Re: [Openstack] Networking issue with VlanManager and Floating IPs

2012-07-31 Thread Vishvananda Ishaya
Communication should be blocked via security groups, but perhaps you want more complete isolation. The network host (which in this case is the compute host) will be able to route packets between subnets even though they are on different networks, so you will need to drop packets between vlans.

Re: [Openstack] Networking issue with VlanManager and Floating IPs

2012-07-31 Thread Xu (Simon) Chen
Two ways that I can think of... 1) disable forwarding on the NC, not sure if this would impact regular services. 2) add additional rules, something like "-s 10.10.10.0/24 -d 10.0.0.0/8 drop". -Simon On Mon, Jul 30, 2012 at 4:34 AM, Wael Ghandour (wghandou) wrote: > > We are also seeing another

Re: [Openstack] Networking issue with VlanManager and Floating IPs

2012-07-21 Thread Xu (Simon) Chen
Here is what happened on a different thread: http://buriedlede.blogspot.com/2012/07/debugging-networking-problems-with.html I feel that using this might solve your issue too without changing iptables drivers... On Fri, Jul 20, 2012 at 12:58 PM, Wael Ghandour (wghandou) < wghan...@cisco.com> wrote

Re: [Openstack] Networking issue with VlanManager and Floating IPs

2012-07-20 Thread Edgar Magana (eperdomo)
@lists.launchpad.net Subject: Re: [Openstack] Networking issue with VlanManager and Floating IPs Yes, one solution is to modify the iptables driver, so that you don't SNAT for internal subnets... So, at the beginning of the nova-network-floating-snat rules, you add something like this: -A nova-ne

[Openstack] Networking issue with VlanManager and Floating IPs

2012-07-20 Thread Edgar Magana (eperdomo)
Folks, We are using Essex for our multi-host OpenStack deployment with Vlan Manager. All the private IPs are working as expected in a multi-tenant scenario but the problem that we are seen is with Floating IPs. We have three tenants, all of them are able to use Floating IPs and then VMs are r