[Openstack] [RFC] Routed private networks per tenant

Diego Woitasen diego at woitasen.com.ar
Thu Apr 3 20:02:11 UTC 2014


Hi,
 I need another opinion about what I am doing. I'm setting up
OpenStack using Neutron (1 controller node, 1 network node, N computes
nodes). In my setup every tenant have its own private network using
VLANs (OpenVSwitch). I only need one router because I want only to
isolate the projects, but they don't need to do any management or a
special requirement to have one router per each one. I don't need
floating IPs, NAT. Every tenant network is routed in the corporate
network.

So basically my config was:

neutron net-create corp -- --router:external=True

neutron subnet-create corp --gateway=10.210.150.254
--enable_dhcp=False --allocation-pool
start=10.210.150.11,end=10.210.150.11 10.210.150.0/23 # Only one IP in
the pool, the IP used to reach the tenant subnets.

neutron router-create corpnet-router

neutron router-gateway-set $ROUTER_ID $EXT_SUBNET_ID

And for every tenant:

neutron net-create --tenant-id $TENANT_ID
--provider:physical_network=physnet1 --provider:network_type=vlan
--provider:segmentation_id=$VLAN_ID tenantX-net

neutron subnet-create --tenant-id $TENANT_ID tenantX-net
10.210.99.240/28 --gateway 10.210.99.241

neutron router-interface-add $ROUTER_ID $TENANT_SUBNET_ID

This creates one router using namespaces, but I'not sure if that's the
best option. If my setup is simple, may be I don't need namespaces and
all the VLANs and routing could be managed in the controller node
directly.

I would like to hear another opinions about this setup, if it ok, if
there is something better.

Regards,
  Diego


-- 
Diego Woitasen
- Linux and Open Source solutions architect
- DevOps Engineer, Infrastructure developer
http://www.woitasen.com.ar




More information about the Openstack mailing list