external access for compute nodes [closed]

asked 2014-09-26 13:16:02 -0600

bgyako gravatar image

updated 2014-09-26 13:17:58 -0600

Hi All, Using Ice house on ubuntu 14.04. ML2 network set up.

Having small issue with providing internet access to compute nodes. I have 3 networks listed below, and everything with VM's is working. I am able to get to VM using public floating IP and I am able to get from vm to internet. My issue is routing physical compute node to internet through network node for updates.

Controller: 1. management network only.

Network controller: 1. management network 2. VMnet network 3. Public network.

Compute node: 1. management network 2. VMnet network.

Closed for the following reason question is off-topic or not relevant by larsks
close date 2014-09-29 14:09:45.264593


If you are trying to route the physical compute node through another system for updates...this doesn't really seem like an OpenStack question.

larsks gravatar imagelarsks ( 2014-09-26 21:28:48 -0600 )edit

yes. agree with larsks. the best is you should have connection directly to the internet for compute node also.

senyapsudah gravatar imagesenyapsudah ( 2014-09-27 07:32:33 -0600 )edit

I do not think that is accurate, in the basic network set up section it tells you to test connectivity from node to internet. In addition, I was able to do this in grizzly by adding NAT rule on network controller.

bgyako gravatar imagebgyako ( 2014-09-27 16:38:16 -0600 )edit

Tragically, it is accurate. OpenStack takes care of routing traffic from your virtual instances, but how your physical hosts arrange for outbound connectivity is entirely up to you.

larsks gravatar imagelarsks ( 2014-09-27 18:38:54 -0600 )edit

Can't I route physical nodes through neutron? What about this link:

bgyako gravatar imagebgyako ( 2014-09-27 19:17:29 -0600 )edit

answered 2014-09-29 11:32:25 -0600

bgyako gravatar image

Was able to resolve by adding below rule on network node and setting gateway as network node on compute node.

sudo iptables -A FORWARD -i (PUBLIC INTERFACE) -o br-ex -s (MANAGE SUBNET -m conntrack --ctstate NEW -j ACCEPT sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A POSTROUTING -s (MANAGE SUBNET nat -j MASQUERADE

