[Openstack-operators] Reaching VXLAN tenant networks from outside (without floating IPs)
Mike Spreitzer
mspreitz at us.ibm.com
Wed Jun 29 22:24:10 UTC 2016
Gustavo Randich <gustavo.randich at gmail.com> wrote on 06/29/2016 03:17:54
PM:
> Hi operators...
>
> Transitioning from nova-network to Neutron (Mitaka), one of the key
> issues we are facing is how to reach VMs in VXLAN tenant networks
> without using precious floating IPs.
>
> Things that are outside Neutron in our case are:
>
> - in-house made application orchestrator: needs SSH access to
> instances to perform various tasks (start / shutdown apps, configure
> filesystems, etc.)
>
> - various centralized and external monitoring/metrics pollers: need
> SNMP / SSH access to gather status and trends
>
> - internal customers: need SSH access to instance from non-openstack
> VPN service
>
> - ideally, non-VXLAN aware traffic balancer appliances
>
> We have considered these approaches:
>
> - putting some of the external components inside a Network Node:
> inviable because components need access to multiple Neutron deployments
>
> - Neutron's VPNaaS: cannot figure how to configure a client-to-site
> VPN topology
>
> - integrate hardware switches capable of VXLAN VTEP: for us in this
> stage, it is complex and expensive
>
> - other?
You know Neutron includes routers that can route between tenant networks
and external networks, right? You could use those, if your tenant
networks use disjoint IP subnets.
Regards,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160629/761298df/attachment.html>
More information about the OpenStack-operators
mailing list