Mike, as far as I know those routers allow only outgoing traffic, i.e. VM can see external networks, but those external networks cannot connect to VM if it doesn't have a FIP, am I right?
Thanks! Gustavo On Wed, Jun 29, 2016 at 7:24 PM, Mike Spreitzer <mspre...@us.ibm.com> wrote: > Gustavo Randich <gustavo.rand...@gmail.com> wrote on 06/29/2016 03:17:54 > PM: > > > Hi operators... > > > > Transitioning from nova-network to Neutron (Mitaka), one of the key > > issues we are facing is how to reach VMs in VXLAN tenant networks > > without using precious floating IPs. > > > > Things that are outside Neutron in our case are: > > > > - in-house made application orchestrator: needs SSH access to > > instances to perform various tasks (start / shutdown apps, configure > > filesystems, etc.) > > > > - various centralized and external monitoring/metrics pollers: need > > SNMP / SSH access to gather status and trends > > > > - internal customers: need SSH access to instance from non-openstack > > VPN service > > > > - ideally, non-VXLAN aware traffic balancer appliances > > > > We have considered these approaches: > > > > - putting some of the external components inside a Network Node: > > inviable because components need access to multiple Neutron deployments > > > > - Neutron's VPNaaS: cannot figure how to configure a client-to-site > > VPN topology > > > > - integrate hardware switches capable of VXLAN VTEP: for us in this > > stage, it is complex and expensive > > > > - other? > > You know Neutron includes routers that can route between tenant networks > and external networks, right? You could use those, if your tenant networks > use disjoint IP subnets. > > Regards, > Mike > > >
_______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
