Do all compute nodes require a port to the public network?

asked 2015-11-10 11:25:45 -0500

I'm working off of the new Openstack Liberty documentation for building a cloud. Looking at this image, it seems that each compute node requires its own network drop into the public internet. This would be very costly, as we have dozens of physical compute nodes, each requiring its own network drop.

I know that it was possible to route all public network connections through a single network node using OpenVSwitch -- I configured a demo network that did so. However, as many others have found, OpenVSwitch seems to be incredibly unstable, causing kernel panics and segfaults repeatedly. I'm interested in using the new recommended linux bridge plugin with a self-service network, but I'd like to use only a single network drop. Is this possible?

You wrote : OpenVSwitch seems to be incredibly unstable, causing kernel panics and segfaults repeatedly.
Which OS are you running ?

dbaxps gravatar imagedbaxps ( 2015-11-10 15:23:40 -0500 )edit

Running Ubuntu Trusty 14.04

jamesgao gravatar imagejamesgao ( 2015-11-10 15:42:50 -0500 )edit

answered 2015-11-12 05:56:55 -0500

As stated above we too didn't get any instability from OpenVSwitch!

That being said you do not necesarily need access to the external network on compute nodes if you are planning on using FIPs. By using only FIPs all external traffic is routed through network node to the compute nodes thorugh tunnels.

Although it;s not mandatory to have an external connection for compute nodes it is higly recommanded. With no external connection on compute nodes yyou cannot attach a instance port to provider network directly, thus relying on FIPs for external access to instances!

answered 2015-11-11 02:45:59 -0500

updated 2015-11-11 02:52:30 -0500

Was your demo cloud based on liberty / ubuntu 14.04 LTS ?

Because the instability you are describing is not something we have encountered in our production cloud, but ours is based on icehouse / SL6. I also demoed juno / CentOS 7 without any instability problem such as yours.

The network node allows all your compute nodes to access internet through NAT'ed interfaces, the floating ips are only needed if your vms should be available FROM the internet, for example if you have a web server that should be world-visible.

