openstack - Minimal devstack with nova and floating ips -


i'm trying set minimal devstack can launch nova instances, have public addresses, , need open connections public network. i'd able assign floating ips instances, , have traffic originating instances public addresses reach public network.

addressing

devstack running on single ubuntu 14.04 box 2 physical interfaces. first interface eth0 on 10.48.4.0/22, on own address 10.48.6.232; management connection box. second interface eth1 on 10.48.8.0/22 , owns addresses 10.48.11.6 , 10.48.11.57-10.48.11.59. eth1 configured use 10.48.11.6 address, leaving small pool of addresses floating range.

auto eth1 iface eth1 inet static     address 10.48.11.6     netmask 255.255.252.0 

i'd use range 10.48.11.57-10.48.11.59 floating ip pool. makes start of local.conf

[[local|localrc]]  # devstack host ip eth1 address host_ip=10.48.11.6  # private network fixed_range=10.90.100.0/24 network_gateway=10.90.100.1  # public network q_floating_allocation_pool=start=10.48.11.57,end=10.48.11.59 floating_range=10.48.8.0/22 public_network_gateway=10.48.8.1  # public network eth1 public_interface=eth1 

ml2

the remainder of relevant part of local.conf configuring neutron , ovs use public network. i've followed instructions in comments in neutron-legacy.

# neutron # -------  public_bridge=br-ex  q_use_providernet_for_public=true public_physical_network=public ovs_bridge_mappings=public:br-ex  # neutron provider network enable_tenant_tunnels=true physical_network=public ovs_physical_bridge=br-ex  # use ml2 , openvswitch q_plugin=ml2 q_ml2_plugin_mechanism_drivers=openvswitch,logger q_agent=openvswitch enable_service q-agt  # ml2 vxlan q_ml2_tenant_network_type=vxlan q_ml2_plugin_vxlan_type_options=(vni_ranges=1001:2000) q_agent_extra_agent_opts=(tunnel_types=vxlan vxlan_udp_port=8472) q_use_namespace=true q_use_secgroup=true 

resulting network

i changed default security policy demo project permissive.

the resulting network routes traffic between devstack host , private subnet, not between devstack host , 10.48.8.0/22, between instances , physical 10.48.8.0/22 or between physical 10.48.8.0/22 network , public 10.48.8.0/22 subnet.

      \ destination   gateway     devstack     router1       private source \              10.48.8.1   10.48.11.6   10.48.11.57   10.90.100.0/24  physical              pings       x            x             na 10.48.8.0/22  devstack              x           pings        pings         pings 10.48.11.6  private               x           pings        pings         pings 10.90.100.0/24 

traffic leaving public network should reach physical network. traffic leaving private network should nated onto public network. traffic entering physical network should reach public network.

the resulting ovs bridges are

$sudo ovs-vsctl show 33ab25b5-f5d9-4f9f-b30e-20452d099f2c     bridge br-ex         port phy-br-ex             interface phy-br-ex                 type: patch                 options: {peer=int-br-ex}         port "eth1"             interface "eth1"         port br-ex             interface br-ex                 type: internal     bridge br-int         fail_mode: secure         port patch-tun             interface patch-tun                 type: patch                 options: {peer=patch-int}         port int-br-ex             interface int-br-ex                 type: patch                 options: {peer=phy-br-ex}         port "tapc5733ec7-e7"             tag: 1             interface "tapc5733ec7-e7"                 type: internal         port "qvo280f2d3e-14"             tag: 1             interface "qvo280f2d3e-14"         port br-int             interface br-int                 type: internal         port "qr-9a91aae3-7c"             tag: 1             interface "qr-9a91aae3-7c"                 type: internal         port "qr-54611e0f-77"             tag: 1             interface "qr-54611e0f-77"                 type: internal         port "qg-9a39ed65-f0"             tag: 2             interface "qg-9a39ed65-f0"                 type: internal     bridge br-tun         fail_mode: secure         port br-tun             interface br-tun                 type: internal         port patch-int             interface patch-int                 type: patch                 options: {peer=patch-tun}     ovs_version: "2.0.2" 

the routing table on devstack box is

$ip route default via 10.48.4.1 dev eth0 10.48.4.0/22 dev eth0  proto kernel  scope link  src 10.48.6.232 10.48.8.0/22 dev br-ex  proto kernel  scope link  src 10.48.11.6 10.90.100.0/24 via 10.48.11.57 dev br-ex 192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1 

the routing table of router1 is

$sudo ip netns exec qrouter-cf0137a4-49cc-45f9-bad8-5d71340b5462 ip route default via 10.48.8.1 dev qg-9a39ed65-f0 10.48.8.0/22 dev qg-9a39ed65-f0  proto kernel  scope link  src 10.48.11.57 10.90.100.0/24 dev qr-9a91aae3-7c  proto kernel  scope link  src 10.90.100.1 

what's wrong? how can set simple devstack can host both public , private interfaces nova instances?


Comments