In our Grizzly installation we have separate physical controller, network, and compute servers (as shown http://docs.openstack.org/grizzly/openstack-network/admin/content/connectivity.html (in the docs)).
Everything is working great network-wise except that we have requirements for some VM instances to access the OpenStack and/or EC2 APIs that run on the controller. However, for some reason the network does not allow us to route from an instance to the controller.
Is this normal?
Is it possible to allow network access to the controller from the instances it controls?