Hi,
From https://bugzilla.redhat.com/show_bug.cgi?id=1163726#c3
<snip>
By marking a network as "external" you are actually sharing it among all other
tenants to be used as default GW and a source for floating IPs.
Marking a network as "shared" is allowing other tenants to connect VMs (and not
router GWs) directly to the network.
Marking an external network as "shared" would allow VMs of all tenants to
connect to a network as well as pull floating ips from it (via router GW).
While this is possible in Neutron, it is also redundant, as with the case above
- There isn't much sense in pulling a floating IP from a network that you can
connect to directly.
</snip>
please provide the relevant output from:
$ neutron net-show <external net>
$ keystone tenant-list
Without this output it seems like the network was created by non-admin
tenant/user which shouldn't allow its floating IPs to be consumed by other
tenants. I've never tried to do that, so I'm not sure if this is a legitimate
operation and if so, how such network should behave.
The ideal flow is:
1. Admin creates an external network (usually called "public") in its own
tenant.
2. Users (in their own tenants) create private networks and VMs attached to
them.
3. Users create routers connecting their private networks (
router-interface-add") to the external ("public") network
("router-gateway-set").
*** At this point, VMs should be able to access the outside world via NAT.
4. Now users can allocate floating IPs to their VMs (only those VMs that are
connected to the external network via routers).
Please let me know if this is unclear
Regards
Yair
----- Original Message -----
From: "Wilson Kwok" <leiw...@gmail.com>
To: "Yair Fried" <yfr...@redhat.com>
Cc: openstack@lists.openstack.org
Sent: Tuesday, May 26, 2015 1:00:58 PM
Subject: Re: [Openstack] Confusion of external network
Hi Yair,
1. The new account same project with demo account.
2. Yes, the external network shared already, so how can share this network
if not use it for floating IP?
Thanks
2015-05-26 13:58 GMT+08:00 Yair Fried <yfr...@redhat.com>:
> Hi,
> Your question is missing some details
> 1. What tenant does the network belong to?
> 2. Is it shared? If you want to use it for floating IP it shouldn't be
> shared. And VMs shouldn't be connected directly to it.
>
> Regards,
> Yair
>
> ----- Original Message -----
> From: "Wilson Kwok" <leiw...@gmail.com>
> To: openstack@lists.openstack.org
> Sent: Tuesday, May 26, 2015 4:38:20 AM
> Subject: Re: [Openstack] Confusion of external network
>
> Can someone help ? thanks!
>
> 2015-05-24 11:51 GMT+08:00 Wilson Kwok < leiw...@gmail.com > :
>
>
>
> Hello all,
>
> I have completed my Openstack via this RDO guideline:
> http://community.redhat.com/blog/2015/01/rdo-quickstart-doing-the-neutron-dance/
>
> This guideline help to fix external network that can let my home network
> can access to instance via floating IP, but needed to use neutron command
> to remove default external network and then add new external network that
> subnet match my home network.
>
> The new external network shared already, my confusion is why only demo
> account of external network can access instance, but admin account cannot,
> even I create anther user account with same of demo project.
>
> Anyone have been try RDO caused this problem ?
>
> Thanks
>
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to : openstack@lists.openstack.org
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
