Open Stack

Dear list,

I'm trying set up an isolated network for testing clustermanagers like 
keepalived on linux and carp on openbsd. This means there are ips which 
are bound to multiple ports. The main problem is when I try to configure 
new ip-addresses inside the vms and _not_ in neutron, these ips are not 
visible by the other vms. When I try to ping this ips I can see an local 
arp request inside the bridge of the requesting vm but this request does 
not reach the bridge of the destination vm. So my assumption is neutron 
in particular the l2population works only for ip addresses which are 
known by neutron ports. So in case of disabling dhcp I have to configure 
it for the neutron port and inside the vm, right?

My setup is a 4-node openstack environment (one controller, three 
compute nodes), using liberty on centos7 carefully following the 
instructions under http://docs.openstack.org/liberty/install-guide-rdo/.

I'm using self-service networks with one flat provider-network for
external communication. I use VXLAN for overlay-networks. As mechanism 
drivers I use linuxbridge and l2population.

The isolated network and the vms are initiated by heat templates. I 
disabled port security for each neutron port by setting 
'port_security_enabled: false' inside the heat template.

So what can I do, that a neutron isolated network behaves like a 
standard linuxbridge or especially a hardware switch, where no port 
security is configured and which forwards all kind of arp traffic?

Thanks in advance,

Joerg