Ask Your Question
0

Quantum overlapping IPs recommended procedure

asked 2012-12-12 22:33:06 -0600

rrolim gravatar image

The limitations chapter of the Quantum administration manual (chapter 10), says that "If you enable [allow_overlapping_ips], you must disable both Nova security groups and the Nova metadata service." How do I do that?

One thing I noticed when I enabled overlapping IPs is that during booting my VMs would get stuck a very long time waiting for a response from the metadata server. When I disable overlapping IP, I still cannot connect to the metadata server, but each of the 30 iterations the VM goes through trying to reach the server goes by way faster.

edit retag flag offensive close merge delete
add a comment

3 answers

Sort by ยป oldest newest most voted
0

answered 2012-12-13 02:49:09 -0600

gongysh gravatar image

To disable both Nova security groups, in nova.conf: firewall_driver=nova.virt.firewall.NoopFirewallDriver To disable nova metadata service, you just remove it from nova-api.

In fact, if you don't add overlapping IPs in quantum networks, I.E. you configure the networks without overlapping subnets. It dones not matter if u are using Nova security groups and the Nova metadata service or not.

In grizzly, we have implemented metadata proxy in quantum in the overlapping env. But it needs to run L3 service. the pure L2 is in BP.

edit flag offensive delete link more
add a comment
0

answered 2012-12-13 15:00:26 -0600

rrolim gravatar image

Thanks a lot, yong. Some related questions:

  • Does the nova-api-metadata service should be stopped on the compute nodes, as well? It this its only purpose?
  • Should I set 'enabled_apis=' (blank) in nova.conf on the compute node?
  • My VMs take an extremely long time to boot while they look for the metadata service, because of cloud-init. Is this normal?
  • And mainly, if I disable the metadata service, as the manual suggests, how am I supposed to configure the virtual machines? Manually, I'm affraid?

Regards

edit flag offensive delete link more
add a comment
0

answered 2012-12-14 02:47:47 -0600

gongysh gravatar image

In fact, you can run nova as usual if you are controlling the IP allocation so that it has no overlapping space.

If u are using overlapping IPs, you can run quantum's metadata proxy and agent in middle it will help u fix the overlapping problem.

edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2012-12-12 22:33:06 -0600

Seen: 57 times

Last updated: Dec 14 '12

Related questions

Instance is not getting a static IP

Floating IP and 'system' ports

CLI Tool and Rest API for Quantum

Why is Liberty Neutron DVR so slow?

Neutron fails to bind port when launching VM

network_type value 'flat' not supported when creating a new neutron network

Set global quota on number of neutron networks

ping running instance

can't ping instance from any ip

vRouter does not forward multicast packet