Open Stack

Hi Akshay,

You won't get an ARP reply at your physical router unless it's on the same
network as your VM, which it isn't if it's behind a neutron router.

It sounds like you still need to add a route on your physical router to
push all tenant network traffic down to the external interface of your
neutron router.  You should then be able to access your instances from your
physical router as allowed by the instance security group rules.

On Tue, Jan 19, 2016 at 3:35 PM Akshay Kumar Sanghai <
akshaykumarsanghai at gmail.com> wrote:

> Hi Aaron,
> The physical router is not getting a arp reply for the vm from neutron
> router when snat is disabled. When floating ip is used, the router creates
> one more interface on its qg- interface for that floating ip associated
> with the vm and when arp request is broadcasted, the neutron router does a
> proxy arp.
> How did you solve the proxy arp reply problem when you implemented the
> snat disabled router and without assigning a floating ip?
>
> Thanks,
> Akshay
>
> On Tue, Jan 19, 2016 at 10:26 PM, Aaron Segura <aaron.segura at gmail.com>
> wrote:
>
>> It's possible.  We do it all the time.
>>
>> However, without proper routing, Kevin and Joseph are correct.  The VM
>> will never receive replies to outbound packets because the upstream devices
>> don't know where to send them.
>>
>> I also forgot to mention - The edge device also needs to NAT the fixed IP
>> of the VM to a public IP if you intend for your VMs to access the
>> Internet.  We use a global PAT rule to catch any VMs without a floating IP
>> and allow them egress on a shared public IP.
>>
>> On Tue, Jan 19, 2016 at 10:09 AM Akshay Kumar Sanghai <
>> akshaykumarsanghai at gmail.com> wrote:
>>
>>> Hi Aaron,Mike,Kevin,Joseph,
>>> Thanks for your inputs.
>>> But I am still confused as Aaron and Mike are suggesting that it is
>>> possible and Joseph and Kevin are suggesting its not possible.
>>> I tried to ping from the vm in openstack to outside of the cloud with
>>> only fixed ip assigned, but ping failed. When i assigned the floating ip to
>>> that vm, I can ping a system outside of the cloud. So, I am in doubt
>>> whether it is possible or not or there is some configuration issue in my
>>> setup.
>>> Guys, Please help as i can't find a proper documentation regarding this.
>>>
>>> Thanks,
>>> Akshay
>>>
>>> On Tue, Jan 19, 2016 at 8:47 PM, Mike Spreitzer <mspreitz at us.ibm.com>
>>> wrote:
>>>
>>>> Aaron Segura <aaron.segura at gmail.com> wrote on 01/16/2016 12:19:53 PM:
>>>>
>>>> > You shouldn't have to do anything other than disable SNAT and set a
>>>> > route for your tenant network upstream.
>>>
>>> Indeed, I have exercised exactly this.
>>>>
>>>> Regards,
>>>> Mike
>>>>
>>>>
>>>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160119/1b5a7942/attachment.html>