Hello Matej, I *think* that the best solution is to disable NAT at the Neutron L3 router but, I don't know precisely how to do that... This way, your Neutron L3 Router will not make any NAT, so, the instances will be reachable if you take care of the routing.
In fact, this is precisely the topology I'm working to achieve when with IPv6... Since there is no NAT for IPv6 (if it exists, I don't care, not supported / not desired), then, the Instances will have public reachable IP addresses "by nature" (without any kind of NAT). I see two solutions: 1- Try to disable NAT at your Neutron L3 Router plus make sure the route is okay; 2- Wait for Neutron IPv6 and be happy! No more NAT, no more troubles and workarounds... BTW, I'm working to backport Neutron IPv6 patches to IceHouse, if the work goes as expected, I'll announce it here... Also, you might want to take a look here: http://www.nephos6.com/pdf/OpenStack-Havana-on-IPv6.pdf - They talk about NAT at the Neutron L3 Router, I think that if you dig there, you'll find a way to disable it for IPv4 networks. Cheers! Thiago On 22 April 2014 19:27, Matej <ma...@tam.si> wrote: > Hi, > > I am using GRE tunneling and OVS and have several instances working > perfectly. They get private IP addresses (range: 10.0.0.0/24) and get > routed through my local IP subnet (192.168.22.0/24) out via my HW > router's 192.168.22.1. This setup works good and I am pretty happy with it. > > What bothers me is the case where I need to delegate some of our instances > a direct public IP address, without the need for any NAT whatsoever. > Let's declare this public subnet as: 102.203.103.80/29 > > I have created a new network: > +---------------------------+--------------------------------------+ > | Field | Value | > +---------------------------+--------------------------------------+ > | admin_state_up | True | > | id | 50ad28c9-6a7d-4579-8339-a39f29cc4485 | > | name | inet | > | provider:network_type | local | > | provider:physical_network | | > | provider:segmentation_id | | > | router:external | True | > | shared | False | > | status | ACTIVE | > | subnets | 6d27b5fa-191e-473e-9852-cbf47a62188e | > | tenant_id | a0edd2a531bb41e6b17e0fd644bfd494 | > +---------------------------+--------------------------------------+ > > and then assigned a subnet inside: > +------------------+------------------------------------------------------+ > | Field | Value | > +------------------+------------------------------------------------------+ > | allocation_pools | {"start": "102.203.103.84", "end": "102.203.103.86"} | > | cidr | 102.203.103.80/29 > | > | dns_nameservers | 8.8.8.8 | > | enable_dhcp | False | > | gateway_ip | | > | host_routes | | > | id | 6d27b5fa-191e-473e-9852-cbf47a62188e | > | ip_version | 4 | > | name | inet | > | network_id | 50ad28c9-6a7d-4579-8339-a39f29cc4485 | > | tenant_id | a0edd2a531bb41e6b17e0fd644bfd494 | > +------------------+------------------------------------------------------+ > > > When I create a new instance (CirrOS) and delegate this newly created > network to it and then set IP > 102.203.103.84/29 inside it, I am unable to ping our router's public IP > address, it doesn't work. > I have tried to create it as a flat network, but I don't currently have > physnet interface defined in ovs_neutron_plugin.ini and when I did it, my > private NAT setup stopped working. > > My current ovs_neutron_plugin.ini on controller: > [ovs] > tenant_network_type = gre > tunnel_id_ranges = 1:1000 > enable_tunneling = True > local_ip = 192.168.22.10 > integration_bridge = br-int > tunnel_bridge = br-tun > tunnel_types=gre > > [agent] > polling_interval = 2 > > [securitygroup] > firewall_driver = > neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver > > > > What is the right way to achieve this public IP assignment I would like to > do? After reading a lot of docs, I still don't have any working solutions > for it. > > Thank you very much for any ideas and help. If you need any other > information, I will be happy to provide it. > > Matej > > _______________________________________________ > Mailing list: > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
