Mixture of "provider router" and "per-tenant router"

asked 2015-02-10 00:32:03 -0500

Herr-Herner gravatar image

updated 2015-02-10 01:04:36 -0500

I am fighting since days to get my network configuration running, but I do not succeed. Hopefully, someone can help. Please have a look at the following picture. It shows my required network topology. I require a single provider router as well as a router for each tenant. The provider router is attached to the external network.

image description

Admin-Tenant:

I have created the provider router "ext-router" and a network "int-net" with a subnet "int-subnet". The "ext-router" has the corresponding gateway set.

Tenant A:

I have created the router "tenant-router" and a "tenant-net" as well as a "tenant-subnet".

When I log into the Dashbard as "tenant". I get the following network topology. image description

Because I cannot set the gateway for the tenant-router, I have added a default routing entry to ensure routing to "ext-router".

ip netns exec qrouter-2aea00ab-1d51-4da6-ab5f-68230b8a3f57 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.16.0.1      0.0.0.0         UG    0      0        0 qr-aa8c28c7-51
10.0.0.0        0.0.0.0         255.255.252.0   U     0      0        0 qr-84c92d10-97
172.16.0.0      0.0.0.0         255.255.252.0   U     0      0        0 qr-aa8c28c7-51

Unfortunately, I cannot attach a floating IP to the "test-vm". There are no ports available. I think this comes from the problem that OpenStack thinks that there is no connection between "int-net" and "ext-net".

Here is the routing table of "ext-router"

ip netns exec qrouter-ca55b46a-4b35-4504-8aaf-063fb36cee77 route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         139.2.50.1      0.0.0.0         UG    0      0        0 qg-cb283a96-85
139.2.48.0      0.0.0.0         255.255.240.0   U     0      0        0 qg-cb283a96-85
172.16.0.0      0.0.0.0         255.255.252.0   U     0      0        0 qr-ea28c01c-09

image description

The router "ext-router" belongs to the admin tenant. Is this the problem, so that "ext-router" is not visible to "tenant"? How can I make sure that "tenant" packages are routed via "ext-router" connecting "int-net" and "ext-net" and "ext-router" becomes visible for "tenant"?

Thank you very much!

edit retag flag offensive close merge delete