OpenStack floating IP allocation in two different physical networks

asked 2018-07-31 10:39:45 -0500

syjeong gravatar image

updated 2018-07-31 11:03:44 -0500

Hi, everyone.

I'm trying to build an OpenStack testbed (sorry for not embedding the image) in a small lab environment with two physical networks (different subnets).

links: (

All IPs from Net1 and Net2 are public IP and the router is an asset of the school department (so out of control from me).

In the testbed as it is, internal (tenant) networking with VXLAN works between vm1 and vm2.

The problem is failure of external networking (internet) with floating IP on each VM.

From my past successful configuration based on only Net1,

my settings on the provider network (shared and external checked) :

  • Flat type
  • Subnet pool: xxx.yyy.82.101 ~ xxx.yyy.82.109 (-> floating IPs)
  • Gateway IP: xxx.yyy.82.99

According to this setup, I expected my VMs to be able to connect external based on their floating IPs as if they are directly connected to the L2 networks (Net1 or Net2).

When I ping xxx.yyy.92.2 (Compute 3) on vm1, Compute 3 responds by generating ping reply msgs but they are lost on the router (checked by traceroute).

I expect that the routing table of the router could forward the reply with DST_IP xxx.yyy.82.101 to Net1 through the corresponding port like when it handles packets toward Net1 (Controller or Compute1).

Sadly, I don't have any view and control on the router.

I just assume all the external packets from VMs go to L3 agent to be NATed, and then rest of the packet routing depends on the physical infrastructure.

In this (or similar) scenario and limitation, which OpenStack configuration is required for especially on provider network and floating IPs. Or my expectation is totally wrong?

I just found an article looks like dealing with similar testbed, but i don't understand why the author handle each physical network as a tenant network with a VLAN id.

I think allocating floating IP from Net1 subnet (xxx.yyy.82.0/24) to VMs physically located in Net2 is silly just because Controller (l3-agent) belongs to Net1. but I don't have any advisors and experiences on this scale.

Any help or references really welcome!

Thanks in advance.

edit retag flag offensive close merge delete