[Openstack-operators] [neutron] Routing to tenant networks

Dan Sneddon dsneddon at redhat.com
Tue Jan 12 18:32:34 UTC 2016

On 01/12/2016 09:42 AM, Matt Kassawara wrote:
> Sure, you can use 'neutron router-gateway-set --disable-snat
> <publicnetwork>' to disable NAT... just add routes where necessary.
> Seems like implementation of RFC 6598 would occur outside of neutron...
> maybe on the service provider network between clouds? Perhaps someone
> from a service provider can provide more information.
> On Tue, Jan 12, 2016 at 9:46 AM, Mike Spreitzer <mspreitz at us.ibm.com
> <mailto:mspreitz at us.ibm.com>> wrote:
>     Is there any condition under which a Neutron router will route
>     packets from a provider network to a tenant network with
>     destination address unmolested? E.g., non-RFC1918 addresses on the
>     tenant network?  Does Neutron know anything about RFC6598?
>     Thanks,
>     Mike
>     _______________________________________________
>     OpenStack-operators mailing list
>     OpenStack-operators at lists.openstack.org
>     <mailto:OpenStack-operators at lists.openstack.org>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

I can confirm that OpenStack doesn't have Carrier Grade NAT (CGN), but
this RFC simply sets aside a set of addresses which can be used for CGN
(, and lays out some required and best practices for
running a CGN network.

I don't see any reason why these addresses couldn't be used. In fact,
giving RFC 6598 a readthrough it appears that Neutron NAT would fulfill
the requirements of this RFC, as long as were only used
for Tenant networks and not floating IP addresses.

That said, we already have 192.168.X.X, 172.X.X.X, and 10.X.X.X
addresses. If a customer were already using all of these throughout
their network, then I could see using in order to have
unique addresses within the OpenStack deployment.

Dan Sneddon         |  Principal OpenStack Engineer
dsneddon at redhat.com |  redhat.com/openstack
650.254.4025        |  dsneddon:irc   @dxs:twitter

More information about the OpenStack-operators mailing list