Ask Your Question
0

Local_ip for GRE tunnels

asked 2013-12-10 04:52:50 -0500

Stiliyan gravatar image

updated 2014-01-22 15:12:37 -0500

Evgeny gravatar image

Hi, I am installing Neutron(in my version (Grizzly) is still named quantum) and I got to the point.

On the Network node I have two NICs - one for "Management network" and one for external internet access.On the compute node I have only one - for the "Management network".I got to the point in one guide where I need to provide local_ip for both of the nodes:

[ovs]
tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
integration_bridge = br-int
tunnel_bridge = br-tun
local_ip = DATA_INTERFACE_IP

My questions is - Do i need to create another interface on both of the machines and add them private addresses?

edit retag flag offensive close merge delete

3 answers

Sort by ยป oldest newest most voted
0

answered 2013-12-10 07:36:50 -0500

darragh-oreilly gravatar image

You can use the "Management network". The GRE tunnels can work on any IP network.

edit flag offensive delete link more

Comments

Thanks for your fast answer. So for this setting I can write the MANAGEMENT_INTERFACE_IP but wouldn't it be a potential security risk?

Stiliyan gravatar imageStiliyan ( 2013-12-10 12:10:23 -0500 )edit

The packets from the VMs will be encapsulated in IP/GRE, so tenants will not be able to see or breakout and access the physical network.

darragh-oreilly gravatar imagedarragh-oreilly ( 2013-12-10 13:54:31 -0500 )edit

if worried about security problem using GRE, you should select NVGRE or VxLAN instead of GRE.

etlars gravatar imageetlars ( 2013-12-10 18:14:01 -0500 )edit

@etlars why? The way the OVS plugin uses VXLAN does not make it any more or less secure than GRE. What Quantum plugin uses NVGRE?

darragh-oreilly gravatar imagedarragh-oreilly ( 2013-12-11 03:00:15 -0500 )edit
0

answered 2013-12-11 03:28:09 -0500

Stiliyan gravatar image

Thanks for the answers.For the present I'm staying with GRE and I will use my management private network 10.2.0.x which connects all of the nodes.

edit flag offensive delete link more
0

answered 2013-12-10 18:12:01 -0500

etlars gravatar image

Your DATA_INTERFACE_IP can be also used as management usage if your controller node is using a IP addr of the same subnet of the network node.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2013-12-10 04:52:50 -0500

Seen: 513 times

Last updated: Dec 11 '13