disable snat for router gateway

answered 2016-01-19 05:52:42 -0500

10788 ●57 ●112 ●224 http://bderzhavets.blo...

updated 2016-01-21 11:12:41 -0500

UPDATE 01/21/2015
Final draft here
How to create a tenant's network and the packet will go out with the same fixed ip of the vm ?
END UPDATE

I will change you your question a bit :-

Can i create a tenant network and the packet will go out with the same fixed ip of the vm? Assuming the tenant network created is routable or identifiable in the physical network.

The answer is "YES". Solution doesn't require creating Neutron Router ( with or without SNAT enabled )
All you need to do is conversion of schema suggested in
https://visibilityspots.org/vlan-flat...
from "vlan" external network provider to "flat". That is it.

Here is important to understand, that bridged neutron external networking won't allow disable SNAT, due to SNAT is used  for outbound internet connectivity, in case of using external network provider non bridged external networking came into play. Via tap-interface attached to br-int network flow will be forwarded to  Port int-br-ex , which makes veth-pair with Port phy-br-ex . The last one belongs to bridge br-ex, the bridge which due to OVS configuration (been tuned properly)  will provide vice/versa Internet connectivity.

Obviously , before suggesting this to you , I did conversion myself to avoid misleading advises.
Neutron Flow here

[root@ip-192-169-142-57 ~(keystone_admin)]# neutron net-list
+--------------------------------------+---------+-------------------------------------------------------+
| id                                   | name    | subnets                                               |
+--------------------------------------+---------+-------------------------------------------------------+
| 92c6b85e-4798-4553-b5e8-795f592e170e | flatnet | 83fca168-bd34-4e80-af04-4b93b5012d26 192.169.142.0/24 |
+--------------------------------------+---------+-------------------------------------------------------+
[root@ip-192-169-142-57 ~(keystone_admin)]# neutron subnet-list
+--------------------------------------+-------------+------------------+--------------------------------------------------------+
| id                                   | name        | cidr             | allocation_pools                                       |
+--------------------------------------+-------------+------------------+--------------------------------------------------------+
| 83fca168-bd34-4e80-af04-4b93b5012d26 | sub-flatnet | 192.169.142.0/24 | {"start": "192.169.142.150", "end": "192.169.142.254"} |
+--------------------------------------+-------------+------------------+--------------------------------------------------------+
[root@ip-192-169-142-57 ~(keystone_admin)]# nova list
+--------------------------------------+--------------+--------+------------+-------------+-------------------------+
| ID                                   | Name         | Status | Task State | Power State | Networks                |
+--------------------------------------+--------------+--------+------------+-------------+-------------------------+
| 0f13ef50-6b21-41d0-a177-e9a22a5b55ba | CirrOSDevs01 | ACTIVE | -          | Running     | flatnet=192.169.142.151 |
+--------------------------------------+--------------+--------+------------+-------------+-------------------------+

External access verification && outbound connectivity ( no L3 routing involved )

[boris@fedora23wks Downloads]$ ssh -i oskeyflat.pem cirros@192.169.142.151
$ curl lxer.com | more
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <META NAME="ROBOTS" CONTENT="INDEX,FOLLOW">
    <meta name="google-site-verification" content="6tFgESnLJbo8sqG_YHyXnZKyhetwqnAEu6wLJJePRBY" />
    <link rel="stylesheet" href="/inc/style.css" media="screen">
    <link REL="shortcut icon" HREF="/favicon.ico" TYPE="image/x-icon">
    <link REL="alternate" TITLE="LXer Linux News" HREF="/module/newswire/headlines.rss" TYPE="application/rss+xml">
    <title>LXer: Linux News</title>

  </head>
  <body>
    <div id="container">
      <div id="header">
        <ul>
          <li><a href="/module/newswire/">Home</a></li>
          <li><a href="/module/forums/">Forums</a></li>
          <li><a href="/module/db/viewby.php?uid=108&amp;option=&amp;value=&amp;sort=108&amp;offset=0&amp;dbn=12">Migrations</a></li>
100 52730    0 52730    0     0  60583      0 --:--:-- --:--:-- --:--:-- 79773

edit flag offensive delete link

add a comment

1 answer

Your Answer

Get to know Ask OpenStack

Question Tools

Stats

Related questions

Feedback About This Page

OpenStack

Community

Documentation

Branding & Legal

disable snat for router gateway edit