended up with the feeling, that is not possible to have two
hop topologies where hosts two hops away from the gateway can make
traffic with the outside Internet. Is this really the case ?

thanks !


More information about the OpenStack-operators mailing list