i'm trying set minimal devstack can launch nova instances, have public addresses, , need open connections public network. i'd able assign floating ips instances, , have traffic originating instances public addresses reach public network.
addressing
devstack running on single ubuntu 14.04 box 2 physical interfaces. first interface eth0
on 10.48.4.0/22, on own address 10.48.6.232; management connection box. second interface eth1
on 10.48.8.0/22 , owns addresses 10.48.11.6 , 10.48.11.57-10.48.11.59. eth1
configured use 10.48.11.6 address, leaving small pool of addresses floating range.
auto eth1 iface eth1 inet static address 10.48.11.6 netmask 255.255.252.0
i'd use range 10.48.11.57-10.48.11.59 floating ip pool. makes start of local.conf
[[local|localrc]] # devstack host ip eth1 address host_ip=10.48.11.6 # private network fixed_range=10.90.100.0/24 network_gateway=10.90.100.1 # public network q_floating_allocation_pool=start=10.48.11.57,end=10.48.11.59 floating_range=10.48.8.0/22 public_network_gateway=10.48.8.1 # public network eth1 public_interface=eth1
ml2
the remainder of relevant part of local.conf
configuring neutron , ovs use public network. i've followed instructions in comments in neutron-legacy
.
# neutron # ------- public_bridge=br-ex q_use_providernet_for_public=true public_physical_network=public ovs_bridge_mappings=public:br-ex # neutron provider network enable_tenant_tunnels=true physical_network=public ovs_physical_bridge=br-ex # use ml2 , openvswitch q_plugin=ml2 q_ml2_plugin_mechanism_drivers=openvswitch,logger q_agent=openvswitch enable_service q-agt # ml2 vxlan q_ml2_tenant_network_type=vxlan q_ml2_plugin_vxlan_type_options=(vni_ranges=1001:2000) q_agent_extra_agent_opts=(tunnel_types=vxlan vxlan_udp_port=8472) q_use_namespace=true q_use_secgroup=true
resulting network
i changed default security policy demo project permissive.
the resulting network routes traffic between devstack host , private subnet, not between devstack host , 10.48.8.0/22
, between instances , physical 10.48.8.0/22
or between physical 10.48.8.0/22
network , public 10.48.8.0/22
subnet.
\ destination gateway devstack router1 private source \ 10.48.8.1 10.48.11.6 10.48.11.57 10.90.100.0/24 physical pings x x na 10.48.8.0/22 devstack x pings pings pings 10.48.11.6 private x pings pings pings 10.90.100.0/24
traffic leaving public
network should reach physical network. traffic leaving private
network should nated onto public
network. traffic entering physical network should reach public
network.
the resulting ovs bridges are
$sudo ovs-vsctl show 33ab25b5-f5d9-4f9f-b30e-20452d099f2c bridge br-ex port phy-br-ex interface phy-br-ex type: patch options: {peer=int-br-ex} port "eth1" interface "eth1" port br-ex interface br-ex type: internal bridge br-int fail_mode: secure port patch-tun interface patch-tun type: patch options: {peer=patch-int} port int-br-ex interface int-br-ex type: patch options: {peer=phy-br-ex} port "tapc5733ec7-e7" tag: 1 interface "tapc5733ec7-e7" type: internal port "qvo280f2d3e-14" tag: 1 interface "qvo280f2d3e-14" port br-int interface br-int type: internal port "qr-9a91aae3-7c" tag: 1 interface "qr-9a91aae3-7c" type: internal port "qr-54611e0f-77" tag: 1 interface "qr-54611e0f-77" type: internal port "qg-9a39ed65-f0" tag: 2 interface "qg-9a39ed65-f0" type: internal bridge br-tun fail_mode: secure port br-tun interface br-tun type: internal port patch-int interface patch-int type: patch options: {peer=patch-tun} ovs_version: "2.0.2"
the routing table on devstack box is
$ip route default via 10.48.4.1 dev eth0 10.48.4.0/22 dev eth0 proto kernel scope link src 10.48.6.232 10.48.8.0/22 dev br-ex proto kernel scope link src 10.48.11.6 10.90.100.0/24 via 10.48.11.57 dev br-ex 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
the routing table of router1
is
$sudo ip netns exec qrouter-cf0137a4-49cc-45f9-bad8-5d71340b5462 ip route default via 10.48.8.1 dev qg-9a39ed65-f0 10.48.8.0/22 dev qg-9a39ed65-f0 proto kernel scope link src 10.48.11.57 10.90.100.0/24 dev qr-9a91aae3-7c proto kernel scope link src 10.90.100.1
what's wrong? how can set simple devstack can host both public , private interfaces nova instances?
Comments
Post a Comment