Ask Your Question
2

How to connect instance directly to ext-net(external network)?

asked 2014-08-17 22:23:07 -0500

rafael canelas gravatar image

updated 2014-08-19 02:29:32 -0500

Im using openstack neutron with 3 nodes and all are working perfectly using virtual router that is connected to ext-net and internal interface,I would like to asks if its possible that the instance is directly connected to ext-net without virtual router and internal interface.

#Network node interface configuration

#NETWORK NODE INTERFACE
vi /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# The Management interface which is connected to bridge  br0 
auto eth0
iface eth0 inet static
        address 172.16.50.52
        netmask 255.255.0.0
        gateway 172.16.0.1
        dns-nameservers 8.8.8.8

#The tunnel interface which is connected to bridge br1
auto eth1
iface eth1 inet static
        address 10.0.50.52
        netmask 255.255.255.0

# The external network interface(for floating ip) which is connected to bridge  br0 
auto eth2
iface eth2 inet manual
  up ifconfig $IFACE 0.0.0.0 up
  up ip link set dev $IFACE promisc on
  down ip link set dev $IFACE promisc off
  down ifconfig $IFACE down

#Compute node interface configuration

# The loopback network interface
auto lo
iface lo inet loopback

# The management network interface which is connected to bridge br0
auto eth0
iface eth0 inet static
        address 172.16.50.51
        netmask 255.255.0.0
        gateway 172.16.0.1
        dns-nameservers 8.8.8.8

#The tunnel interface which is connected to bridge br1
auto eth1
iface eth1 inet static
        address 10.0.50.51
        netmask 255.255.255.0
edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
1

answered 2014-08-18 09:19:16 -0500

SamYaple gravatar image

Yes you can, but this is dependant on how you setup your network. A quick check would be to see which tenant owns the ext-net network.

May I ask _why_ you want to do this? Perhaps there is a better way to achieve your goals. This is generally not an advisable course of action.

edit flag offensive delete link more

Comments

1

Im afraid that what if the virtual router failed or bottleneck will exist, It might be all the instance will be affected as well, so im thinking to connect the instance directly to ext-net. Your recommendation is highly appreciated. Thank you for your quick response.

admin tenant owns the ext-net network.

root@controller:~# cat admin-openrc.sh 
export OS_USERNAME=admin
export OS_PASSWORD=xxx
export OS_TENANT_NAME=admin
export OS_AUTH_URL=http://controller:35357/v2.0

source admin-openrc.sh

root@controller:~# neutron net-create ext-net

Created a new network:
+---------------------------+--------------------------------------+
| Field                     | Value                                |
+---------------------------+--------------------------------------+
| admin_state_up            | True                                 |
| id                        | e1045591-7fcd-4633-8113-3f72feb38df5 |
| name                      | ext-net                              |
| provider:network_type     | gre                                  |
| provider:physical_network |                                      |
| provider:segmentation_id  | 1                                    |
| shared                    | False                                |
| status                    | ACTIVE                               |
| subnets                   |                                      |
| tenant_id                 | 161e02f830694359bc234e579b5960d6     |
+---------------------------+--------------------------------------+

root@controller:~# neutron subnet-create ext-net --name ext-subnet --allocation-pool start=172.16.10.1,end=172.16.10.254 --enable-dhcp --gateway 172.16.0.1 172.16.0.0/16

Created a new subnet:
+------------------+--------------------------------------------------+
| Field            | Value                                            |
+------------------+--------------------------------------------------+
| allocation_pools | {"start": "172.16.10.1", "end": "172 ...
(more)
rafael canelas gravatar imagerafael canelas ( 2014-08-18 22:43:10 -0500 )edit

If you aren't going to use a router then you should just go with a VLAN network, or even a Flat network. Those are going to be the easiest ones for your situation. I would go with vlans in your case

SamYaple gravatar imageSamYaple ( 2014-08-19 09:28:23 -0500 )edit

Thanks for the help, apology for my ignorance however iam having a problem configuring vlan, if i may ask do you have any idea to configure it right?

#control node

/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = vlan,gre
tenant_network_types = vlan,gre
mechanism_drivers = openvswitch

[ml2_type_vlan]
network_vlan_ranges = trunk:2112:2114
[ml2_type_gre]
tunnel_id_ranges = 1:1000

#compute node

/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = vlan,gre
tenant_network_types = vlan,gre
mechanism_drivers = openvswitch

[ml2_type_vlan]
network_vlan_ranges = trunk:2112:2114
[ml2_type_gre]
tunnel_id_ranges = 1:1000

[ovs]
network_vlan_ranges=trunk:2112:2114
local_ip=10.0.50.51
enable_tunneling=True
integration_bridge=br-int
tunnel_id_ranges=1:1000
tunnel_bridge=br-tun
bridge_mappings=trunk:br-eth1
tunnel_type=gre
[agent]
tunnel_types=gre
l2_population=true
polling_interval=30
veth_mtu=9134

#network node

/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = vlan,gre
tenant_network_types = vlan,gre
mechanism_drivers = openvswitch

[ml2_type_vlan]
network_vlan_ranges = trunk:2112:2114
[ml2_type_gre]
tunnel_id_ranges = 1:1000

[ovs]
network_vlan_ranges=trunk:2112:2114
local_ip=10.0.50.52
enable_tunneling ...
(more)
rafael canelas gravatar imagerafael canelas ( 2014-08-20 04:03:00 -0500 )edit
0

answered 2014-08-24 22:47:18 -0500

rafael canelas gravatar image

Hello,

I have found out that below link on openstack by using nova networking with two nodes (compute and controller) can directly connect the instance to external network without using the virtual router.now its working perfectly..Thank you

http://docs.openstack.org/icehouse/in...

nova network-create ext-net --bridge br100 --multi-host T \
--fixed-range-v4 172.16.200.0/29

root@leg-control:~# nova list

+--------------------------------------+-----------+--------+------------+-------------+----------------------+
| ID                                   | Name      | Status | Task State | Power State | Networks             |
+--------------------------------------+-----------+--------+------------+-------------+----------------------+
| 5564f11b-0a12-4097-945f-90aeca3e08ea | instance1 | ACTIVE | -          | Running     | ext-net=172.16.200.2 |
| 3560d1dd-17ff-4a7f-ba4a-35f3373e5e36 | instance2 | ACTIVE | -          | Running     | ext-net=172.16.200.3 |
+--------------------------------------+-----------+--------+------------+-------------+----------------------+

root@leg-control:~# ping 172.16.200.2

PING 172.16.200.2 (172.16.200.2) 56(84) bytes of data.
64 bytes from 172.16.200.2: icmp_seq=1 ttl=63 time=15.7 ms
64 bytes from 172.16.200.2: icmp_seq=2 ttl=63 time=2.41 ms
64 bytes from 172.16.200.2: icmp_seq=3 ttl=63 time=1.14 ms
64 bytes from 172.16.200.2: icmp_seq=4 ttl=63 time=1.13 ms
^C
--- 172.16.200.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 1.131/5.105/15.734/6.158 ms

root@leg-control:~# ssh cirros@172.16.200.2

The authenticity of host '172.16.200.2 (172.16.200.2)' can't be established.
RSA key fingerprint is 4d:4a:08:12:81:d0:18:72:84:c2:6c:35:bb:6c:8e:f1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.16.200.2' (RSA) to the list of known hosts.
cirros@172.16.200.2's password: 
$
edit flag offensive delete link more

Comments

You most certainly can use nova-networking. It has been deprecated for 3 releases now for a reason though. It may not exist in the future, just keep that in mind.

SamYaple gravatar imageSamYaple ( 2014-08-25 09:55:35 -0500 )edit

Thanks for the information,ill keep it in my mind and i will keep updating if successfully running vlan or flat network.

rafael canelas gravatar imagerafael canelas ( 2014-08-26 05:33:55 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

3 followers

Stats

Asked: 2014-08-17 22:23:07 -0500

Seen: 6,038 times

Last updated: Aug 24 '14