[Openstack-operators] Anyone using Project Calico for tenant networking?
Neil Jerram
Neil.Jerram at metaswitch.com
Wed Feb 10 12:06:40 UTC 2016
Hi Ned,
Sorry for the delay in following up here.
On 06/02/16 14:40, Ned Rhudy (BLOOMBERG/ 731 LEX) wrote:
> Thanks. Having read the documentation, I have one question about the
> network design. Basically, our use case specifies that instances be able
> to have a stable IP across terminations; effectively what we'd like to
> do is have a setup where both the fixed and floating IPs are routable
> outside the cluster. Any given instance should get a routable IP when it
> launches, but additionally be able to take a floating IP that would act
> as a stable endpoint for other things to reference.
>
> The Calico docs specify that you can create public/private IPv4 networks
> in Neutron, both with DHCP enabled. Is it possible to accomplish what
> I'm talking about by creating what are two public IPv4 subnets, one with
> DHCP enabled and one with DHCP disabled that would be used as the float
> pool? Or is this not possible?
For the fixed IPs, yes. For the float pool, no, I'm afraid we don't
have that in Calico yet, and I'm not sure if it will take precisely that
form when we do have floating IP support.
There is work in progress on Calico support for floating IPs, and the
code for this can be seen at https://review.openstack.org/#/c/253634/
and https://github.com/projectcalico/calico/pull/848. I can't yet say
when this will land, though.
In terms of how floating IPs are represented in the Neutron data model:
currently they require a relationship between an external Network, a
Router and a tenant Network. The floating IP pool is defined as a
subnet on the external Network; each allocated floating IP maps onto one
of the fixed IPs of the tenant network; and the agent that implements
the Router does the inbound DNAT between those two.
As you've written, floating IPs are interesting for external or provider
networks too, so we'd be interested in an enhancement to the Neutron
model to allow that, and I believe there are other interested parties
too. But that will take time to agree, and it isn't one of my own
priorities at the moment.
Hope that's useful. Best wishes,
Neil
>
> ----- Original Message -----
> From: Neil Jerram <Neil.Jerram at metaswitch.com
> <mailto:Neil.Jerram at metaswitch.com>>
> To: EDMUND RHUDY, openstack-operators at lists.openstack.org
> <mailto:openstack-operators at lists.openstack.org>
> At: 05-Feb-2016 14:11:34
>
> On 05/02/16 19:03, Ned Rhudy (BLOOMBERG/ 731 LEX) wrote:
> > I meant in a general sense of the networking technology that you're
> > using for instance networking, not in the sense of per-tenant networks,
> > though my wording was ambiguous. Part of our larger question centers
> > around the viability of tying instances directly to a provider network.
> > Being that we only operate a private cloud for internal consumption,
> > doing so would have some attractive upsides; tenants clamor for the IP
> > inside their instance to be the same as the floating IP that the outside
> > world sees, but nobody's ever asked us about the ability to roll their
> > own network topology, so we think we could probably do without that.
>
> Cool, IMO that's a good match for what Calico provides.
>
More information about the OpenStack-operators
mailing list