[Openstack-operators] DVR and public IP consumption

Carl Baldwin carl at ecbaldwin.net
Tue Feb 2 00:46:52 UTC 2016

On Fri, Jan 29, 2016 at 2:21 AM, Robert Starmer <robert at kumul.us> wrote:
> I don't think there's anything wrong with your suggestion, as I can't find a
> path where the extra address is actually used (it doesn't get used in any
> NAT mapping, so it is really vestigial). The question now is, will anyone in
> the community be interested in extending the DVR code in this fashion
> (interested in writing a spec?).

You're right, the IP in the fip namespace doesn't ever get written in
to any packets or used as an arp destination.  It is currently
meaningless.  That will change with BGP's capability to routed DVR
traffic in Mitaka because that IP will be used as a next hop.
However, it still doesn't need to be a public IP.  The routed networks
work that I'm doing in Newton will allow us to eventually make these
private IPs instead of public so that public IPs are not wasted.

I've given these things a lot of thought but haven't had time to
pursue any such thoughts yet except to implement routed networks as
groundwork.  Here are a few old links [1][2] but they are really out
of date.  I need to write another spec following the first routed
networks spec explaining how these things will work.

Here is an etherpad [3] that I put together a couple of years ago
trying to compare different approaches to getting rid of centralized
SNAT too.  We just never got any traction on any of these approaches.
Also, without the routed networks work in Newton, many of them are
difficult to accomplish.

Let me know if anything resonates with you.  We might be in a better
position to do some of this work when routed networks is under way.
For example, one thing that routed networks may allow is using private
IPs for the router's address.  I think that was in one of the above
blueprints somewhere.  Let me go write a new spec and post it.  I'll
update this thread when I've got it up.


[1] https://review.openstack.org/#/c/174657/2/specs/liberty/eliminate-dvr-fip-ns.rst
[2] https://review.openstack.org/#/c/175517/1/specs/liberty/no-router-ip.rst
[3] https://etherpad.openstack.org/p/decentralized-snat

More information about the OpenStack-operators mailing list