Take a look at the installation guide for Liberty at docs.openstack.org... the architecture supports attaching VMs to public/external and private/project networks.
On Sun, Oct 25, 2015 at 6:39 AM, Neil Jerram <neil.jer...@metaswitch.com> wrote: > For assigning a routable public IP to a VM, James and Kevin have described > using an external network, but I think there might be a second possibility. > Namely, a shared, non-external network, with a subnet with the routable IP > range that you want to assign from, and connected via a Neutron router to > the outside world. > > Would that also work? Would the L3 agent in that case avoid doing an > unnecessary NAT? > > Thanks, > Neil > > PS. Adam - you might also like to check out my L3-only networking spec at > https://review.openstack.org/#/c/238895/, as it describes IP addressing > like what you describe, and might align more generally with what you have > in mind. > > > > *From: *Kevin Benton > *Sent: *Sunday, 25 October 2015 06:34 > *To: *James Denton > *Cc: *OpenStack Operators > *Subject: *Re: [Openstack-operators] [Neutron] public and private fixed > IPs > > Yes, as long as the network is marked as both 'shared' and external, a > tenant can attach VMs and router gateway interfaces directly to it. > On Oct 25, 2015 2:47 PM, "James Denton" <james.den...@rackspace.com> > wrote: > >> Hi Adam, >> >> If you're asking whether or not a VM can be attached to an 'external' >> network so that the 'public' ip is the fixed IP of them VM, then yes. A >> Neutron router can also be attached to the same network so that instances >> in non-routable tenant networks can obtain floating IPs from the same >> 'public' network. At one time non-admin users were not allowed to attach >> VMs to 'external' networks but I believe that restriction was removed >> around Kilo or so. >> >> James >> >> Sent from my iPhone >> >> > On Oct 25, 2015, at 2:15 PM, Adam Lawson <alaw...@aqorn.com> wrote: >> > >> > Hi everyone! >> > >> > When using KVM, does Neutron support binding a public routable address >> > to one VM in one tenant as a fixed IP that is accessible outside the >> > cloud (no floating IP for remote access) and a VM in a separate tenant >> > with private fixed IP's with optional floating IP? Would this be >> > possible on a per tenant or per region basis? >> > >> > I'm working on a cloud approach that allows either scenario. >> > >> > Long story short, I'm trying to support two options in the same cloud >> > (if possible) so a department/tenant can deploy instances with public >> > IP's that are directly accessible by the rest of the enterprise (no >> > NAT) and a second department/tenant that deploys all of their VM's >> > within the context of a private/isolated tenant network with optional >> > floating IP's. >> > >> > Thoughts on how this would be handled? Is it as simple as assigning a >> > public subnet to a tenant as the fixed/tenant network? >> > >> > //adam >> > >> > -- >> > >> > *Adam Lawson* >> > >> > AQORN, Inc. >> > 427 North Tatnall Street >> > Ste. 58461 >> > Wilmington, Delaware 19801-2230 >> > Toll-free: (844) 4-AQORN-NOW ext. 101 >> > International: +1 302-387-4660 >> > Direct: +1 916-246-2072 >> > >> > _______________________________________________ >> > OpenStack-operators mailing list >> > OpenStack-operators@lists.openstack.org >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> >> _______________________________________________ >> OpenStack-operators mailing list >> OpenStack-operators@lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >> > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > >
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
