Ask Your Question
0

vm with direct connectivity to external network

asked 2015-12-15 14:40:56 -0500

aksan gravatar image

Is it possible to connect a VM directly to external network through a router with nat disabled, without using floating IP and using a IP which is identifiable in physical network? If possible, How should i do that?

edit retag flag offensive close merge delete

4 answers

Sort by ยป oldest newest most voted
2

answered 2015-12-16 09:09:26 -0500

capsali gravatar image

I don't see the point in connecting to the ext net with a router if you are not going to use FIP's. As stated by the previous answer you can connect directly to the provider network if the tenant who created the ext network is the one who want's to connect an instance to it. Or you can share the network to all tenants to use it. Or create RBAC policies to control who has access to the provider network. There is no harm in doing so. And you can create FLAT,Vlan,Local provider network and connect instances to it directly.

As i know you cannot have public access to an instance without using FIP's when using a router. You can however attach two ports to an instance, one connected directly to the provider network and one on a private network connected to a router

edit flag offensive delete link more

Comments

I can see ext-net from a tenant that is not admin ,and i can attach vm directly to ext-net. But i can't ping the vm and can't ssh to the vm. I think the admin has not given that access. If i can access the admin tenant ,how to give access to all tenants to connect vm? Please elaborate on RBAC policy

aksan gravatar imageaksan ( 2015-12-16 09:54:05 -0500 )edit

well did you add security groups to the instance for icmp and ssh? These still apply even though you are connected directly to ext-net!

capsali gravatar imagecapsali ( 2015-12-16 12:23:52 -0500 )edit

if you want to give acces to all tenants for the ext-net you need to log in as admin and under admin>networks tab click edit the desired network and check the shared button (in horizon). The network will be available to all tenants. For sharing to specific tenants use RBAC policies.

capsali gravatar imagecapsali ( 2015-12-16 12:26:59 -0500 )edit

For more on RBAC read link text

capsali gravatar imagecapsali ( 2015-12-16 12:27:15 -0500 )edit

I didn't add any sec groups to instances. I have shared the ext-net to all tenants but still not able to ping or ssh to VMs. There is one port on ext-net "network: floatingip_agent_gateway", packets are going to this port and can't reach VM. There is one default gateway different from this one

aksan gravatar imageaksan ( 2015-12-16 13:18:17 -0500 )edit
2

answered 2016-07-27 14:25:48 -0500

Alexey Elokhov gravatar image

Hello! Maybe my experience will be useful:

Faced the same task - connect VMs directly to the public network. I am using Mitaka and OVS networking with separate network node (but I think this solution will work on other distros). To make direct connectivity possible I created bridges on each compute node and added interfaces connected to the public network (with names like on network node). Also I added bridge mapping in openvswitch_agent.ini on compute nodes. And now I have a possibility to use standard openstack NAT feature with floating IPs or I can directly add IPs from my public subnet to VMs!

edit flag offensive delete link more

Comments

Hi ! Can you tell something more about your solution ? With bridges on comute nodes are you created yet ? I have the same problem and your solution seems good but i can't get it working in my enviroment... Thanks for your help !

antek gravatar imageantek ( 2017-01-13 08:01:28 -0500 )edit

Hi! I added secondary interfaces of my compute nodes to the br-ex bridge with this command: "ovs-vsctl add-port br-ex eth3". I can share the neutron configs if you need them.

Alexey Elokhov gravatar imageAlexey Elokhov ( 2017-01-26 13:38:58 -0500 )edit

As @Alexey Elokhov says, it is possible. You can also make the configuration persist on reboots. See how br-ex file and iface file are on network node. I had "em1" as external. Add to br-ex, set default route. Restart network and ensure output ovs-vsctl br-ex has port em1 and port phy-br-ex.

nuriel77 gravatar imagenuriel77 ( 2017-02-13 08:46:15 -0500 )edit
1

answered 2015-12-16 00:47:58 -0500

Vinoth gravatar image

Yes, It is possible.

1) Configure the external network in Flat network type. 2) Select the external network while launching new VM. 3) Login to the terminal and configure static external IP address. (If you configure external network as Flat network with DHCP, Then ignore the step3. Since you should get the IP directly from DHCP agent. But I have not tested that scenario). 4) Reboot the VM.

Thanks, Vinoth

edit flag offensive delete link more

Comments

Hi Vinoth, Why do i need to configure the external network in Flat network type? Also, i think that connecting directly to external network is not allowed. BTW, i want to create a network which connects to external network through a router with nat disabled & access the VM without floating IP.

aksan gravatar imageaksan ( 2015-12-16 04:32:23 -0500 )edit
0

answered 2015-12-16 11:37:40 -0500

dbaxps gravatar image

See https://visibilityspots.org/vlan-flat...
It's addressing your question via External Network provider of VLAN type.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2015-12-15 14:40:56 -0500

Seen: 4,236 times

Last updated: Jul 27 '16