How to best conserve external IP address usage with Neutron and tenant networks

asked 2014-06-22 01:17:21 -0600

halfmanhalftaco gravatar image

I have an OpenStack Icehouse installation with neutron networking set up and working on a flat external network; I can add instances to the external network directly and I can add routers and private networks and assign floating IPs from the external network to instances the internal network.

My problem is that if I want to create an internal network for a tenant and allow them a floating IP address, it appears that I have to create a router between their network and my external network, then assign the floating IP. This results in the router taking an IP on the external network in addition to the floating IP address.

Is there any way to route a floating IP to a tenant network without a router taking up an additional IP address on my external network? I have very few to work with (less than 10 at the moment) and want to make good use of them.

edit retag flag offensive close merge delete


I'm also looking for a solution to this problem! (conserving IPs). Alternatively, is it possible to assign a floating IP to a router?

dcbarans gravatar imagedcbarans ( 2014-07-02 12:05:15 -0600 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2014-06-26 00:31:41 -0600

mpetason gravatar image

This is a recommendation. Depending on your setup you should have your floating IP address space assigned to an internal network instead of your public network space. Using a Firewall with NAT could then be used to assign actual Public addresses to the floating IP addresses -- This would be setup outside of OpenStack, say a Palo Alto firewall or something.

If you don't have many public IP addresses and not all of your floating IP addresses need to be reached from the internet, they can be reached from a corporate network, then you should look into keeping all of the OpenStack networking Internal to your network. Then look into using a Firewall to setup Nat rules for the addresses you actually need on the Internet.

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools



Asked: 2014-06-22 01:17:21 -0600

Seen: 421 times

Last updated: Jun 26 '14