[Openstack-operators] deprecation of allow_duplicate_networks
Mathieu Gagné
mgagne at internap.com
Fri Sep 25 16:00:58 UTC 2015
On 2015-09-25 1:07 AM, Sam Morrison wrote:
> We are in the process of migrating to neutron and have come across this handy config option that is sadly being deprecated. (seems to be a theme of mine this week)
> Does anyone know if this is supported in some other way?
>
> We have limited IP addresses and ideally we’d like to prevent users from taking more than 1 per instance. I’m wondering if this should be a neutron setting and could be set on a per network basis. We’d like to prevent duplicates on our public provider networks but don’t care about the private tenant networks.
>
> Anyone got any ideas or know of anything happening in this space?
The problem with allow_duplicate_networks is that it doesn't really work
as you might think it does. If you have anti-spoofing in place, traffic
coming in on the 2nd port will try to come out using the 1st port and it
just won't work.
You can assign multiple fixed_ips to the same Neutron port. Be advised
that there is a maximum of fixed ips a port can get assigned.
Fortunately, you can control it with the max_fixed_ips_per_port Neutron
config.
Unfortunately, the Horizon dashboard does not support this feature (you
can see the information, you just can't assign more IPs), but the CLI
does by repeating the --fixed-ip argument.
As for limiting the number of IPs per port on a specific network, I
don't think it's possible yet. I would be interested to see it
implemented as well for the same reason as you.
--
Mathieu
More information about the OpenStack-operators
mailing list