[Openstack] [RFC] Routed private networks per tenant

Ageeleshwar Kandavelu Ageeleshwar.Kandavelu at csscorp.com
Fri Apr 4 08:07:25 UTC 2014 

How do you route every tenant network to the corporate network?

________________________________________
From: Diego Woitasen [diego at woitasen.com.ar]
Sent: Friday, April 04, 2014 1:32 AM
To: openstack at lists.openstack.org
Subject: [Openstack] [RFC] Routed private networks per tenant

Hi,
 I need another opinion about what I am doing. I'm setting up
OpenStack using Neutron (1 controller node, 1 network node, N computes
nodes). In my setup every tenant have its own private network using
VLANs (OpenVSwitch). I only need one router because I want only to
isolate the projects, but they don't need to do any management or a
special requirement to have one router per each one. I don't need
floating IPs, NAT. Every tenant network is routed in the corporate
network.

So basically my config was:

neutron net-create corp -- --router:external=True

neutron subnet-create corp --gateway=10.210.150.254
--enable_dhcp=False --allocation-pool
start=10.210.150.11,end=10.210.150.11 10.210.150.0/23 # Only one IP in
the pool, the IP used to reach the tenant subnets.

neutron router-create corpnet-router

neutron router-gateway-set $ROUTER_ID $EXT_SUBNET_ID

And for every tenant:

neutron net-create --tenant-id $TENANT_ID
--provider:physical_network=physnet1 --provider:network_type=vlan
--provider:segmentation_id=$VLAN_ID tenantX-net

neutron subnet-create --tenant-id $TENANT_ID tenantX-net
10.210.99.240/28 --gateway 10.210.99.241

neutron router-interface-add $ROUTER_ID $TENANT_SUBNET_ID

This creates one router using namespaces, but I'not sure if that's the
best option. If my setup is simple, may be I don't need namespaces and
all the VLANs and routing could be managed in the controller node
directly.

I would like to hear another opinions about this setup, if it ok, if
there is something better.

Regards,
  Diego


--
Diego Woitasen
- Linux and Open Source solutions architect
- DevOps Engineer, Infrastructure developer
http://www.woitasen.com.ar

_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
http://www.csscorp.com/common/email-disclaimer.php

More information about the Openstack mailing list