Ask Your Question
1

Is it possible to run a tenant router without consuming a floating ip as gateway address?

asked 2015-02-11 10:34:14 -0600

Michael Steffens gravatar image

We are attempting to expose multiple separated tenant networks via an external subnet, having only a very tight pool of floating IPs available. So it's a real pain that every tenant router is allocating its own gateway address from this pool, without this address ever being used in any actual routing configuration.

Tenant routers, configured in a way as described in http://docs.openstack.org/trunk/insta... , have to provide each floating IP individually on their gateway interface anyway, in order to perform NAT to the corresponding instance private addresses.

Assuming we will never expose the tenant networks directly via the routers (which would imply the need for a gateway address), but always perform inbound connections using the instances' floating IPs and NAT, is there any way to configure neutron not to allocate gateway IPs?

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
1

answered 2015-02-11 14:39:50 -0600

larsks gravatar image

After writing up an answer, I'm not sure I understand your question exactly. A router does not "allocate a gateway address" from the floating ip pool (the gateway address is whatever you assigned as the gateway when you created the external subnet). However, a router does require an address on the network in order to route properly:

A router namespace must have an address on the floating ip network, otherwise it would be unable to reach the default gateway for outbound traffic. Consider a router that connects a tenant network with address range 10.0.0.0/24 with an external network with range 192.168.1.0/24 (and a default gateway of 192.168.1.1); the interfaces would look something like:

9: qr-416ca0b2-c8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
    link/ether fa:16:3e:54:51:50 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global qr-416ca0b2-c8
       valid_lft forever preferred_lft forever
12: qg-2cad0370-bb: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default 
link/ether fa:16:3e:f8:f4:c4 brd ff:ff:ff:ff:ff:ff

Where the qr-... interface is on the private tenant network, and the qg-... network is connected to the external network.

This namespace needs to have a default route on the external network in order to properly route outbound traffic. Without an ip address assigned, if we try this inside the namespace:

ip route add default via 192.168.1.1

We get:

 RTNETLINK answers: Network is unreachable

Without an address on the floating ip network, we can't set up the necessary routes.

edit flag offensive delete link more

Comments

My wording was a quite sloppy, sorry, referring to the external router interface as gateway. I understand your answer as the router needs its own floating IP is outbound traffic of instances, which can't provide a floating IP of their own. Otherwise it could theoretically do without, right?

Michael Steffens gravatar imageMichael Steffens ( 2015-02-18 02:05:19 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-02-11 10:34:14 -0600

Seen: 619 times

Last updated: Feb 11 '15