Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

All-in-One: How to set up an virtual external network completely inclosed within the host?

For a test setup of OpenStack, I followed PackStack All-in-One DIY Configuration on a virtual machine running Scientific Linux 6. The machine is located in a corporate OpenStack cloud. It is not (easily) possible to get an address range within this network that could be used for an external network for the instances. Thus, I will not be able to contact instances from outside the host. But I want to contact instances from the host and I want that instances can reach the host and the internet.

Setup

To be more precise: Might the host's IP be 137.131.143.147 (that's just a random address and not my real one). For my test setup It is not possible to get IP addresses from 137.131.143.0/24 for the instances. The host has just one NIC: eth0. I have set up a Neutron external network with the following properties

neutron subnet-create extnet --allocation-pool start=10.0.21.10,end=10.0.21.125 --gateway 10.0.21.1 --enable_dhcp=False 10.0.21.0/24

and an internal network with

neutron subnet-create rdonet 10.0.90.0/24

One of the instances has the _internal_ IP 10.0.90.4 and _external_ IP 10.0.21.11.

Goal

I want to achieve that

  • on the host I can run ping 10.0.21.11 to reach the instance via its external IP address.
  • on the instance I want to be able to ping 137.131.143.147 to reach the host and something like ping 8.8.8.8 because I want to reach the internet.

Problems

As the configured external network is completely virtual, there is currently noone behind the gateway IP 10.0.21.1. Thus a ping 10.0.21.1 from an instance or the namespace of the router gets lost in the network. This can be seen when running tcpdump on qg-…, tap-… and br-ex as

ARP, Request who-has 10.0.21.1 tell 10.0.21.10, length 28

without getting an answer where 10.0.21.10 is the IP of the router.

Questions

What would be a good way to solve this? Create another router, interface or something else with OpenVSwitch and assign the gateway IP 10.0.21.1 to it? And then add a route to the host's routing table to tell him to which interface packets to 10.0.21.0/24 should go? Could I add a route that just says to route packets with target 10.0.21.0/24 to br-ex?

Configuration

Everything is in the same Gist https://gist.github.com/blipp/64639aad6149a54826ca

  • # ifconfig: https://gist.github.com/blipp/64639aad6149a54826ca#file-ifconfig-host
  • # ovs-vsctl show: https://gist.github.com/blipp/64639aad6149a54826ca#file-ovs-vsctl-show . I think br-tun and patch-tun can be ignored for this question.
  • # route -n: https://gist.github.com/blipp/64639aad6149a54826ca#file-route
  • # ip netns: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns
  • # ifconfig in dhcp namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-dhcp-ifconfig
  • # route -n in dhcp namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-dhcp-route
  • # ifconfig in router namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-router-ifconfig
  • # route -n in router namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-router-route

All-in-One: How to set up an virtual external network completely inclosed within the host?

For a test setup of OpenStack, I followed PackStack All-in-One DIY Configuration on a virtual machine running Scientific Linux 6. The machine is located in a corporate OpenStack cloud. It is not (easily) possible to get an address range within this network that could be used for an external network for the instances. Thus, I will not be able to contact instances from outside the host. But I want to contact instances from the host and I want that instances can reach the host and the internet.

Setup

To be more precise: Might the host's IP be 137.131.143.147 (that's just a random address and not my real one). For my test setup It is not possible to get IP addresses from 137.131.143.0/24 for the instances. The host has just one NIC: eth0. I have set up a Neutron external network with the following properties

neutron subnet-create extnet --allocation-pool start=10.0.21.10,end=10.0.21.125 --gateway 10.0.21.1 --enable_dhcp=False 10.0.21.0/24

and an internal network with

neutron subnet-create rdonet 10.0.90.0/24

One of the instances has the _internal_ IP 10.0.90.4 and _external_ IP 10.0.21.11.

Goal

I want to achieve that

  • on the host I can run ping 10.0.21.11 to reach the instance via its external IP address.
  • on the instance I want to be able to ping 137.131.143.147 to reach the host and something like ping 8.8.8.8 because I want to reach the internet.

Problems

As the configured external network is completely virtual, there is currently noone behind the gateway IP 10.0.21.1. Thus a ping 10.0.21.1 from an instance or the namespace of the router gets lost in the network. This can be seen when running tcpdump on qg-…, tap-… and br-ex as

ARP, Request who-has 10.0.21.1 tell 10.0.21.10, length 28

without getting an answer where 10.0.21.10 is the IP of the router.

Questions

What would be a good way to solve this? Create another router, interface or something else with OpenVSwitch and assign the gateway IP 10.0.21.1 to it? And then add a route to the host's routing table to tell him to which interface packets to 10.0.21.0/24 should go? Could I add a route that just says to route packets with target 10.0.21.0/24 to br-ex?

Configuration

Everything is in the same Gist https://gist.github.com/blipp/64639aad6149a54826ca

  • # ifconfig: https://gist.github.com/blipp/64639aad6149a54826ca#file-ifconfig-host
  • # ovs-vsctl show: https://gist.github.com/blipp/64639aad6149a54826ca#file-ovs-vsctl-show . I think br-tun and patch-tun can be ignored for this question.
  • # route -n: https://gist.github.com/blipp/64639aad6149a54826ca#file-route
  • # ip netns: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns
  • # ifconfig in dhcp namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-dhcp-ifconfig
  • # route -n in dhcp namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-dhcp-route
  • # ifconfig in router namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-router-ifconfig
  • # route -n in router namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-router-route

(sorry I have to less karma to post links nicely)

All-in-One: How to set up an virtual external network completely inclosed within the host?

For a test setup of OpenStack, I followed PackStack All-in-One DIY Configuration on a virtual machine running Scientific Linux 6. The machine is located in a corporate OpenStack cloud. It is not (easily) possible to get an address range within this network that could be used for an external network for the instances. Thus, I will not be able to contact instances from outside the host. But I want to contact instances from the host and I want that instances can reach the host and the internet.

Setup

To be more precise: Might the host's IP be 137.131.143.147 (that's just a random address and not my real one). For my test setup It is not possible to get IP addresses from 137.131.143.0/24 for the instances. The host has just one NIC: eth0. I have set up a Neutron external network with the following properties

neutron subnet-create extnet --allocation-pool start=10.0.21.10,end=10.0.21.125 --gateway 10.0.21.1 --enable_dhcp=False 10.0.21.0/24

and an internal network with

neutron subnet-create rdonet 10.0.90.0/24

One of the instances has the _internal_ IP 10.0.90.4 and _external_ IP 10.0.21.11.

Goal

I want to achieve that

  • on the host I can run ping 10.0.21.11 to reach the instance via its external IP address.
  • on the instance I want to be able to ping 137.131.143.147 to reach the host and something like ping 8.8.8.8 because I want to reach the internet.

Problems

As the configured external network is completely virtual, there is currently noone behind the gateway IP 10.0.21.1. Thus a ping 10.0.21.1 from an instance or the namespace of the router gets lost in the network. This can be seen when running tcpdump on qg-…, tap-… and br-ex as

ARP, Request who-has 10.0.21.1 tell 10.0.21.10, length 28

without getting an answer where 10.0.21.10 is the IP of the router.

Questions

What would be a good way to solve this? Create another router, interface or something else with OpenVSwitch and assign the gateway IP 10.0.21.1 to it? And then add a route to the host's routing table to tell him to which interface packets to 10.0.21.0/24 should go? Could I add a route that just says to route packets with target 10.0.21.0/24 to br-ex?

Paste of some Configuration

Everything is in the same Gist https://gist.github.com/blipp/64639aad6149a54826ca

  • # ifconfig: https://gist.github.com/blipp/64639aad6149a54826ca#file-ifconfig-host
  • # ovs-vsctl show: https://gist.github.com/blipp/64639aad6149a54826ca#file-ovs-vsctl-show . I think br-tun and patch-tun can be ignored for this question.
  • # route -n: https://gist.github.com/blipp/64639aad6149a54826ca#file-route
  • # ip netns: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns
  • # ifconfig in dhcp namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-dhcp-ifconfig
  • # route -n in dhcp namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-dhcp-route
  • # ifconfig in router namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-router-ifconfig
  • # route -n in router namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-router-route

(sorry I have to less karma to post links nicely)

All-in-One: How to set up an a virtual external network completely inclosed within the host?

For a test setup of OpenStack, I followed PackStack All-in-One DIY Configuration on a virtual machine running Scientific Linux 6. The machine is located in a corporate OpenStack cloud. It is not (easily) possible to get an address range within this network that could be used for an external network for the instances. Thus, I will not be able to contact instances from outside the host. But I want to contact instances from the host and I want that instances can reach the host and the internet.

Setup

To be more precise: Might the host's IP be 137.131.143.147 (that's just a random address and not my real one). For my test setup It is not possible to get IP addresses from 137.131.143.0/24 for the instances. The host has just one NIC: eth0. I have set up a Neutron external network with the following properties

neutron subnet-create extnet --allocation-pool start=10.0.21.10,end=10.0.21.125 --gateway 10.0.21.1 --enable_dhcp=False 10.0.21.0/24

and an internal network with

neutron subnet-create rdonet 10.0.90.0/24

One of the instances has the _internal_ IP 10.0.90.4 and _external_ IP 10.0.21.11.

Goal

I want to achieve that

  • on the host I can run ping 10.0.21.11 to reach the instance via its external IP address.
  • on the instance I want to be able to ping 137.131.143.147 to reach the host and something like ping 8.8.8.8 because I want to reach the internet.

Problems

As the configured external network is completely virtual, there is currently noone behind the gateway IP 10.0.21.1. Thus a ping 10.0.21.1 from an instance or the namespace of the router gets lost in the network. This can be seen when running tcpdump on qg-…, tap-… and br-ex as

ARP, Request who-has 10.0.21.1 tell 10.0.21.10, length 28

without getting an answer where 10.0.21.10 is the IP of the router.

Questions

What would be a good way to solve this? Create another router, interface or something else with OpenVSwitch and assign the gateway IP 10.0.21.1 to it? And then add a route to the host's routing table to tell him to which interface packets to 10.0.21.0/24 should go? Could I add a route that just says to route packets with target 10.0.21.0/24 to br-ex?

Paste of some Configuration

Everything is in the same Gist https://gist.github.com/blipp/64639aad6149a54826ca

  • # ifconfig: https://gist.github.com/blipp/64639aad6149a54826ca#file-ifconfig-host
  • # ovs-vsctl show: https://gist.github.com/blipp/64639aad6149a54826ca#file-ovs-vsctl-show . I think br-tun and patch-tun can be ignored for this question.
  • # route -n: https://gist.github.com/blipp/64639aad6149a54826ca#file-route
  • # ip netns: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns
  • # ifconfig in dhcp namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-dhcp-ifconfig
  • # route -n in dhcp namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-dhcp-route
  • # ifconfig in router namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-router-ifconfig
  • # route -n in router namespace: https://gist.github.com/blipp/64639aad6149a54826ca#file-ip-netns-router-route

(sorry I have to less karma to post links nicely)