Routing between tenant networks

asked 2017-07-19 05:28:06 -0500

Alex Usov gravatar image

updated 2017-07-19 05:38:18 -0500

Hello everyone,

I have questions regarding how traffic is routed between VMs in several use cases I described below.

  • VMs in the same tenant but in different networks. In order to provide connectivity between them, one just has to connect them to the same router (neutron router-interface-add), created by a user of this tenant, am I correct?
  • VMs in different tenants and in different networks. I suppose they have to be connected to the same router as well as in the previous case, but in what tenant the router must be created?
  • Is router must be created in the same tenant as network(s) it connects to the outside world?
  • When network is connected to router, the router is plugged into the port with IP address of the gateway which was defined during subnet's creation (--gateway) and VMs in this network are configured with default route to this gateway (again, during the subnet's setup). So, what if I attach a VM to several networks, each with its own gateway (multihoming)? As far as I understand it, VMs in the network will get assigned random default routes depending on which network they connect to last (each subsequent default route overwrites the previous one), so there's no reliable way to determine the default gateway in advance and all routes to other subnets must be configured manually, is that right?
  • If I want to connect VMs to different tenant networks and only one of them is connected to router with external access (no multihoming), can I just specify --nic net-id=... mutiple times during VM's creation? Or is it safer to use nova interface-attach for any additional network besides the one connected to the router? What default route the VM gets?

Thank you in advance for any explanation.

edit retag flag offensive close merge delete