2016-11-03 09:54:39 -0600 asked a question Connect to tenant subnets outside OpenStack


I have a question regarding networking and tenant networks in OpenStack. We are using tenant networks (with GRE) in some cases. One example is between application and database servers where the traffic and the database instances should not be accessible from the outside. We are also trying to deploy a LBaaS with Octavia and the management network is going to be a tenant network aswell.

The issue is that we are provisioning our instances with Ansible. This works great when an instance has an IP address in a provider network. We can SSH into the instance from a remote machine outside OpenStack and do whatever we want. But this doesn't work on instances that only has a interface in a tenant network since it is "virtual". Same thing goes for the loadbalancer with Octavia. An Octavia process need to talk to an API on the loadbalancer instance but it can't since it is only reachable in the management network.

I was looking how Octavia was implemented in devstack (https://github.com/openstack/octavia/...) and they are creating a port in both neutron and openvswitch. So the machine got an interface that gets an IP address from a dhcp agent and it can then communicate within the tenant subnet. Does this mean that I have to run everything on the networking node (where openvswitch is running)?

Are there other ways to talk within a tenant subnet "outside" OpenStack?

I'm sorry if this is a stupid question, but the whole "virtual network" thing can be a little bit confusing in the beginning.

Thanks in advance, Daniel