For assigning a routable public IP to a VM, James and Kevin have described
using an external network, but I think there might be a second possibility.
Namely, a shared, non-external network, with a subnet with the routable IP
range that you want to assign from, and connected via a Neutron router to the
outside world.
Would that also work? Would the L3 agent in that case avoid doing an
unnecessary NAT?
Thanks,
Neil
PS. Adam - you might also like to check out my L3-only networking spec at
https://review.openstack.org/#/c/238895/, as it describes IP addressing like
what you describe, and might align more generally with what you have in mind.
From: Kevin Benton
Sent: Sunday, 25 October 2015 06:34
To: James Denton
Cc: OpenStack Operators
Subject: Re: [Openstack-operators] [Neutron] public and private fixed IPs
Yes, as long as the network is marked as both 'shared' and external, a tenant
can attach VMs and router gateway interfaces directly to it.
On Oct 25, 2015 2:47 PM, "James Denton"
<[email protected]<mailto:[email protected]>> wrote:
Hi Adam,
If you're asking whether or not a VM can be attached to an 'external' network
so that the 'public' ip is the fixed IP of them VM, then yes. A Neutron router
can also be attached to the same network so that instances in non-routable
tenant networks can obtain floating IPs from the same 'public' network. At one
time non-admin users were not allowed to attach VMs to 'external' networks but
I believe that restriction was removed around Kilo or so.
James
Sent from my iPhone
> On Oct 25, 2015, at 2:15 PM, Adam Lawson
> <[email protected]<mailto:[email protected]>> wrote:
>
> Hi everyone!
>
> When using KVM, does Neutron support binding a public routable address
> to one VM in one tenant as a fixed IP that is accessible outside the
> cloud (no floating IP for remote access) and a VM in a separate tenant
> with private fixed IP's with optional floating IP? Would this be
> possible on a per tenant or per region basis?
>
> I'm working on a cloud approach that allows either scenario.
>
> Long story short, I'm trying to support two options in the same cloud
> (if possible) so a department/tenant can deploy instances with public
> IP's that are directly accessible by the rest of the enterprise (no
> NAT) and a second department/tenant that deploys all of their VM's
> within the context of a private/isolated tenant network with optional
> floating IP's.
>
> Thoughts on how this would be handled? Is it as simple as assigning a
> public subnet to a tenant as the fixed/tenant network?
>
> //adam
>
> --
>
> *Adam Lawson*
>
> AQORN, Inc.
> 427 North Tatnall Street
> Ste. 58461
> Wilmington, Delaware 19801-2230
> Toll-free: (844) 4-AQORN-NOW ext. 101
> International: +1 302-387-4660<tel:%2B1%20302-387-4660>
> Direct: +1 916-246-2072<tel:%2B1%20916-246-2072>
>
> _______________________________________________
> OpenStack-operators mailing list
> [email protected]<mailto:[email protected]>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________
OpenStack-operators mailing list
[email protected]<mailto:[email protected]>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________
OpenStack-operators mailing list
[email protected]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
