[Openstack-operators] Reaching VXLAN tenant networks from outside (without floating IPs)
Gustavo Randich
gustavo.randich at gmail.com
Thu Jun 30 15:24:47 UTC 2016
Mike, as far as I know those routers allow only outgoing traffic, i.e. VM
can see external networks, but those external networks cannot connect to VM
if it doesn't have a FIP, am I right?
Thanks!
Gustavo
On Wed, Jun 29, 2016 at 7:24 PM, Mike Spreitzer <mspreitz at us.ibm.com> wrote:
> Gustavo Randich <gustavo.randich at gmail.com> wrote on 06/29/2016 03:17:54
> PM:
>
> > Hi operators...
> >
> > Transitioning from nova-network to Neutron (Mitaka), one of the key
> > issues we are facing is how to reach VMs in VXLAN tenant networks
> > without using precious floating IPs.
> >
> > Things that are outside Neutron in our case are:
> >
> > - in-house made application orchestrator: needs SSH access to
> > instances to perform various tasks (start / shutdown apps, configure
> > filesystems, etc.)
> >
> > - various centralized and external monitoring/metrics pollers: need
> > SNMP / SSH access to gather status and trends
> >
> > - internal customers: need SSH access to instance from non-openstack
> > VPN service
> >
> > - ideally, non-VXLAN aware traffic balancer appliances
> >
> > We have considered these approaches:
> >
> > - putting some of the external components inside a Network Node:
> > inviable because components need access to multiple Neutron deployments
> >
> > - Neutron's VPNaaS: cannot figure how to configure a client-to-site
> > VPN topology
> >
> > - integrate hardware switches capable of VXLAN VTEP: for us in this
> > stage, it is complex and expensive
> >
> > - other?
>
> You know Neutron includes routers that can route between tenant networks
> and external networks, right? You could use those, if your tenant networks
> use disjoint IP subnets.
>
> Regards,
> Mike
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20160630/41554720/attachment.html>
More information about the OpenStack-operators
mailing list