Open Stack

SNAT is still done on the virtual tenant routers. We need the upstream
routers to route traffic out of the openstack cloud (and back). Isn't
that a typical deployment?

Thanks

On Thu, Oct 15, 2015 at 5:05 PM, Kevin Benton <blak111 at gmail.com> wrote:
> I think the mismatch of expectations between the normal use-case and yours
> is that you have SNAT disabled on the tenant routers so you need upstream
> routes to point back to the tenant routers. Is that correct?
>
> On Thu, Oct 15, 2015 at 3:16 PM, Abhishek Chanda <abhishek.lists at gmail.com>
> wrote:
>>
>> Hi all,
>>
>> We are trying to deploy L3 HA using Kilo. Our model is to have a
>> single public network for floating IPs and that each tenant will have
>> it's own neutron router connected to internal networks. We have a
>> mechanism to use the neutron API to find out which node has the active
>> router. That route is then announced to upstream routers. The br-ex
>> interface on the nodes which does not have the active routers are
>> downed. This works fine for a single tenant, with one router. Now, for
>> a cloud with multiple tenants, each having their own tenant routers,
>> we have seen that often active routers end up on different nodes. That
>> messes up the return path of a packet from outside the cloud. My
>> questions are:
>>
>> 1. Is the deployment model with one public network and multiple tenant
>> routers compatible with L3 HA or does it expect any other model?
>> 2. How are people solving the problem of different nodes hosting the
>> active router? How do we route back to it?
>>
>> If neutron used a single keepalived instance for all the routers, this
>> wouldn't be an issue. Are we missing something?
>>
>> Thanks
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
>
>
> --
> Kevin Benton