[Openstack] Public IPs without NAT
Aaron Segura
aaron.segura at gmail.com
Tue Apr 22 23:30:43 UTC 2014
Sorry, my original reply went to OP directly... Pasted below..
--------------------
I am not an expert, but I'll take a stab at it...
Since the openstack environment doesn't have a direct connection to the
"public" network, you would not be able to do anything with that network
inside of Openstack.
You could assign the instances some floating IPs out of the 192.168 network
and then handle public translation at your firewall.
If you *require* public IP addresses directly on your instances, you would
need to have that network VLAN trunked down to your hypervisors, as well.
Hope that helps some. Like I said, I'm no expert.
On Tue, Apr 22, 2014 at 5:27 PM, Matej <matej at tam.si> wrote:
> Hi,
>
> I am using GRE tunneling and OVS and have several instances working
> perfectly. They get private IP addresses (range: 10.0.0.0/24) and get
> routed through my local IP subnet (192.168.22.0/24) out via my HW
> router's 192.168.22.1. This setup works good and I am pretty happy with it.
>
> What bothers me is the case where I need to delegate some of our instances
> a direct public IP address, without the need for any NAT whatsoever.
> Let's declare this public subnet as: 102.203.103.80/29
>
> I have created a new network:
> +---------------------------+--------------------------------------+
> | Field | Value |
> +---------------------------+--------------------------------------+
> | admin_state_up | True |
> | id | 50ad28c9-6a7d-4579-8339-a39f29cc4485 |
> | name | inet |
> | provider:network_type | local |
> | provider:physical_network | |
> | provider:segmentation_id | |
> | router:external | True |
> | shared | False |
> | status | ACTIVE |
> | subnets | 6d27b5fa-191e-473e-9852-cbf47a62188e |
> | tenant_id | a0edd2a531bb41e6b17e0fd644bfd494 |
> +---------------------------+--------------------------------------+
>
> and then assigned a subnet inside:
> +------------------+------------------------------------------------------+
> | Field | Value |
> +------------------+------------------------------------------------------+
> | allocation_pools | {"start": "102.203.103.84", "end": "102.203.103.86"} |
> | cidr | 102.203.103.80/29
> |
> | dns_nameservers | 8.8.8.8 |
> | enable_dhcp | False |
> | gateway_ip | |
> | host_routes | |
> | id | 6d27b5fa-191e-473e-9852-cbf47a62188e |
> | ip_version | 4 |
> | name | inet |
> | network_id | 50ad28c9-6a7d-4579-8339-a39f29cc4485 |
> | tenant_id | a0edd2a531bb41e6b17e0fd644bfd494 |
> +------------------+------------------------------------------------------+
>
>
> When I create a new instance (CirrOS) and delegate this newly created
> network to it and then set IP
> 102.203.103.84/29 inside it, I am unable to ping our router's public IP
> address, it doesn't work.
> I have tried to create it as a flat network, but I don't currently have
> physnet interface defined in ovs_neutron_plugin.ini and when I did it, my
> private NAT setup stopped working.
>
> My current ovs_neutron_plugin.ini on controller:
> [ovs]
> tenant_network_type = gre
> tunnel_id_ranges = 1:1000
> enable_tunneling = True
> local_ip = 192.168.22.10
> integration_bridge = br-int
> tunnel_bridge = br-tun
> tunnel_types=gre
>
> [agent]
> polling_interval = 2
>
> [securitygroup]
> firewall_driver =
> neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
>
>
>
> What is the right way to achieve this public IP assignment I would like to
> do? After reading a lot of docs, I still don't have any working solutions
> for it.
>
> Thank you very much for any ideas and help. If you need any other
> information, I will be happy to provide it.
>
> Matej
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack at lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140422/11c434f1/attachment.html>
More information about the Openstack
mailing list