Ask Your Question
1

External network and floating IPs

asked 2015-07-08 06:32:38 -0500

Daniel Ruiz gravatar image

Hello,

I'm going to install a Openstack cloud using "packstack" in the following scenario: a server that will act as controller node and network node simultaniously, with 3 NICs. First NIC has (and-need-to-has) a public IP and will be connected into the management network (yes, management network with public IP); second NIC will be for VM data; third NIC will be for external network (floating IPs) but, in this case, this external network need to be (must be) a subnet from my management network because as I have explained before, my management network is also public network. two compute nodes with 2 NICs. First NIC connected to the management network (and, also, with public IPs); second NIC for VM data.

With this answer file:

> CONFIG_SSH_KEY=/root/.ssh/id_rsa.pub
> CONFIG_DEFAULT_PASSWORD=MYPASSWORD
> CONFIG_MARIADB_INSTALL=y
> CONFIG_GLANCE_INSTALL=y
> CONFIG_CINDER_INSTALL=n
> CONFIG_MANILA_INSTALL=n
> CONFIG_NOVA_INSTALL=y
> CONFIG_NEUTRON_INSTALL=y
> CONFIG_HORIZON_INSTALL=y
> CONFIG_SWIFT_INSTALL=n
> CONFIG_CEILOMETER_INSTALL=n
> CONFIG_HEAT_INSTALL=n
> CONFIG_SAHARA_INSTALL=n
> CONFIG_TROVE_INSTALL=n
> CONFIG_IRONIC_INSTALL=n
> CONFIG_CLIENT_INSTALL=y
> CONFIG_NTP_SERVERS=ntp-server
> CONFIG_NAGIOS_INSTALL=n
> EXCLUDE_SERVERS= CONFIG_DEBUG_MODE=n
> CONFIG_CONTROLLER_HOST=CONTROLLER
> CONFIG_COMPUTE_HOSTS=COMPUTE-1,COMPUTE-2
> CONFIG_NETWORK_HOSTS=CONTROLLER
> CONFIG_VMWARE_BACKEND=n
> CONFIG_UNSUPPORTED=n
> CONFIG_VCENTER_HOST=
> CONFIG_VCENTER_USER=
> CONFIG_VCENTER_PASSWORD=
> CONFIG_VCENTER_CLUSTER_NAME=
> CONFIG_STORAGE_HOST=CONTROLLER
> CONFIG_SAHARA_HOST=CONTROLLER
> CONFIG_USE_EPEL=n CONFIG_REPO=
> CONFIG_RH_USER= CONFIG_SATELLITE_URL=
> CONFIG_RH_PW= CONFIG_RH_OPTIONAL=y
> CONFIG_RH_PROXY= CONFIG_RH_PROXY_PORT=
> CONFIG_RH_PROXY_USER=
> CONFIG_RH_PROXY_PW=
> CONFIG_SATELLITE_USER=
> CONFIG_SATELLITE_PW=
> CONFIG_SATELLITE_AKEY=
> CONFIG_SATELLITE_CACERT=
> CONFIG_SATELLITE_PROFILE=
> CONFIG_SATELLITE_FLAGS=
> CONFIG_SATELLITE_PROXY=
> CONFIG_SATELLITE_PROXY_USER=
> CONFIG_SATELLITE_PROXY_PW=
> CONFIG_AMQP_BACKEND=rabbitmq
> CONFIG_AMQP_HOST=CONTROLLER
> CONFIG_AMQP_ENABLE_SSL=n
> CONFIG_AMQP_ENABLE_AUTH=n
> CONFIG_AMQP_NSS_CERTDB_PW=PW_PLACEHOLDER
> CONFIG_AMQP_SSL_PORT=5671
> CONFIG_AMQP_SSL_CACERT_FILE=/etc/pki/tls/certs/amqp_selfcert.pem
> CONFIG_AMQP_SSL_CERT_FILE=/etc/pki/tls/certs/amqp_selfcert.pem
> CONFIG_AMQP_SSL_KEY_FILE=/etc/pki/tls/private/amqp_selfkey.pem CONFIG_AMQP_SSL_SELF_SIGNED=y
> CONFIG_AMQP_AUTH_USER=amqp_user
> CONFIG_AMQP_AUTH_PASSWORD=PW_PLACEHOLDER
> CONFIG_MARIADB_HOST=CONTROLLER
> CONFIG_MARIADB_USER=root
> CONFIG_MARIADB_PW=MYPASSWORD
> CONFIG_KEYSTONE_DB_PW=MYPASSWORD
> CONFIG_KEYSTONE_REGION=RegionOne
> CONFIG_KEYSTONE_ADMIN_TOKEN=3f87ef703c8443e0bffea9f14c49a615
> CONFIG_KEYSTONE_ADMIN_EMAIL=root@localhost
> CONFIG_KEYSTONE_ADMIN_USERNAME=admin
> CONFIG_KEYSTONE_ADMIN_PW=password
> CONFIG_KEYSTONE_DEMO_PW=demo
> CONFIG_KEYSTONE_API_VERSION=v2.0
> CONFIG_KEYSTONE_TOKEN_FORMAT=UUID
> CONFIG_KEYSTONE_SERVICE_NAME=httpd
> CONFIG_KEYSTONE_IDENTITY_BACKEND=sql
> CONFIG_KEYSTONE_LDAP_URL=ldap://CONTROLLER
> CONFIG_KEYSTONE_LDAP_USER_DN=
> CONFIG_KEYSTONE_LDAP_USER_PASSWORD=
> CONFIG_KEYSTONE_LDAP_SUFFIX=
> CONFIG_KEYSTONE_LDAP_QUERY_SCOPE=one
> CONFIG_KEYSTONE_LDAP_PAGE_SIZE=-1
> CONFIG_KEYSTONE_LDAP_USER_SUBTREE=
> CONFIG_KEYSTONE_LDAP_USER_FILTER=
> CONFIG_KEYSTONE_LDAP_USER_OBJECTCLASS=
> CONFIG_KEYSTONE_LDAP_USER_ID_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_USER_NAME_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_USER_MAIL_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_USER_ENABLED_ATTRIBUTE= CONFIG_KEYSTONE_LDAP_USER_ENABLED_MASK=-1
> CONFIG_KEYSTONE_LDAP_USER_ENABLED_DEFAULT=TRUE
> CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT=n
> CONFIG_KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE=
> CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE=n
> CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE=n
> CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE=n
> CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN=
> CONFIG_KEYSTONE_LDAP_USER_ADDITIONAL_ATTRIBUTE_MAPPING=
> CONFIG_KEYSTONE_LDAP_GROUP_SUBTREE=
> CONFIG_KEYSTONE_LDAP_GROUP_FILTER=
> CONFIG_KEYSTONE_LDAP_GROUP_OBJECTCLASS=
> CONFIG_KEYSTONE_LDAP_GROUP_ID_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_GROUP_NAME_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE= CONFIG_KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE=
> CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE= CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE=n
> CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE=n
> CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE=n
> CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING=
> CONFIG_KEYSTONE_LDAP_USE_TLS=n
> CONFIG_KEYSTONE_LDAP_TLS_CACERTDIR=
> CONFIG_KEYSTONE_LDAP_TLS_CACERTFILE=
> CONFIG_KEYSTONE_LDAP_TLS_REQ_CERT=demand
> CONFIG_GLANCE_DB_PW=MYPASSWORD
> CONFIG_GLANCE_KS_PW=MYPASSWORD
> CONFIG_GLANCE_BACKEND=file
> CONFIG_CINDER_DB_PW=PW_PLACEHOLDER
> CONFIG_CINDER_KS_PW=PW_PLACEHOLDER
> CONFIG_CINDER_BACKEND=lvm
> CONFIG_CINDER_VOLUMES_CREATE=y
> CONFIG_CINDER_VOLUMES_SIZE=20G
> CONFIG_CINDER_GLUSTER_MOUNTS=
> CONFIG_CINDER_NFS_MOUNTS=
> CONFIG_CINDER_NETAPP_LOGIN=
> CONFIG_CINDER_NETAPP_PASSWORD=
> CONFIG_CINDER_NETAPP_HOSTNAME=
> CONFIG_CINDER_NETAPP_SERVER_PORT=80
> CONFIG_CINDER_NETAPP_STORAGE_FAMILY=ontap_cluster
> CONFIG_CINDER_NETAPP_TRANSPORT_TYPE=http
> CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL=nfs
> CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER=1.0
> CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES=720
> CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START=20
> CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP=60
> CONFIG_CINDER_NETAPP_NFS_SHARES=
> CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG=/etc/cinder/shares.conf CONFIG_CINDER_NETAPP_VOLUME_LIST=
> CONFIG_CINDER_NETAPP_VFILER=
> CONFIG_CINDER_NETAPP_PARTNER_BACKEND_NAME=
> CONFIG_CINDER_NETAPP_VSERVER=
> CONFIG_CINDER_NETAPP_CONTROLLER_IPS=
> CONFIG_CINDER_NETAPP_SA_PASSWORD=
> CONFIG_CINDER_NETAPP_ESERIES_HOST_TYPE=linux_dm_mp
> CONFIG_CINDER_NETAPP_WEBSERVICE_PATH=/devmgr/v2
> CONFIG_CINDER_NETAPP_STORAGE_POOLS=
> CONFIG_MANILA_DB_PW=PW_PLACEHOLDER
> CONFIG_MANILA_KS_PW=PW_PLACEHOLDER
> CONFIG_MANILA_BACKEND=generic
> CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS=false
> CONFIG_MANILA_NETAPP_TRANSPORT_TYPE=https
> CONFIG_MANILA_NETAPP_LOGIN=admin
> CONFIG_MANILA_NETAPP_PASSWORD=
> CONFIG_MANILA_NETAPP_SERVER_HOSTNAME=
> CONFIG_MANILA_NETAPP_STORAGE_FAMILY=ontap_cluster
> CONFIG_MANILA_NETAPP_SERVER_PORT=443
> CONFIG_MANILA_NETAPP_AGGREGATE_NAME_SEARCH_PATTERN=(.*)
> CONFIG_MANILA_NETAPP_ROOT_VOLUME_AGGREGATE=
> CONFIG_MANILA_NETAPP_ROOT_VOLUME_NAME=root
> CONFIG_MANILA_NETAPP_VSERVER=
> CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS=true
> CONFIG_MANILA_GENERIC_VOLUME_NAME_TEMPLATE=manila-share-%s
> CONFIG_MANILA_GENERIC_SHARE_MOUNT_PATH=/shares
> CONFIG_MANILA_SERVICE_IMAGE_LOCATION=https://www.dropbox.com/s/vi5oeh10q1qkckh/ubuntu_1204_nfs_cifs.qcow2
> CONFIG_MANILA_SERVICE_INSTANCE_USER=ubuntu
> CONFIG_MANILA_SERVICE_INSTANCE_PASSWORD=ubuntu
> CONFIG_MANILA_NETWORK_TYPE=neutron
> CONFIG_MANILA_NETWORK_STANDALONE_GATEWAY=
> CONFIG_MANILA_NETWORK_STANDALONE_NETMASK=
> CONFIG_MANILA_NETWORK_STANDALONE_SEG_ID=
> CONFIG_MANILA_NETWORK_STANDALONE_IP_RANGE=
> CONFIG_MANILA_NETWORK_STANDALONE_IP_VERSION=4
> CONFIG_IRONIC_DB_PW=PW_PLACEHOLDER
> CONFIG_IRONIC_KS_PW=PW_PLACEHOLDER
> CONFIG_NOVA_DB_PW=MYPASSWORD
> CONFIG_NOVA_KS_PW=MYPASSWORD
> CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO=16.0
> CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO=1.5
> CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL=tcp
> CONFIG_NOVA_COMPUTE_MANAGER=nova.compute.manager.ComputeManager
> CONFIG_NOVA_COMPUTE_PRIVIF=eth1
> CONFIG_NOVA_NETWORK_MANAGER=nova.network.manager.FlatDHCPManager
> CONFIG_NOVA_NETWORK_PUBIF=eth0
> CONFIG_NOVA_NETWORK_PRIVIF=eth1
> CONFIG_NOVA_NETWORK_FIXEDRANGE=192.168.32.0/22
# really, I don't know if I need to change that range because I will use Neutron and not nova-network !?!?!?!
> CONFIG_NOVA_NETWORK_FLOATRANGE=10.3.4 ...
(more)
edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2015-07-08 07:26:04 -0500

dbaxps gravatar image

updated 2015-07-08 07:29:38 -0500

See :-
1. ML2&OVS&VLAN (RDO Kilo tested) http://bderzhavets.blogspot.com/2015/...
2. ML2&OVS&VXLAN (RDO Juno tested, however would work for Kilo as well ) Would work on RDO Kilo with slightly changed answer-file:-
CONFIG_KEYSTONE_SERVICE_NAME=httpd
http://bderzhavets.blogspot.com/2014/...
Skip all Gluster Cluster related tunning, just take answer-file from last post

edit flag offensive delete link more
0

answered 2015-07-09 03:44:57 -0500

Daniel Ruiz gravatar image

Hi,

Thansk for your answer, but I don't know really if your answer can help me, because I need to you "gre" and not "vlan" or "vxlan". Also I have yet configured keystone with httpd.

My question is focused about network concepts and configuration when eth0 (management) and eth2 (external) networks and nics NEED to share the same physical network.

I will use this answer for asking a "elemental" question for neutron but, for me, answer is not trivial. Management network applied in the configuration files must be the physical management network. Data network can be any "private" network where all my computes and network server could communicate between them, but a user could create any private network from the dashboard, isn't it? ... And external network (for floating IPs) should be configured in files as a subnet of the physical network. Then, I don't undersand the differences between launch an instance with ONLY private network and assign a floating IP and launch an instance with private and public network. In the second case, instance can get a public IP address from my own DHCP agent.

Bufff, what a mess!!

Help, please!!

edit flag offensive delete link more

Comments

Switching answer-file from vxlan tunnelling to gre tunnelling is pretty straight forward.

dbaxps gravatar imagedbaxps ( 2015-07-09 03:56:59 -0500 )edit

I have yet configured with "gre"

CONFIG_NEUTRON_ML2_TYPE_DRIVERS=gre CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES=gre

Daniel Ruiz gravatar imageDaniel Ruiz ( 2015-07-09 04:00:25 -0500 )edit

I have checked my Data Network for instances is going through eth0 and not through eth1, despite of parameters "CONFIG_NOVA_NETWORK_PUBIF=eth0" and "CONFIG_NOVA_NETWORK_PRIVIF=eth1"... Or are that parameters ONLY for nova-network??? I that case, how can I define that network topology in neutron?

Daniel Ruiz gravatar imageDaniel Ruiz ( 2015-07-09 06:13:39 -0500 )edit

RDO deprecated Nova Network in Havana Release.

dbaxps gravatar imagedbaxps ( 2015-07-09 06:43:07 -0500 )edit
0

answered 2015-07-09 11:31:55 -0500

capsali gravatar image

Tipically you need 3 separate networks. One is the private network, in which openstack services communicate that is present on all nodes (compute, network,controller, storage etc.). The second is the tunneling network, that connects instances from the compute nodes to the network nodes(dor metadata, dhcp, etc.), through an encapsulation protocol (gre, vxlan, vlan). The third network is used for external connectivity in forms of floating ips that can be associated with an instance.

This is the basic set-up. In your case, you could use same eth for management and external network because they are in the same subnet. But it is recomanded that you separate them. So you can have eth0 that is on a public network to be used for external network, eth1 for tunneling and eth2 for management network, a private network.You will need internet connectivity for packages so you assign a static ip to eth0 and enable promiscuous mode on it. For the other two networks, assing different ip's from two different subnets with no gateway.

Neutron works like this. You create a project network and its subnet (the gre tunnel that links instances to the network node), a provider(external) network/subnet and a router.You set the router gateway to the external network and attach a port on the project network. You boot up an instance with a private ip from the project network. In this stage network node acts as a SNAT for the instance. You can reach the outside world from within the instance but not the other way around. For this you need to associate a floating ip to the instance. When you associate a FIP to the instace , neutron basicaly creates a NAT rule that binds external ip to the internal instance ip. Now network node acts as SNAT and DNAT for that instance.

I never used devstack, i installed manually so i can't tell you the config for it. But i see that you only have gre as a type driver. You need a driver for provider network(external) that connects to your phisical router and i don't think you use a gre tunnel for it. You either need vlan or flat. So the config should look like CONFIG_NEUTRON_ML2_TYPE_DRIVERS=flat,vlan,gre,vxlan

Also you need CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet1:br-ex.

You should read the documentation on openstack site for more indeph knowlage.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

2 followers

Stats

Asked: 2015-07-08 06:32:38 -0500

Seen: 851 times

Last updated: Jul 09 '15