Ask Your Question
0

Adding additional NAT rule on neutron-l3-agent

asked 2015-02-12 19:29:01 -0500

bb gravatar image

updated 2015-02-13 13:20:43 -0500

[Edited the question based on comment]

Have a requirement where an instance needs to autoscale using heat template. Each auto-scaled instance is to have same floating-ip but to have different internal IPs.

From little knowledge of openstack, qrouter does both DNAT & SNAT and appropriately fwds the packet. As per my requirement, this floating-ip is to be mapped with multiple instances. So, was thinking, it is a problem of routing and adding corresponding DNAT & SNAT entries on qrouter would suffice.

So, broke down the problem in to 2 parts

1) Create a floating-ip and add rules in to qrouter to Mimic "associate-floating-ip" functionality. Pls note this is not ECMP but one-one mapping between floating-ip and instance. 2) Once #1, add rules for ECMP as described in the requirement. One-Many mapping between floating-ip and instance.

I don't want to use LBaaS for my requirement because it has only One-One between LBaaS instance and floating-IP.

When trying #1, created a floating-ip 10.11.179.63 and mapped to single instance by creating rules in qrouter as below. But the ping did not succeed. Seems like "associate-floating-ip" does more work than just creating NAT rules on qrouter.

ip netns exec qrouter-0deb1b8e-f856-4045-818e-405807936f5b iptables -t nat -A neutron-l3-agent-OUTPUT -d 10.11.179.63/32 -j DNAT --to-destination 192.168.111.129

ip netns exec qrouter-0deb1b8e-f856-4045-818e-405807936f5b iptables -t nat -A neutron-l3-agent-PREROUTING -d 10.11.179.63/32 -j DNAT --to-destination 192.168.111.129

ip netns exec qrouter-0deb1b8e-f856-4045-818e-405807936f5b iptables -t nat -A neutron-l3-agent-float-snat -s 192.168.111.129/32 -j SNAT --to-source 10.11.179.63
edit retag flag offensive close merge delete

Comments

What do you mean, "have a floating ip mapped to one or more instance"? You mean like a load balancer?

larsks gravatar imagelarsks ( 2015-02-13 11:09:13 -0500 )edit

My requirement is this, An Instance needs to autoscale and have same floating ip, don't want use LBaaS. So, was trying to create a floating-ip and create rules in qrouter to achieve this.

Step-1: created only one instance and floating ip. Manually added rules to qrouter. Ping did not work

bb gravatar imagebb ( 2015-02-13 12:06:00 -0500 )edit

@bb please edit your question when you respond to comments: try to make the question clear at first sight . Read https://ask.openstack.org/faq

smaffulli gravatar imagesmaffulli ( 2015-02-13 12:23:27 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2015-02-16 19:31:28 -0500

bb gravatar image

updated 2015-02-16 19:37:32 -0500

Managed to find the answer to manipulate the l3-route-agent for my NAT rules.

ip netns exec qrouter-0deb1b8e-f856-4045-818e-405807936f5b iptables -t nat -A neutron-l3-agent-OUTPUT -d 10.11.179.63/32 -j DNAT --to-destination 192.168.111.150

ip netns exec qrouter-0deb1b8e-f856-4045-818e-405807936f5b iptables -t nat -A neutron-l3-agent-PREROUTING -d 10.11.179.63/32 -j DNAT --to-destination 192.168.111.150

ip netns exec qrouter-0deb1b8e-f856-4045-818e-405807936f5b iptables -t nat -A neutron-l3-agent-float-snat -s 192.168.111.150/32 -j SNAT --to-source 10.11.179.63

ip netns exec qrouter-0deb1b8e-f856-4045-818e-405807936f5b ip addr add 10.11.179.63/32 brd 10.11.179.63 dev qg-b2e3c286-b2

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-02-12 19:29:01 -0500

Seen: 1,185 times

Last updated: Feb 16 '15