On 04/03/2014 05:02 PM, Diego Woitasen wrote: > Hi, > I need another opinion about what I am doing. I'm setting up > OpenStack using Neutron (1 controller node, 1 network node, N computes > nodes). In my setup every tenant have its own private network using > VLANs (OpenVSwitch). I only need one router because I want only to > isolate the projects, but they don't need to do any management or a > special requirement to have one router per each one. I don't need > floating IPs, NAT. Every tenant network is routed in the corporate > network. > > So basically my config was: > > neutron net-create corp -- --router:external=True > > neutron subnet-create corp --gateway=10.210.150.254 > --enable_dhcp=False --allocation-pool > start=10.210.150.11,end=10.210.150.11 10.210.150.0/23 # Only one IP in > the pool, the IP used to reach the tenant subnets. > > neutron router-create corpnet-router > > neutron router-gateway-set $ROUTER_ID $EXT_SUBNET_ID > > And for every tenant: > > neutron net-create --tenant-id $TENANT_ID > --provider:physical_network=physnet1 --provider:network_type=vlan > --provider:segmentation_id=$VLAN_ID tenantX-net > > neutron subnet-create --tenant-id $TENANT_ID tenantX-net > 10.210.99.240/28 --gateway 10.210.99.241 > > neutron router-interface-add $ROUTER_ID $TENANT_SUBNET_ID > > This creates one router using namespaces, but I'not sure if that's the > best option. If my setup is simple, may be I don't need namespaces and > all the VLANs and routing could be managed in the controller node > directly. i have a similar setup than yours, but i don't use the router, i just present vlan to tenants and configured them as --router:external=True the gateway is a hw device
i have it working for more than a year now :) > > I would like to hear another opinions about this setup, if it ok, if > there is something better. always there is something better, but i'm happpy with my setup > > Regards, > Diego > > -- 1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333 _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
