Open Stack

On 05/18/2016 09:51 PM, Rui Mao wrote:
> http://docs.openstack.org/mitaka/install-guide-ubuntu/environment-networking.html#environment-networking
>
> In the guide, the compute node requires a provider network connection,
> and the neutron run in controller node.
>
> But per my understanding, all VMs access the internet via NAT, and the
> nova node has no internet access requirement in production environment.
>
> Anything I missed or misunderstood?

I took a quick look at that diagram.  It may be assuming DVR 
(Distributed Virtual Router) is enabled.

"Before" there would be a neutron private (aka Guest) network running 
between all the computes and the Neutron network nodes.  An instance 
(VM) would access the outside world (Internet, whatnot) by having its 
traffic go across the Guest VLAN to a controller, the virtual router on 
the controller and such would do the NAT, and off the traffic goes on 
the external VLAN.

Today that is called "Central(ized?) Virtual Router or CVR.

Since Liberty (or Kilo if the OpenStack provider backported?) there has 
also been support for Distributed Virtual Router (DVR).  In this mode, 
when a floating IP is associated with a port of the instance, the NAT is 
handled on the compute node.  This allows traffic levels to scale much, 
Much, MUCH better by not having to go through the central Neutron 
network node(s).  (SNAT for ports/instances without floating IPs still 
happens in the Neutron network node).

But it does mean the compute node(s) must also have a connection to the 
external VLAN just like a controller node.

I assume that if you do not enable DVR, you also do not need the 
external provider network to be populated to the compute nodes.

happy benchmarking,

rick jones