Ask Your Question

icehouse documentation help

asked 2014-04-30 04:54:40 -0500

capsali gravatar image


Just started installing icehouse from documentation provided on . i'm a little confused at the beginning of the documentation, setting up networking. I opted for the neutron deployment, but instead of using 3 nodes, i will collocate controller node and network node services into one single node. I have 5 nodes available, each with 6 eth. So here comes my problem. I followed instructions from chapter 2 on setting up network on the nodes. It sais on the controller node there is one network, management network, on the compute node there are 2 separate networks, one management and one tunnel network. On the network node there is one management network, one tunnel netowrk and one external network left unnumbered, in promiscuous mode. After making the necessary changes to the nodes the next step is to verify connection between the nodes, that works just fine, and connection to the internet. Here is my problem. What network should be connected to the internet? The only one that is present on all nodes is the management network, so should i enable internet acces to this network?

Thank you.

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted

answered 2014-05-01 01:07:29 -0500

screwgoth gravatar image

Yes. Ideally, the internet should be accessible from the Management network. The Management Network itself should not be accessible from outside the main network, for example, the corporate LAN. The "tunnel" network you mention is between Network nodes and the Compute nodes. In your case, The Controller-cum-Network node and the Compute nodes. This network should not be reachable even by the Management network ... ideally.

Hope haven't confused you more

edit flag offensive delete link more


Hi...Thanks...i understood the basics...the tunnel network is for VMs to communicate with the external network. So, as i thought, the management network should have access to the internet but with all incoming ports closed so it could not be reached from the exterior. Thanks again for clearing that up for me!

capsali gravatar imagecapsali ( 2014-05-01 05:52:19 -0500 )edit

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2014-04-30 04:54:40 -0500

Seen: 211 times

Last updated: May 01 '14