Minimal devstack with nova and floating ips

asked 2016-01-24 17:50:33 -0600

Cirdec gravatar image

I'm trying to set up a minimal devstack that can launch nova instances, some which will have public addresses, and some which will need to open connections to the public network. I'd like to be able to assign floating ips to the instances, and have traffic originating from the instances with public addresses reach the public network.

Addressing

Devstack will be running on a single Ubuntu 14.04 box with two physical interfaces. The first interface eth0 is on 10.48.4.0/22, on which I own the address 10.48.6.232; this is the management connection to the box. The second interface eth1 is on 10.48.8.0/22 and owns the addresses 10.48.11.6 and 10.48.11.57-10.48.11.59. eth1 is configured to use the 10.48.11.6 address, leaving a small pool of addresses for the floating range.

auto eth1
iface eth1 inet static
    address 10.48.11.6
    netmask 255.255.252.0

I'd like to use the range 10.48.11.57-10.48.11.59 as the floating IP pool. This makes up the start of my local.conf

[[local|localrc]]

# Devstack host IP eth1 address
HOST_IP=10.48.11.6

# Private network
FIXED_RANGE=10.90.100.0/24
NETWORK_GATEWAY=10.90.100.1

# Public network
Q_FLOATING_ALLOCATION_POOL=start=10.48.11.57,end=10.48.11.59
FLOATING_RANGE=10.48.8.0/22
PUBLIC_NETWORK_GATEWAY=10.48.8.1

# Public network is eth1
PUBLIC_INTERFACE=eth1

ML2

The remainder of the relevant part of my local.conf is configuring neutron and ovs to use the public network. I've followed the instructions in the comments in https://github.com/openstack-dev/devstack/blob/stable/liberty/lib/neutron-legacy (neutron-legacy).

# Neutron
# -------

PUBLIC_BRIDGE=br-ex

Q_USE_PROVIDERNET_FOR_PUBLIC=True
PUBLIC_PHYSICAL_NETWORK=public
OVS_BRIDGE_MAPPINGS=public:br-ex

# Neutron Provider Network
ENABLE_TENANT_TUNNELS=True
PHYSICAL_NETWORK=public
OVS_PHYSICAL_BRIDGE=br-ex

# Use ml2 and openvswitch
Q_PLUGIN=ml2
Q_ML2_PLUGIN_MECHANISM_DRIVERS=openvswitch,logger
Q_AGENT=openvswitch
enable_service q-agt

# ml2 vxlan
Q_ML2_TENANT_NETWORK_TYPE=vxlan
Q_ML2_PLUGIN_VXLAN_TYPE_OPTIONS=(vni_ranges=1001:2000)
Q_AGENT_EXTRA_AGENT_OPTS=(tunnel_types=vxlan vxlan_udp_port=8472)
Q_USE_NAMESPACE=True
Q_USE_SECGROUP=True

Resulting network

I changed the default security policy for the demo project to be permissive.

The resulting network routes traffic between the devstack host and the private subnet, but not between the devstack host and the 10.48.8.0/22, between instances and the physical 10.48.8.0/22 or between the physical 10.48.8.0/22 network and the public 10.48.8.0/22 subnet.

      \ destination   gateway     devstack     router1       private
source \              10.48.8.1   10.48.11.6   10.48.11.57   10.90.100.0/24

physical              pings       X            X             na
10.48.8.0/22

devstack              X           pings        pings         pings
10.48.11.6

private               X           pings        pings         pings
10.90.100.0/24

Traffic leaving the public network should reach the physical network. Traffic leaving the private network should be NATed onto the public network. Traffic entering from the physical network should reach the public network.

The resulting ovs bridges ... (more)

edit retag flag offensive close merge delete

Comments

Hi, using devstack, have you been able to provide manual floating ip, gateway and fixed ip range for the openstack vms successfully ?

nag gravatar imagenag ( 2017-07-07 13:16:42 -0600 )edit