[Openstack] [Openstack-operators] Reaching VXLAN tenant networks from outside (without floating IPs)

Curtis serverascode at gmail.com
Thu Jun 30 16:25:29 UTC 2016


On Wed, Jun 29, 2016 at 1:17 PM, Gustavo Randich
<gustavo.randich at gmail.com> wrote:
> Hi operators...
>
> Transitioning from nova-network to Neutron (Mitaka), one of the key issues
> we are facing is how to reach VMs in VXLAN tenant networks without using
> precious floating IPs.
>
> Things that are outside Neutron in our case are:
>
> - in-house made application orchestrator: needs SSH access to instances to
> perform various tasks (start / shutdown apps, configure filesystems, etc.)
>
> - various centralized and external monitoring/metrics pollers: need SNMP /
> SSH access to gather status and trends
>
> - internal customers: need SSH access to instance from non-openstack VPN
> service
>
> - ideally, non-VXLAN aware traffic balancer appliances
>
>
>
> We have considered these approaches:
>
> - putting some of the external components inside a Network Node: inviable
> because components need access to multiple Neutron deployments
>
>
> - Neutron's VPNaaS: cannot figure how to configure a client-to-site VPN
> topology
>
> - integrate hardware switches capable of VXLAN VTEP: for us in this stage,
> it is complex and expensive
>
>
> - other?

Hi,

Another way would be to setup a non-VXLAN network and have all the
instances you need to manage have a second interface on that network.
You'd have to do the extra work of ensuring those interfaces are
configured, but if you are using some sort of provisioning system it
shouldn't be too much extra work.

Thanks,
Curtis.

>
>
> Thank you in advance,
> Gustavo
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>



-- 
Blog: serverascode.com




More information about the Openstack mailing list