Is there any way to get vm migration trigger to tenant, let's say, via webhook URL? On detecting VM migration, application running inside tenant need to take some action, and hence such trigger would be helpful. Kindly provide suggestions, I couldn't find anything related to this.

Hi Ranjit,

Firewall driver in-use is nova.virt.libvirt.firewall.IptablesFirewallDriver. I haven't tried flushing iptables configuration on compute node but I have tried flushing ebtable rules and it works after flushing. But flushing ebtable rules is not a preferred way of making this thing work.

I am trying out NAT setup inside openstack tenant. Openstack details -> Icehouse with nova-networking using flatDHCPmanager (no neutron yet)

Setup is very simple -> I have 2 VM instance spawned by openstack. Following are setup details ->

VM - A -> has 1 public interfaces and 1 private ip interface

VM - B -> 1 private ip interface

I want to use VM-A as gateway for VM-B. I am installing routing rules in VM-B to use VM-A as default route for external connectivity. I am configuring SNAT using iptables in VM-A. When I am pinging external node from VM-B I see following behavior ->

  1. VM-B sends ping packet to VM-A
  2. VM-A performs SNAT changes the source address and sends it to external node
  3. External node sends back the response, and VM-A performs reverse NATing
  4. Response never reaches VM-B !

On further investigation I found that possible suspect to be ebtable rules on the compute host which are configured by nova during instance launch.

My questions is, how do I make this setup work? How to make one of the VM as default GW + NAT for other VMs within the tenant ?