[Openstack] individual floating ips in single vlan

Satish Patel satish.txt at gmail.com
Fri Sep 2 19:18:23 UTC 2016


oh!! This would be very tricky then. In my Network we have multiple VLAN

VLAN 10 - Private Network (Management SSH)

VLAN 20 - Public Network

I have created Router1 and attached Internal VM using
(192.168.100.0/24) subnet.

I have two web servers

web1 - 192.168.100.10
web2 - 192.168.100.20

I have create LBaaS VIP for load-balancing and i want to provide
Public IP access to that VIP so outside world can access web server.

Question:

Currently both web1 & web2 has VLAN 10 floating IP so Operation team
can access using SSH, that is why VLAN 10 connected to Router1 but i
need to attach it to VLAN 20 so i can provide floating IP to LBaaS
VIP.

How should i handle this?



On Fri, Sep 2, 2016 at 2:56 PM, James Denton <james.denton at rackspace.com> wrote:
> Hi Satish,
>
>>>    I want to add those to provider network to my router then show should i add them and who will be the default gateway, I want to make VLAN 20 default External Gateway.
>>>
>>>    I have tried following but it only allow single network:
>>>    neutron router-gateway-set ROUTER1 VLAN10
>>>    Should i add second VLAN 20 using router-interface-add command?
>
> The expectation is that a router should be connected to only a single external (provider) network at a time, but can be connected to multiple internal (tenant) networks. If you utilize the router-interface-add command to attach to the second external network, the interface will not be treated as an external interface and instead would be treated as an internal interface. You then run the risk of the router taking the IP defined as the ‘gateway ip’ for the subnet and causing network issues.**
>
> ** Note: You *can* attach the router to the network by creating a port on the network first, then specifying a port ID rather than a subnet ID when using the router-interface-add command. This interface will still be treated as an internal interface, but would not overlap with the physical gateway IP address. You cannot use the network as a floating IP pool in this case, but you can add static routes to the router which would force traffic out that particular interface. The true internal subnet where the VM is attached would need to be statically routed from the physical gateway device to the router’s IP address you specified when creating the port, since the router will not SNAT traffic on that interface. It’s a wonky configuration that I don’t really recommend you implement unless you absolutely have to.
>
> --
> James Denton
> Network Architect
> Rackspace Private Cloud
> james.denton at rackspace.com
>
>
> On 9/2/16, 1:34 PM, "Satish Patel" <satish.txt at gmail.com> wrote:
>
>     Last question We have two provider external VLAN 10 and VLAN 20
>
>     I want to add those to provider network to my router then show should
>     i add them and who will be the default gateway, I want to make VLAN 20
>     default External Gateway.
>
>     I have tried following but it only allow single network
>
>     neutron router-gateway-set ROUTER1 VLAN10
>
>     Should i add second VLAN 20 using router-interface-add command?
>
>
>
>     On Fri, Sep 2, 2016 at 2:32 PM, Satish Patel <satish.txt at gmail.com> wrote:
>     > Great!! i got your point, I am not using DHCP anywhere except internal
>     > VM network. All provide network created without enabling DHCP on them.
>     >
>     > Thanks again
>     >
>     > On Fri, Sep 2, 2016 at 2:30 PM, James Denton <james.denton at rackspace.com> wrote:
>     >> You typically enable DHCP on networks where you intend to put VMs. Neutron routers don’t rely on DHCP to obtain their IP. If you enable DHCP on the external network, and your intention if only to connect routers to it, those DHCP server(s) Neutron creates will still each consume an IP address, reducing the total number of IPs available for use as floating IPs.
>     >>
>     >> --
>     >> James Denton
>     >> Network Architect
>     >> Rackspace Private Cloud
>     >> james.denton at rackspace.com
>     >>
>     >>
>     >> On 9/2/16, 1:26 PM, "Satish Patel" <satish.txt at gmail.com> wrote:
>     >>
>     >>     Thanks James,
>     >>
>     >>     I didn't understand your following statement.
>     >>
>     >>     "You may want to refrain from enabling DHCP on that subnet as well,
>     >>     otherwise they will each grab an address as well."
>     >>
>     >>     Could you give me example or explain what does that means?
>     >>
>     >>     On Fri, Sep 2, 2016 at 1:53 PM, James Denton <james.denton at rackspace.com> wrote:
>     >>     > Hi Satish,
>     >>     >
>     >>     > You can create multiple non-contiguous allocation pools for the external (floating) network, even as small as a single IP address. Keep in mind that the Neutron router will take an IP address from this pool for its ‘qg’ interface. You may want to refrain from enabling DHCP on that subnet as well, otherwise they will each grab an address as well.
>     >>     >
>     >>     > James
>     >>     >
>     >>     > On 9/2/16, 10:34 AM, "Satish Patel" <satish.txt at gmail.com> wrote:
>     >>     >
>     >>     >     Its very weird requirement, stay with me to explain.
>     >>     >
>     >>     >     We have /24 public IP pool which we are using since long time and we
>     >>     >     cherry picked IP address from that pool so they are not in sequence :(
>     >>     >
>     >>     >     Now we have openstack and i want to give some floating IP to openstack
>     >>     >     but because of non-sequence range how do i give individual IP address
>     >>     >     to floating pool in VLAN?
>     >>     >
>     >>     >     In single VLAN 10 net how do i put individual IP in subnet?
>     >>     >
>     >>     >     _______________________________________________
>     >>     >     Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>     >>     >     Post to     : openstack at lists.openstack.org
>     >>     >     Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>     >>     >
>     >>     >
>     >>     >
>     >>
>     >>
>     >>
>
>
>




More information about the Openstack mailing list