Open Stack

All,

We're trying to configure the following scenario - Compute nodes with
multiple physical NICs, each dedicated to a specific function/subnet:

Management/Private: 10.96.32.0/24
Storage: 10.96.48.0/24
External/Floating/DMZ: 10.96.16.0/24

We currently have two Nova Flat DHCP Networks (not using Neutron due to
lack of multi-host support) configured for both Storage and Management, and
are able to get appropriate connectivity in our VMs on each of these
subnets.

However, when we try to assign a floating IP to a VM in the External
subnet, we see problematic routing of packets. Packets reach the VM, the VM
responds, and then the response packets are often routed back out the
Management subnet. The behavior is inconsistent: some VMs can reliably
route packets back out the External NIC/subnet, and everything works; other
VMs consistently respond via the Management subnet; still others seem to
flip-flop between responding over the External and Management subnets.

When packets are sent over the incorrect NIC, our switches drop them, as we
do not allow routing between subnets.

How we ensure that outbound/response packets from a VM are routed over the
NIC that originally received the request packets in the first place?
Connection Tracking *is* specified in our IP Tables rules on the Compute
nodes, as automatically configured by Nova Network.

Any thoughts? Are we trying to configure a scenario not supported by
OpenStack?

Thanks,
--Scott
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140822/a72ef92e/attachment.html>