Hi Akshay, You won't get an ARP reply at your physical router unless it's on the same network as your VM, which it isn't if it's behind a neutron router.
It sounds like you still need to add a route on your physical router to push all tenant network traffic down to the external interface of your neutron router. You should then be able to access your instances from your physical router as allowed by the instance security group rules. On Tue, Jan 19, 2016 at 3:35 PM Akshay Kumar Sanghai < akshaykumarsang...@gmail.com> wrote: > Hi Aaron, > The physical router is not getting a arp reply for the vm from neutron > router when snat is disabled. When floating ip is used, the router creates > one more interface on its qg- interface for that floating ip associated > with the vm and when arp request is broadcasted, the neutron router does a > proxy arp. > How did you solve the proxy arp reply problem when you implemented the > snat disabled router and without assigning a floating ip? > > Thanks, > Akshay > > On Tue, Jan 19, 2016 at 10:26 PM, Aaron Segura <aaron.seg...@gmail.com> > wrote: > >> It's possible. We do it all the time. >> >> However, without proper routing, Kevin and Joseph are correct. The VM >> will never receive replies to outbound packets because the upstream devices >> don't know where to send them. >> >> I also forgot to mention - The edge device also needs to NAT the fixed IP >> of the VM to a public IP if you intend for your VMs to access the >> Internet. We use a global PAT rule to catch any VMs without a floating IP >> and allow them egress on a shared public IP. >> >> On Tue, Jan 19, 2016 at 10:09 AM Akshay Kumar Sanghai < >> akshaykumarsang...@gmail.com> wrote: >> >>> Hi Aaron,Mike,Kevin,Joseph, >>> Thanks for your inputs. >>> But I am still confused as Aaron and Mike are suggesting that it is >>> possible and Joseph and Kevin are suggesting its not possible. >>> I tried to ping from the vm in openstack to outside of the cloud with >>> only fixed ip assigned, but ping failed. When i assigned the floating ip to >>> that vm, I can ping a system outside of the cloud. So, I am in doubt >>> whether it is possible or not or there is some configuration issue in my >>> setup. >>> Guys, Please help as i can't find a proper documentation regarding this. >>> >>> Thanks, >>> Akshay >>> >>> On Tue, Jan 19, 2016 at 8:47 PM, Mike Spreitzer <mspre...@us.ibm.com> >>> wrote: >>> >>>> Aaron Segura <aaron.seg...@gmail.com> wrote on 01/16/2016 12:19:53 PM: >>>> >>>> > You shouldn't have to do anything other than disable SNAT and set a >>>> > route for your tenant network upstream. >>> >>> Indeed, I have exercised exactly this. >>>> >>>> Regards, >>>> Mike >>>> >>>> >>>> >
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
