Ask Your Question

why instances from different networks can ping each other

asked 2017-06-01 05:34:22 -0500

lost007 gravatar image

Hello, I installed OpenStack Newton on Ubuntu 16.04.2 with 3 nodes : controller, compute, block storage.

I created a new project, with three instances, each instance in a separate network : (image description)

I didn't configure any routing on the router, so I thought that instances won't be able to ping each other but it's not the case !! they all have connectivity to each other.

I don't want instances to have connectivity on each other, I want them only to have access to the provider network, how to do that ?


edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2017-06-01 06:26:49 -0500

updated 2017-06-01 06:56:23 -0500

You could create a separate router per network.

By the way, here is the routing table in my router:

$ ip netns
qrouter-3d1dcda5-c743-4535-bcbb-5a1c651adce1 (id: 1)
$ sudo ip netns exec qrouter-3d1dcda5-c743-4535-bcbb-5a1c651adce1 /bin/bash
# ip r
default via dev qg-426ef0ad-56 dev qr-45b6322e-2a  proto kernel  scope link  src dev qr-47b002a5-04  proto kernel  scope link  src dev qg-426ef0ad-56  proto kernel  scope link  src

If you want a single router that doesn't route between the networks, I guess you would have to set up source policy routing, which Neutron's default L3 agent is probably unable to do. Perhaps other routers are more capable, for example Brocade's Vyatta plugin.

edit flag offensive delete link more


thanks for the reply, I will create a separate router per network ( Even though it requires 2 more ip addresses on the provider network ), the solution of the Brocade's Vyatta plugin seems to be interesting but complicated, may be I will try it in the future

lost007 gravatar imagelost007 ( 2017-06-02 02:38:59 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2017-06-01 05:34:22 -0500

Seen: 185 times

Last updated: Jun 01 '17