Ask Your Question
1

How to edit the SNAT rules of the L3 agent so that it forwards packets of specific source/dest IPs to a certain VM?

asked 2013-09-26 05:08:08 -0500

asad gravatar image

updated 2013-09-26 17:41:20 -0500

smaffulli gravatar image

I just wanted to ask if it is possible to forward all packets that are received at the physical interface (eth0 which is added into "br-ex") to the VM?

I am using a single node openstack+neutron (openvswitch) environment with floating IPs assigned to the VM. The VM is able to receive packets from outside world which have its floating IP as their destination IP address.

But I want to forward all traffic on the physical interface to this VM or even some packets that have different destination IP address.

I have tried adding rules into the br-ex bridge but the packets are not forwarded to VM.

I have further looked into it and found that the neutron L3 agent which performs the SNAT (from qg-XXXX to qr-XXXX interface), drops the packets which are not in the private network and only forwards those packet (onto qr-XXXXX) which are in the private network.

Is it possible to edit the SNAT rules of the L3 agent so that it forwards packets of specific source/dest IPs to a certain VM?

edit retag flag offensive close delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2013-10-23 21:40:41 -0500

DanielS gravatar image

I believe it is not possible to achieve using all layers of networking that Neutron/OpenVSwitch provide.

I haven't tested that, but it seems like the solution is to use "provider networks". So this way you cut the "virtual" network -> "virtual" router -> external network path and just assign a provider (physical) network straight to the instance.

The documentation is available here: Provider networks

Quote:

Provider networks enable cloud administrators to create Networking networks that map directly to the physical networks in the data center. This is commonly used to give tenants direct access to a public network that can be used to reach the Internet.

edit flag offensive delete publish link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

[hide preview]

Question Tools

Follow
1 follower

Stats

Asked: 2013-09-26 05:08:08 -0500

Seen: 252 times

Last updated: Oct 23 '13