Hi,
In the cli of neutron router-gateway-set, thers is an option of disable
snat.
http://docs.openstack.org/cli-reference/neutron.html#neutron-router-gateway-set
Does that mean i can create a tenant network and the packet will go out
with the same fixed ip of the vm? Assume the tenant network crea
The instance would still require a floating IP. That is the only way the host
would get outside of the tenant network.
We do this for some of our tenants to ensure that we know that only connections
outbound would be controlled by Floating IPs.
On Jan 15, 2016, at 6:55 PM, Akshay Kumar Sangha
That is correct. You should be able to disable snat, then route the tenant
network to the outside of the neutron router and communicate with your
instances using their assigned fixed IP.
If your outbound packets aren't leaving your router, you have another
problem. Start checking iptables rules a
Hi Aaron,
Do i need to add something in the iptables ? The setup is working fine with
floating ip and snat enabled router.
Thanks,
Akshay
On Sat, Jan 16, 2016 at 8:59 PM, Aaron Segura
wrote:
> That is correct. You should be able to disable snat, then route the
> tenant network to the outside o
You shouldn't have to do anything other than disable SNAT and set a route
for your tenant network upstream. Do some packet captures at different
points in the system and try to determine where your packets stop flowing.
On Sat, Jan 16, 2016 at 10:48 AM Akshay Kumar Sanghai <
akshaykumarsang...@gm
To expand on Joseph's explanation: when SNAT is enabled, an IP is pulled from
the floating pool and assigned as a "default SNAT" for the router when its
gateway is set. Similar to how your home router has a single external IP and
all your internal devices SNAT out from that IP, all Vms on that n
Aaron Segura wrote on 01/16/2016 12:19:53 PM:
> You shouldn't have to do anything other than disable SNAT and set a
> route for your tenant network upstream.
Indeed, I have exercised exactly this.
Regards,
Mike
___
OpenStack-operators mailing list
Hi Aaron,Mike,Kevin,Joseph,
Thanks for your inputs.
But I am still confused as Aaron and Mike are suggesting that it is
possible and Joseph and Kevin are suggesting its not possible.
I tried to ping from the vm in openstack to outside of the cloud with only
fixed ip assigned, but ping failed. When
It's possible. We do it all the time.
However, without proper routing, Kevin and Joseph are correct. The VM will
never receive replies to outbound packets because the upstream devices
don't know where to send them.
I also forgot to mention - The edge device also needs to NAT the fixed IP
of the
Hi Aaron,
The physical router is not getting a arp reply for the vm from neutron
router when snat is disabled. When floating ip is used, the router creates
one more interface on its qg- interface for that floating ip associated
with the vm and when arp request is broadcasted, the neutron router doe
Hi Akshay,
You won't get an ARP reply at your physical router unless it's on the same
network as your VM, which it isn't if it's behind a neutron router.
It sounds like you still need to add a route on your physical router to
push all tenant network traffic down to the external interface of your
Hello all,
El Martes 19/01/2016, Kevin Bringard (kevinbri) escribió:
> To expand on Joseph's explanation: when SNAT is enabled, an IP is pulled
> from the floating pool and assigned as a "default SNAT" for the router when
> its gateway is set. Similar to how your home router has a single external
Your right, it seems wonky, but nothing is wrong with your setup.
I did find a bug in neutron that sorta explained why this was happening. [1]
The explanation in the bug says this:
There is a use case where SNAT is disabled on a Neutron router and there are
upstream routes for tenant networks
Thu Jan 21 21:23:16 UTC 2016, Bajin, Joseph wrote:
> Your right, it seems wonky, but nothing is wrong with your setup.
>
> I did find a bug in neutron that sorta explained why this was happening. [1]
>
> The explanation in the bug says this:
>
> There is a use case where SNAT is disabled on a Neut
14 matches
Mail list logo
