Guys, I have running a OpenStack environment based on the following guide (+ a few customization):
https://github.com/mseknibilel/OpenStack-Grizzly-Install-Guide/blob/OVS_MultiNode/OpenStack_Grizzly_Install_Guide.rst BUT, in the end of the day, my tenant's IPv4 network topology is weird, from the tenant's point of view. Let me try to explain it. *** After connecting the tenant's router into the External network, by running the following command: "quantum router-gateway-set $put_router_proj_one_id_here $put_id_of_ext_net_here", ...the tenant is finally able to browse the Internet, since its router now have a public IP (+ MASQUERADE NAT rules on its Namespace), allocated from ext_net. I can see that the above command `quantum router-gateway-set', allocates a public IP (from allocation-pool) and it appears as expected within the tenant namespace. Another BUT, the Internet still can't reach the tenant's internal/invalid subnet, so, I think, a `Floating IP' is required... Then, I started a new Instance, to act as somekind of NAT router with a `Floating IP' attached to it. This way, the tenant's web server will be reachable from the Internet... So, here is my question: 1- How can I "move / migrate" the NAT rules from within the so called "NAT Instance", to the tenant's router itself (which resides on its Namespace)? *With FWaaS or something?!* Because the way I'm doing it today, for each tenant, I need to give 2 IPv4 public IPs, which is a waste. I can only allocate 1 IPv4 public IP for each tenant, not 2 (one for its router, another for Floating IP)... Also, I'm seeing more problems with this topology, for example, if I install a Zimbra Instance, which is a Collaboration Suite (LDAP+SMTP+IMAP+etc), the e-mails that come from the Internet, reach the NAT Instance before goingi to Zimbra but, the Zimbra's default gateway *is the tenant's router* (within its Namespace), this means that the reverse DNS entry of each tenant router running Zimbra, must be pointed to its SMTP!! Otherwise, lots of e-mails doesn't get out from the Cloud... :-/ I can imagine that, if a tenant can configure its own router NAT table, which resides within its Namespace, it will not need a `Floating IP', since it already have it "allocated by default" after connecting its router to the External network (router-gateway-set)... Am I missing something?! Thanks! Thiago
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
