[Openstack] [Open stack-operators] nova-network NAT question

Igor Laskovy igor.laskovy at gmail.com
Tue Sep 4 13:49:28 UTC 2012


And /etc/networking please.

Igor Laskovy
facebook.com/igor.laskovy
Kiev, Ukraine
On Sep 4, 2012 4:34 PM, "Igor Laskovy" <igor.laskovy at gmail.com> wrote:

> How you did network for this example?
> And show your nova.conf
>
> Igor Laskovy
> facebook.com/igor.laskovy
> Kiev, Ukraine
> On Sep 4, 2012 3:44 PM, "Sergio Ariel de la Campa Saiz" <sacampa at gmv.com>
> wrote:
>
>>
>>
>> Hi:
>>
>>
>>
>> I don´t want to use NAT in order to keep track of connectivity, I want to
>> be clear about  the source IP of every connection in my environment.
>>
>>
>>
>> Igor, sorry if I didn´t explain well my point, sorry L
>>
>>
>>
>> I´m gonna try to explain it again.
>>
>>
>>
>> This is part of the output of the command ip addr in one of my nodes
>> (remember that nodes are physical servers that have installed nova-compute,
>> nova-network and nova-api):
>>
>>
>>
>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
>> qlen 1000
>>
>>     inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0
>>
>>
>>
>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
>> qlen 1000
>>
>>
>>
>> 4: vlan2 at eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>> state UP
>>
>>     inet 192.168.2.2/24 brd 192.168.2.255 scope global vlan2
>>
>>
>>
>> 7: vlan10 at eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>> master br10 state UP
>>
>>
>>
>> 8: br10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
>>
>>     inet 192.168.10.6/24 brd 192.168.10.255 scope global br10
>>
>>
>>
>> 26: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>> master br10 state UNKNOWN qlen 500
>>
>>
>>
>> Facts:
>>
>> -         vnet1 is the representation of the vNIC of the virtual machine
>> (there is only one virtual machine).
>>
>> -         The virtual machine has IP 192.168.10.8 (this IP was assigned
>> automatically by nova-network when I created the virtual machine).
>>
>> -         The virtual machine belongs to vlan10 (192.168.10.0/24).
>>
>> -         The gateway of the virtual machine is 192.168.10.6 (IP of
>> br10). It was assigned automatically by nova-network when I created the
>> virtual machine.
>>
>> -         eth1 has configured vlan2 at eth1(manually by me)  and its IP is
>> 192.168.2.2, *this vlan do not belong to the OpenStack cloud environment*,
>> this vlan is foreign to OpenStack
>>
>> -         ip_forward is set to 1 in the node
>>
>>
>>
>> What happens when I make ping to IP 192.168.100.34 from my virtual
>> machine?
>>
>> -         My virtual machine has IP 192.168.10.8, so the gateway is
>> required to get 192.168.100.34
>>
>> -         The gateway of the virtual machine is 192.168.10.6 (br10)
>>
>> -         Packets go from virtual machine to 192.168.10.6 (br10). This
>> interface is in eth1.
>>
>> -         Physical server (node) gets the packets from br10 and try to
>> resend them (ip_forward = 1). For this purpose, it uses its own default
>> gateway.
>>
>> -         The default gateway defined in the node is accessed by
>> vlan2 at eth1
>>
>> -         So, the way to get 192.168.2.34 is:  virtual machine  -> br10
>> (192.168.10.8, gateway of virtual machine) -> vlan2 at eth1 -> default
>> gateway of the node
>>
>> -         To get back is required that external routers have configured
>> correctly.
>>
>>
>>
>> Regards….
>>
>>
>>
>>
>>
>> [image: Descripción: Descripción: C:\Users\ssac\Documents\Firma
>> Digital\linea.gif]
>>
>> [image: Descripción: Descripción: C:\Users\ssac\Documents\Firma
>> Digital\logo_gmv.gif]
>>
>> *Sergio Ariel de la Campa Saiz
>> *Ingeniero de Infraestructuras /
>>
>> Infrastucture Engineer /
>>
>> GMV
>> Isaac Newton, 11
>> P.T.M. Tres Cantos
>> E-28760 Madrid
>> Tel. +34 91 807 21 00
>> Fax +34 91 807 21 99
>> www.gmv.com <http://www.innovation2011.es/index.php?id=86>
>>
>> [image: Descripción: Descripción: C:\Users\ssac\Documents\Firma
>> Digital\icon_blog.gif] <http://www.gmv.com/b2_gmv>
>>
>>
>>
>> [image: Descripción: Descripción: C:\Users\ssac\Documents\Firma
>> Digital\icon_facebook.gif] <http://www.facebook.com/infoGMV>
>>
>>
>>
>> [image: Descripción: Descripción: C:\Users\ssac\Documents\Firma
>> Digital\icon_twitter.gif] <http://www.twitter.com/infoGMV_es>
>>
>>
>>
>> [image: Descripción: Descripción: C:\Users\ssac\Documents\Firma
>> Digital\icon_youtube.gif] <http://www.youtube.com/infoGMV>
>>
>>
>>  <http://www.innovation2011.es/index.php?id=86>
>>
>>
>>
>>
>>
>> *De:* Andabas [mailto:andi.abes at gmail.com]
>> *Enviado el:* sábado, 01 de septiembre de 2012 0:09
>> *Para:* Igor Laskovy
>> *CC:* Sergio Ariel de la Campa Saiz;
>> openstack-operators at lists.openstack.org; openstack at lists.launchpad.net
>> *Asunto:* Re: [Openstack-operators] nova-network NAT question
>>
>>
>>
>> Nova assumes that the cloud operator will want to separate the VMs from
>> the physical infrastructure.... So the address range on the physical nodes
>> and VM are 'Foreign' to each other. For VMs to be able to communicate with
>> the outside world in this environment, snat is required.
>>
>> There's no real way in Essex to disable that.
>>
>>
>>
>> Why do you want to avoid NAT?
>>
>> On Aug 31, 2012, at 2:37, Igor Laskovy <igor.laskovy at gmail.com> wrote:
>>
>>  Hey.
>>
>> Well, what the type of network manager used?
>> For example with FlatManager virtual nic can only put in the according
>> bridge on the node and that's it. Anything you should do manually.
>>
>> Igor Laskovy
>> facebook.com/igor.laskovy
>> Kiev, Ukraine
>>
>> On Aug 30, 2012 2:24 PM, "Sergio Ariel de la Campa Saiz" <sacampa at gmv.com>
>> wrote:
>>
>> Hi:
>>
>>
>>
>> I have a doubt about nova-network and NAT:
>>
>> UVirtual machines (that only have privates IPs and no floating IP) always
>> use NAT to communicate with machines out of OpenStack cloud?
>>
>>
>>
>> Regards…
>>
>>
>>
>> <image008.png>
>>
>> <image003.gif>
>>
>> *Sergio Ariel de la Campa Saiz
>> *Ingeniero de Infraestructuras /
>>
>> Infrastucture Engineer /
>>
>> GMV
>> Isaac Newton, 11
>> P.T.M. Tres Cantos
>> E-28760 Madrid
>> Tel. +34 91 807 21 00
>> Fax +34 91 807 21 99
>> www.gmv.com <http://www.innovation2011.es/index.php?id=86>
>>
>> <image004.gif> <http://www.gmv.com/b2_gmv>
>>
>>
>>
>> <image005.gif> <http://www.facebook.com/infoGMV>
>>
>>
>>
>> <image006.gif> <http://www.twitter.com/infoGMV_es>
>>
>>
>>
>> <image007.gif> <http://www.youtube.com/infoGMV>
>>
>>
>>  <http://www.innovation2011.es/index.php?id=86>
>>
>>
>>
>>
>>
>>
>> P Please consider the environment before printing this e-mail.
>>  ------------------------------
>>
>> This message including any attachments may contain confidential
>> information, according to our Information Security Management System, and
>> intended solely for a specific individual to whom they are addressed. Any
>> unauthorised copy, disclosure or distribution of this message is strictly
>> forbidden. If you have received this transmission in error, please notify
>> the sender immediately and delete it.
>>  ------------------------------
>>
>> Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
>> contener información clasificada por su emisor como confidencial en el
>> marco de su Sistema de Gestión de Seguridad de la Información siendo para
>> uso exclusivo del destinatario, quedando prohibida su divulgación copia o
>> distribución a terceros sin la autorización expresa del remitente. Si Vd.
>> ha recibido este mensaje erróneamente, se ruega lo notifique al remitente y
>> proceda a su borrado. Gracias por su colaboración.
>>  ------------------------------
>>
>> Esta mensagem, incluindo qualquer ficheiro anexo, pode conter informação
>> confidencial, de acordo com nosso Sistema de Gestão de Segurança da
>> Informação, sendo para uso exclusivo do destinatário e estando proibida a
>> sua divulgação, cópia ou distribuição a terceiros sem autorização expressa
>> do remetente da mesma. Se recebeu esta mensagem por engano, por favor avise
>> de imediato o remetente e apague-a. Obrigado pela sua colaboração.
>>  ------------------------------
>>
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>  _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
>> P Please consider the environment before printing this e-mail.
>>
>> **
>> ------------------------------
>> This message including any attachments may contain confidential
>> information, according to our Information Security Management System, and
>> intended solely for a specific individual to whom they are addressed. Any
>> unauthorised copy, disclosure or distribution of this message is strictly
>> forbidden. If you have received this transmission in error, please notify
>> the sender immediately and delete it. **
>> ------------------------------
>> Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
>> contener información clasificada por su emisor como confidencial en el
>> marco de su Sistema de Gestión de Seguridad de la Información siendo para
>> uso exclusivo del destinatario, quedando prohibida su divulgación copia o
>> distribución a terceros sin la autorización expresa del remitente. Si Vd.
>> ha recibido este mensaje erróneamente, se ruega lo notifique al remitente y
>> proceda a su borrado. Gracias por su colaboración.**** **
>> ------------------------------
>> Esta mensagem, incluindo qualquer ficheiro anexo, pode conter informa�ão
>> confidencial, de acordo com nosso Sistema de Gestão de Segurança da
>> Informa�ão, sendo para uso exclusivo do destinatário e estando proibida a
>> sua divulga�ão, cópia ou distribui�ão a terceiros sem autoriza�ão expressa
>> do remetente da mesma. Se recebeu esta mensagem por engano, por favor avise
>> de imediato o remetente e apague-a. Obrigado pela sua colabora�ão. ****
>> ------------------------------
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120904/f6eb47f8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image005.gif
Type: image/gif
Size: 1309 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120904/f6eb47f8/attachment.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.gif
Type: image/gif
Size: 5711 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120904/f6eb47f8/attachment-0001.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.gif
Type: image/gif
Size: 1306 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120904/f6eb47f8/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image008.png
Type: image/png
Size: 222 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120904/f6eb47f8/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image006.gif
Type: image/gif
Size: 1279 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120904/f6eb47f8/attachment-0003.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image007.gif
Type: image/gif
Size: 1323 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120904/f6eb47f8/attachment-0004.gif>


More information about the Openstack mailing list