Neutron: Single External IP Address?

asked 2015-02-09 13:43:30 -0600

Redoubt gravatar image

updated 2015-02-10 09:29:10 -0600

My current private "cluster" isn't really a cluster. It's three independent servers hosting multiple independent things. I have one external (public) IP address running to one router, which then forwards port 80 to one server, other ports to another server, you get the idea.

Let's ignore the other machines. On the port 80 machine, I have Apache running, which then uses vhosts to get to the appropriate service depending on the domain name.

For various reasons, I've been tasked to move this setup to OpenStack. For discussion, say I'm using the three-node Neutron reference architecture shown here: http://docs.openstack.org/juno/install-guide/install/apt/content/ch_overview.html#architecture_example-architectures (http://docs.openstack.org/juno/instal...) , where I have a Controller node, a Network node, and a Compute node. I'm getting hung up on the networking aspect with my setup-- I'm hoping to get advice here.

I have an L2 switch that I'll use for connecting these servers together. I figure since I have the Network node, I don't need the current router anymore. My specific questions follow:

  1. I have the interfaces necessary to make the three reference networks: Management, Tunnel, and External. However, I'm having trouble understanding what my "External" network would be. As I mentioned, I only have one public IP address, which means conceptually I can't create Floating IPs on that public network (it's not under my control). In my mind, OpenStack's "External" network and my "Public" network are one and the same... but that doesn't seem possible. If they aren't the same, than what purpose do Floating IPs serve if they aren't publicly addressable in my setup? Or is that single public IP my _only_ "Floating IP" and I can only assign it to a single instance? I feel like I'm missing part of the puzzle, here.
  2. Would the cable to my public network be connected directly to the Network node's interface 3? I suppose the answer to this depends on the answer to (1), but outgoing traffic still has to be NAT'd, right? If the current router is pulled out that must be done by Neutron.
  3. I'm looking forward to keeping distinct services within their own VMs, but since I only have a single public IP address, how do I route incoming traffic to the correct service? Going back to my current Apache setup, how do I route a.example.com to the website hosted on VM A, and b.example.com to the website hosted on VM B? Unless the Floating IPs discussion resolves this completely, the idea I currently have is to have Apache in its own VM, and I setup Neutron to send port 80 to it, where it's running a vhost setup similar to what I have now, redirecting each domain's traffic to VM A or VM B. Is that a typical setup?

I appreciate your help understanding this!

edit retag flag offensive close merge delete