Ask Your Question
0

why instances from different networks can ping each other

asked 2017-06-01 05:34:22 -0500

lost007 gravatar image

Hello, I installed OpenStack Newton on Ubuntu 16.04.2 with 3 nodes : controller, compute, block storage.

I created a new project, with three instances, each instance in a separate network : https://scontent.ftun1-1.fna.fbcdn.net/v/t34.0-12/18834610_10210452879413206_637341540_n.png?oh=0a46e03b50455b36353b75e7f50ef6c5&oe=5932201A (image description)

I didn't configure any routing on the router, so I thought that instances won't be able to ping each other but it's not the case !! they all have connectivity to each other.

I don't want instances to have connectivity on each other, I want them only to have access to the provider network, how to do that ?

thanks

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2017-06-01 06:26:49 -0500

updated 2017-06-01 06:56:23 -0500

You could create a separate router per network.

By the way, here is the routing table in my router:

$ ip netns
qrouter-3d1dcda5-c743-4535-bcbb-5a1c651adce1 (id: 1)
$ sudo ip netns exec qrouter-3d1dcda5-c743-4535-bcbb-5a1c651adce1 /bin/bash
# ip r
default via 192.168.1.1 dev qg-426ef0ad-56
10.100.100.0/24 dev qr-45b6322e-2a  proto kernel  scope link  src 10.100.100.1
10.200.200.0/24 dev qr-47b002a5-04  proto kernel  scope link  src 10.200.200.1
192.168.1.0/24 dev qg-426ef0ad-56  proto kernel  scope link  src 192.168.1.248

If you want a single router that doesn't route between the networks, I guess you would have to set up source policy routing, which Neutron's default L3 agent is probably unable to do. Perhaps other routers are more capable, for example Brocade's Vyatta plugin.

edit flag offensive delete link more

Comments

thanks for the reply, I will create a separate router per network ( Even though it requires 2 more ip addresses on the provider network ), the solution of the Brocade's Vyatta plugin seems to be interesting but complicated, may be I will try it in the future

lost007 gravatar imagelost007 ( 2017-06-02 02:38:59 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2017-06-01 05:34:22 -0500

Seen: 43 times

Last updated: Jun 01 '17