[Openstack-operators] Reaching VXLAN tenant networks from outside (without floating IPs)

Anand Nande anande at redhat.com
Thu Jun 30 15:43:01 UTC 2016


Maybe you can have something like :
https://bugs.launchpad.net/neutron/+bug/1175211

On Thu, Jun 30, 2016 at 8:54 PM, Gustavo Randich
<gustavo.randich at gmail.com> wrote:
> Mike, as far as I know those routers allow only outgoing traffic, i.e. VM
> can see external networks, but those external networks cannot connect to VM
> if it doesn't have a FIP, am I right?
>
> Thanks!
> Gustavo
>
> On Wed, Jun 29, 2016 at 7:24 PM, Mike Spreitzer <mspreitz at us.ibm.com> wrote:
>>
>> Gustavo Randich <gustavo.randich at gmail.com> wrote on 06/29/2016 03:17:54
>> PM:
>>
>> > Hi operators...
>> >
>> > Transitioning from nova-network to Neutron (Mitaka), one of the key
>> > issues we are facing is how to reach VMs in VXLAN tenant networks
>> > without using precious floating IPs.
>> >
>> > Things that are outside Neutron in our case are:
>> >
>> > - in-house made application orchestrator: needs SSH access to
>> > instances to perform various tasks (start / shutdown apps, configure
>> > filesystems, etc.)
>> >
>> > - various centralized and external monitoring/metrics pollers: need
>> > SNMP / SSH access to gather status and trends
>> >
>> > - internal customers: need SSH access to instance from non-openstack
>> > VPN service
>> >
>> > - ideally, non-VXLAN aware traffic balancer appliances
>> >
>> > We have considered these approaches:
>> >
>> > - putting some of the external components inside a Network Node:
>> > inviable because components need access to multiple Neutron deployments
>> >
>> > - Neutron's VPNaaS: cannot figure how to configure a client-to-site
>> > VPN topology
>> >
>> > - integrate hardware switches capable of VXLAN VTEP: for us in this
>> > stage, it is complex and expensive
>> >
>> > - other?
>>
>> You know Neutron includes routers that can route between tenant networks
>> and external networks, right?  You could use those, if your tenant networks
>> use disjoint IP subnets.
>>
>> Regards,
>> Mike
>>
>>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>



-- 
--Anand Nande



More information about the OpenStack-operators mailing list