Open Stack

Hi Matthias,

I think you have a misunderstanding about the option “router:external=true”. It is for connecting VMs to the public network.

A typical Steps to connect VMs to public network is as the following:
(Assuming you understand what is internal/external network with respect to Neutron)


1.         Create an internal network

2.         Create a router

3.         Add a VM to internal network

4.         Add subnet gateway interface on router

5.         Create external network

6.         Add the external network as the router gateway interface

So now you have one VM in an internal network, subnet gateway interface on router and router gateway interface from external network.
By the way, external network can be created by admin only.

Regards,
Ma

From: Backhausen, Matthias [mailto:matthias.backhausen at ts.fujitsu.com]
Sent: Thursday, February 26, 2015 22:31 2015年2月26日 22:31
To: openstack at lists.openstack.org<mailto:openstack at lists.openstack.org> Openstack
Subject: [Openstack] Multitenancy in Neutron Provider Networks

Hallo All,

I have two projects, tenant-a and tenant-b.

When I create provider network for tenant-a with the option “--router:external=false”, tenant-b can’t see nor connect vm to the network, thats what I assume.
However when I create provider network for tenant-a with the option “--router:external=true”, tenant-b is able to set its router-G/W to that network. The –shared option is not set of course.
# neutron net-create --tenant-id 9475929c9b1c492cad5e84bc00c1124d --provider:physical_network=external-1 --provider:network_type=vlan --provider:segmentation_id=10 --router:external=false net10_VM

My understanding is that provider network is dedicated to customer unless the –share option is set. Am I wrong?

Thanks,
Matthias


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20150302/c2967540/attachment.html>