Local_ip for GRE tunnels

asked 2013-12-10 04:52:50 -0500

Stiliyan gravatar image

updated 2014-01-22 15:12:37 -0500

Evgeny gravatar image

Hi, I am installing Neutron(in my version (Grizzly) is still named quantum) and I got to the point.

On the Network node I have two NICs - one for "Management network" and one for external internet access.On the compute node I have only one - for the "Management network".I got to the point in one guide where I need to provide local_ip for both of the nodes:

tenant_network_type = gre
tunnel_id_ranges = 1:1000
enable_tunneling = True
integration_bridge = br-int
tunnel_bridge = br-tun

My questions is - Do i need to create another interface on both of the machines and add them private addresses?

3 answers

answered 2013-12-10 07:36:50 -0500

darragh-oreilly gravatar image

You can use the "Management network". The GRE tunnels can work on any IP network.

Thanks for your fast answer. So for this setting I can write the MANAGEMENT_INTERFACE_IP but wouldn't it be a potential security risk?

Stiliyan ( 2013-12-10 12:10:23 -0500 )

The packets from the VMs will be encapsulated in IP/GRE, so tenants will not be able to see or breakout and access the physical network.

darragh-oreilly ( 2013-12-10 13:54:31 -0500 )

if worried about security problem using GRE, you should select NVGRE or VxLAN instead of GRE.

etlars ( 2013-12-10 18:14:01 -0500 )

@etlars why? The way the OVS plugin uses VXLAN does not make it any more or less secure than GRE. What Quantum plugin uses NVGRE?

darragh-oreilly ( 2013-12-11 03:00:15 -0500 )

answered 2013-12-11 03:28:09 -0500

Stiliyan gravatar image

Thanks for the answers.For the present I'm staying with GRE and I will use my management private network 10.2.0.x which connects all of the nodes.

answered 2013-12-10 18:12:01 -0500

etlars gravatar image

Your DATA_INTERFACE_IP can be also used as management usage if your controller node is using a IP addr of the same subnet of the network node.

Asked: 2013-12-10 04:52:50 -0500

Seen: 513 times

Last updated: Dec 11 '13