[Openstack-operators] [neutron] Routing to tenant networks
Dan Sneddon
dsneddon at redhat.com
Tue Jan 12 18:32:34 UTC 2016
On 01/12/2016 09:42 AM, Matt Kassawara wrote:
> Sure, you can use 'neutron router-gateway-set --disable-snat
> <publicnetwork>' to disable NAT... just add routes where necessary.
>
> Seems like implementation of RFC 6598 would occur outside of neutron...
> maybe on the service provider network between clouds? Perhaps someone
> from a service provider can provide more information.
>
> On Tue, Jan 12, 2016 at 9:46 AM, Mike Spreitzer <mspreitz at us.ibm.com
> <mailto:mspreitz at us.ibm.com>> wrote:
>
> Is there any condition under which a Neutron router will route
> packets from a provider network to a tenant network with
> destination address unmolested? E.g., non-RFC1918 addresses on the
> tenant network? Does Neutron know anything about RFC6598?
>
> Thanks,
> Mike
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> <mailto:OpenStack-operators at lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
I can confirm that OpenStack doesn't have Carrier Grade NAT (CGN), but
this RFC simply sets aside a set of addresses which can be used for CGN
(100.64.0.0/10), and lays out some required and best practices for
running a CGN network.
I don't see any reason why these addresses couldn't be used. In fact,
giving RFC 6598 a readthrough it appears that Neutron NAT would fulfill
the requirements of this RFC, as long as 100.64.0.0/10 were only used
for Tenant networks and not floating IP addresses.
That said, we already have 192.168.X.X, 172.X.X.X, and 10.X.X.X
addresses. If a customer were already using all of these throughout
their network, then I could see using 100.64.0.0/10 in order to have
unique addresses within the OpenStack deployment.
--
Dan Sneddon | Principal OpenStack Engineer
dsneddon at redhat.com | redhat.com/openstack
650.254.4025 | dsneddon:irc @dxs:twitter
More information about the OpenStack-operators
mailing list