[Openstack] [RFC] Routed private networks per tenant
Diego Woitasen
diego at woitasen.com.ar
Thu Apr 3 20:02:11 UTC 2014
Hi,
I need another opinion about what I am doing. I'm setting up
OpenStack using Neutron (1 controller node, 1 network node, N computes
nodes). In my setup every tenant have its own private network using
VLANs (OpenVSwitch). I only need one router because I want only to
isolate the projects, but they don't need to do any management or a
special requirement to have one router per each one. I don't need
floating IPs, NAT. Every tenant network is routed in the corporate
network.
So basically my config was:
neutron net-create corp -- --router:external=True
neutron subnet-create corp --gateway=10.210.150.254
--enable_dhcp=False --allocation-pool
start=10.210.150.11,end=10.210.150.11 10.210.150.0/23 # Only one IP in
the pool, the IP used to reach the tenant subnets.
neutron router-create corpnet-router
neutron router-gateway-set $ROUTER_ID $EXT_SUBNET_ID
And for every tenant:
neutron net-create --tenant-id $TENANT_ID
--provider:physical_network=physnet1 --provider:network_type=vlan
--provider:segmentation_id=$VLAN_ID tenantX-net
neutron subnet-create --tenant-id $TENANT_ID tenantX-net
10.210.99.240/28 --gateway 10.210.99.241
neutron router-interface-add $ROUTER_ID $TENANT_SUBNET_ID
This creates one router using namespaces, but I'not sure if that's the
best option. If my setup is simple, may be I don't need namespaces and
all the VLANs and routing could be managed in the controller node
directly.
I would like to hear another opinions about this setup, if it ok, if
there is something better.
Regards,
Diego
--
Diego Woitasen
- Linux and Open Source solutions architect
- DevOps Engineer, Infrastructure developer
http://www.woitasen.com.ar
More information about the Openstack
mailing list