Ask Your Question

sami's profile - activity

2014-05-23 08:15:02 -0500 received badge  Popular Question (source)
2014-05-23 08:15:02 -0500 received badge  Notable Question (source)
2014-05-23 08:15:02 -0500 received badge  Famous Question (source)
2014-01-13 03:53:11 -0500 received badge  Nice Question (source)
2014-01-10 14:26:45 -0500 received badge  Student (source)
2014-01-09 21:37:40 -0500 asked a question Howto restrict tenants from attaching routers to an external network/subnet?


I have set up OpenStack Havana with separate Controller/Network and Computing hosts. I believe the neutron is working correctly, I can create, manage etc. networks, subnets and router. I can create an external network in neutron as an admin/service tenant that is connected to a separate physical router and also create a subnet in that network with a pool of public addresses (x.x.x.64/26). The network has an option router:externel set True. I want to use these as floating addresses which I can do. Tenants (which have non-zero floating_ip quota set) can get floating IP addresses from that network's pool. BUT, currently, a tenant can create a router and also connect (set gateway) the router to this external network, thus getting one public IP from the pool, which I don't want. If I set router:externel to False, it prevents the tenants getting floating IPs from the external network pool.

The question is: Is there a way to restrict tenants connecting routers to an external network and only allow an admin to create a router for a tenant that attaches to the external network? And at the same time enable the floating IPs for that network.