On 01/12/2016 09:42 AM, Matt Kassawara wrote: > Sure, you can use 'neutron router-gateway-set --disable-snat > <publicnetwork>' to disable NAT... just add routes where necessary. > > Seems like implementation of RFC 6598 would occur outside of neutron... > maybe on the service provider network between clouds? Perhaps someone > from a service provider can provide more information. > > On Tue, Jan 12, 2016 at 9:46 AM, Mike Spreitzer <mspre...@us.ibm.com > <mailto:mspre...@us.ibm.com>> wrote: > > Is there any condition under which a Neutron router will route > packets from a provider network to a tenant network with > destination address unmolested? E.g., non-RFC1918 addresses on the > tenant network? Does Neutron know anything about RFC6598? > > Thanks, > Mike > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators@lists.openstack.org > <mailto:OpenStack-operators@lists.openstack.org> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators > > > > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators >
I can confirm that OpenStack doesn't have Carrier Grade NAT (CGN), but this RFC simply sets aside a set of addresses which can be used for CGN (100.64.0.0/10), and lays out some required and best practices for running a CGN network. I don't see any reason why these addresses couldn't be used. In fact, giving RFC 6598 a readthrough it appears that Neutron NAT would fulfill the requirements of this RFC, as long as 100.64.0.0/10 were only used for Tenant networks and not floating IP addresses. That said, we already have 192.168.X.X, 172.X.X.X, and 10.X.X.X addresses. If a customer were already using all of these throughout their network, then I could see using 100.64.0.0/10 in order to have unique addresses within the OpenStack deployment. -- Dan Sneddon | Principal OpenStack Engineer dsned...@redhat.com | redhat.com/openstack 650.254.4025 | dsneddon:irc @dxs:twitter _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
