Ask Your Question
0

disable snat for router gateway

asked 2016-01-18 22:46:54 -0600

aksan gravatar image

In the cli of neutron router-gateway-set, thers is an option of disable snat. http://docs.openstack.org/cli-referen...

Does that mean i can create a tenant network and the packet will go out with the same fixed ip of the vm? Assume the tenant network created is routable or identifiable in the physical network. I tried to disable snat for the router gateway, but the packet wasn't going out from the external interface. Do i need to edit some iptable rules or the disable snat option doesn't work?

edit retag flag offensive close merge delete
add a comment

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-01-19 05:52:42 -0600

dbaxps gravatar image

updated 2016-01-21 11:12:41 -0600

UPDATE 01/21/2015
Final draft here
How to create a tenant's network and the packet will go out with the same fixed ip of the vm ?
END UPDATE

I will change you your question a bit :-

Can i create a tenant network and the packet will go out with the same fixed ip of the vm? Assuming the tenant network created is routable or identifiable in the physical network.

The answer is "YES". Solution doesn't require creating Neutron Router ( with or without SNAT enabled )
All you need to do is conversion of schema suggested in
https://visibilityspots.org/vlan-flat...
from "vlan" external network provider to "flat". That is it.

Here is important to understand, that bridged neutron external networking won't allow disable SNAT, due to SNAT is used  for outbound internet connectivity, in case of using external network provider non bridged external networking came into play. Via tap-interface attached to br-int network flow will be forwarded to  Port int-br-ex , which makes veth-pair with Port phy-br-ex . The last one belongs to bridge br-ex, the bridge which due to OVS configuration (been tuned properly)  will provide vice/versa Internet connectivity.

Obviously , before suggesting this to you , I did conversion myself to avoid misleading advises.
Neutron Flow here 

[root@ip-192-169-142-57 ~(keystone_admin)]# neutron net-list
+--------------------------------------+---------+-------------------------------------------------------+
| id                                   | name    | subnets                                               |
+--------------------------------------+---------+-------------------------------------------------------+
| 92c6b85e-4798-4553-b5e8-795f592e170e | flatnet | 83fca168-bd34-4e80-af04-4b93b5012d26 192.169.142.0/24 |
+--------------------------------------+---------+-------------------------------------------------------+
[root@ip-192-169-142-57 ~(keystone_admin)]# neutron subnet-list
+--------------------------------------+-------------+------------------+--------------------------------------------------------+
| id                                   | name        | cidr             | allocation_pools                                       |
+--------------------------------------+-------------+------------------+--------------------------------------------------------+
| 83fca168-bd34-4e80-af04-4b93b5012d26 | sub-flatnet | 192.169.142.0/24 | {"start": "192.169.142.150", "end": "192.169.142.254"} |
+--------------------------------------+-------------+------------------+--------------------------------------------------------+
[root@ip-192-169-142-57 ~(keystone_admin)]# nova list
+--------------------------------------+--------------+--------+------------+-------------+-------------------------+
| ID                                   | Name         | Status | Task State | Power State | Networks                |
+--------------------------------------+--------------+--------+------------+-------------+-------------------------+
| 0f13ef50-6b21-41d0-a177-e9a22a5b55ba | CirrOSDevs01 | ACTIVE | -          | Running     | flatnet=192.169.142.151 |
+--------------------------------------+--------------+--------+------------+-------------+-------------------------+

External access verification && outbound connectivity ( no L3 routing involved )

[boris@fedora23wks Downloads]$ ssh -i oskeyflat.pem cirros@192.169.142.151
$ curl lxer.com | more
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <META NAME="ROBOTS" CONTENT="INDEX,FOLLOW">
    <meta name="google-site-verification" content="6tFgESnLJbo8sqG_YHyXnZKyhetwqnAEu6wLJJePRBY" />
    <link rel="stylesheet" href="/inc/style.css" media="screen">
    <link REL="shortcut icon" HREF="/favicon.ico" TYPE="image/x-icon">
    <link REL="alternate" TITLE="LXer Linux News" HREF="/module/newswire/headlines.rss" TYPE="application/rss+xml">
    <title>LXer: Linux News</title>

  </head>
  <body>
    <div id="container">
      <div id="header">
        <ul>
          <li><a href="/module/newswire/">Home</a></li>
          <li><a href="/module/forums/">Forums</a></li>
          <li><a href="/module/db/viewby.php?uid=108&amp;option=&amp;value=&amp;sort=108&amp;offset=0&amp;dbn=12">Migrations</a></li>
100 52730    0 52730    0     0  60583      0 --:--:-- --:--:-- --:--:-- 79773
edit flag offensive delete link more
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2016-01-18 22:46:54 -0600

Seen: 1,946 times

Last updated: Jan 21 '16

Related questions

neutron router-interface-add with openstack client?

unable to create gateway for tenant router

Specifying static Mac address for neutron router external gateway port

How to assign floating IP [closed]

openstack cli router gateway set

Linux Bridge External (virtual) Router cannot ping physical router

router namespace goes disappear

Neutron: Router port connected to external network is showing status Down

How to edit router gateway IP address?

put router gateway interface on specific node