[Openstack-operators] [Neutron] public and private fixed IPs

Adam Lawson alawson at aqorn.com
Mon Oct 26 12:19:46 UTC 2015


I'm very very happy to hear this! I have one of my guys giving it a whirl
while I'm here in Japan.

Hope to see some of you soon!

//adam
On Oct 26, 2015 8:48 AM, "Matt Kassawara" <mkassawara at gmail.com> wrote:

> Take a look at the installation guide for Liberty at docs.openstack.org...
> the architecture supports attaching VMs to public/external and
> private/project networks.
>
> On Sun, Oct 25, 2015 at 6:39 AM, Neil Jerram <Neil.Jerram at metaswitch.com>
> wrote:
>
>> For assigning a routable public IP to a VM, James and Kevin have
>> described using an external network, but I think there might be a second
>> possibility. Namely, a shared, non-external network, with a subnet with the
>> routable IP range that you want to assign from, and connected via a Neutron
>> router to the outside world.
>>
>> Would that also work? Would the L3 agent in that case avoid doing an
>> unnecessary NAT?
>>
>> Thanks,
>>       Neil
>>
>> PS. Adam - you might also like to check out my L3-only networking spec at
>> https://review.openstack.org/#/c/238895/, as it describes IP addressing
>> like what you describe, and might align more generally with what you have
>> in mind.
>>
>>
>>>> *From: *Kevin Benton
>> *Sent: *Sunday, 25 October 2015 06:34
>> *To: *James Denton
>> *Cc: *OpenStack Operators
>> *Subject: *Re: [Openstack-operators] [Neutron] public and private fixed
>> IPs
>>
>> Yes, as long as the network is marked as both 'shared' and external, a
>> tenant can attach VMs and router gateway interfaces directly to it.
>> On Oct 25, 2015 2:47 PM, "James Denton" <james.denton at rackspace.com>
>> wrote:
>>
>>> Hi Adam,
>>>
>>> If you're asking whether or not a VM can be attached to an 'external'
>>> network so that the 'public' ip is the fixed IP of them VM, then yes. A
>>> Neutron router can also be attached to the same network so that instances
>>> in non-routable tenant networks can obtain floating IPs from the same
>>> 'public' network. At one time non-admin users were not allowed to attach
>>> VMs to 'external' networks but I believe that restriction was removed
>>> around Kilo or so.
>>>
>>> James
>>>
>>> Sent from my iPhone
>>>
>>> > On Oct 25, 2015, at 2:15 PM, Adam Lawson <alawson at aqorn.com> wrote:
>>> >
>>> > Hi everyone!
>>> >
>>> > When using KVM, does Neutron support binding a public routable address
>>> > to one VM in one tenant as a fixed IP that is accessible outside the
>>> > cloud (no floating IP for remote access) and a VM in a separate tenant
>>> > with private fixed IP's with optional floating IP? Would this be
>>> > possible on a per tenant or per region basis?
>>> >
>>> > I'm working on a cloud approach that allows either scenario.
>>> >
>>> > Long story short, I'm trying to support two options in the same cloud
>>> > (if possible) so a department/tenant can deploy instances with public
>>> > IP's that are directly accessible by the rest of the enterprise (no
>>> > NAT) and a second department/tenant that deploys all of their VM's
>>> > within the context of a private/isolated tenant network with optional
>>> > floating IP's.
>>> >
>>> > Thoughts on how this would be handled? Is it as simple as assigning a
>>> > public subnet to a tenant as the fixed/tenant network?
>>> >
>>> > //adam
>>> >
>>> > --
>>> >
>>> > *Adam Lawson*
>>> >
>>> > AQORN, Inc.
>>> > 427 North Tatnall Street
>>> > Ste. 58461
>>> > Wilmington, Delaware 19801-2230
>>> > Toll-free: (844) 4-AQORN-NOW ext. 101
>>> > International: +1 302-387-4660
>>> > Direct: +1 916-246-2072
>>> >
>>> > _______________________________________________
>>> > OpenStack-operators mailing list
>>> > OpenStack-operators at lists.openstack.org
>>> >
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>
>>> _______________________________________________
>>> OpenStack-operators mailing list
>>> OpenStack-operators at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>>
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20151026/2e54238f/attachment.html>


More information about the OpenStack-operators mailing list