Ask Your Question

Revision history [back]

Can you create neutron-router && external network , to set up as gateway for router ? If yes , then allocation pool created with external subnet , is pool of floating IPs for instances to accessible from outside. DNAT && SNAT rules define mapping Floating IPs to Private ones

Can you create neutron-router && external network , to set up as gateway for router ? If yes , then allocation pool created with external subnet , is pool of floating IPs for instances to be accessible from outside. DNAT && SNAT rules define mapping Floating IPs to Private ones

Can you create neutron-router && external network , to set up as gateway for router ? If yes , then allocation pool created with external subnet , is pool of floating IPs for instances to be accessible from outside. DNAT && SNAT rules define mapping Floating IPs to Private onesones. Same router should have interface created to desired private network. In this case Neutron L3 routing table for particular qrouter namespace may look like :-

[root@juno1 ~(keystone_admin)]# ip netns exec qrouter-1cf08ea2-959f-4206-b2f1-a9b4708399c1 iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-OUTPUT -d 192.168.1.179/32 -j DNAT --to-destination 50.0.0.25
-A neutron-l3-agent-OUTPUT -d 192.168.1.175/32 -j DNAT --to-destination 50.0.0.32
-A neutron-l3-agent-OUTPUT -d 192.168.1.174/32 -j DNAT --to-destination 50.0.0.26
-A neutron-l3-agent-OUTPUT -d 192.168.1.176/32 -j DNAT --to-destination 50.0.0.35
-A neutron-l3-agent-POSTROUTING ! -i qg-7b037650-10 ! -o qg-7b037650-10 -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-PREROUTING -d 192.168.1.179/32 -j DNAT --to-destination 50.0.0.25
-A neutron-l3-agent-PREROUTING -d 192.168.1.175/32 -j DNAT --to-destination 50.0.0.32
-A neutron-l3-agent-PREROUTING -d 192.168.1.174/32 -j DNAT --to-destination 50.0.0.26
-A neutron-l3-agent-PREROUTING -d 192.168.1.176/32 -j DNAT --to-destination 50.0.0.35
-A neutron-l3-agent-float-snat -s 50.0.0.25/32 -j SNAT --to-source 192.168.1.179
-A neutron-l3-agent-float-snat -s 50.0.0.32/32 -j SNAT --to-source 192.168.1.175
-A neutron-l3-agent-float-snat -s 50.0.0.26/32 -j SNAT --to-source 192.168.1.174
-A neutron-l3-agent-float-snat -s 50.0.0.35/32 -j SNAT --to-source 192.168.1.176
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -s 50.0.0.0/24 -j SNAT --to-source 192.168.1.173
-A neutron-postrouting-bottom -j neutron-l3-agent-snat