openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #16396
Re: [Open stack-operators] nova-network NAT question
How you did network for this example?
And show your nova.conf
Igor Laskovy
facebook.com/igor.laskovy
Kiev, Ukraine
On Sep 4, 2012 3:44 PM, "Sergio Ariel de la Campa Saiz" <sacampa@xxxxxxx>
wrote:
>
>
> Hi:
>
>
>
> I don´t want to use NAT in order to keep track of connectivity, I want to
> be clear about the source IP of every connection in my environment.
>
>
>
> Igor, sorry if I didn´t explain well my point, sorry L
>
>
>
> I´m gonna try to explain it again.
>
>
>
> This is part of the output of the command ip addr in one of my nodes
> (remember that nodes are physical servers that have installed nova-compute,
> nova-network and nova-api):
>
>
>
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen
> 1000
>
> inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0
>
>
>
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen
> 1000
>
>
>
> 4: vlan2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> state UP
>
> inet 192.168.2.2/24 brd 192.168.2.255 scope global vlan2
>
>
>
> 7: vlan10@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> master br10 state UP
>
>
>
> 8: br10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
>
> inet 192.168.10.6/24 brd 192.168.10.255 scope global br10
>
>
>
> 26: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> master br10 state UNKNOWN qlen 500
>
>
>
> Facts:
>
> - vnet1 is the representation of the vNIC of the virtual machine
> (there is only one virtual machine).
>
> - The virtual machine has IP 192.168.10.8 (this IP was assigned
> automatically by nova-network when I created the virtual machine).
>
> - The virtual machine belongs to vlan10 (192.168.10.0/24).
>
> - The gateway of the virtual machine is 192.168.10.6 (IP of
> br10). It was assigned automatically by nova-network when I created the
> virtual machine.
>
> - eth1 has configured vlan2@eth1(manually by me) and its IP is
> 192.168.2.2, *this vlan do not belong to the OpenStack cloud environment*,
> this vlan is foreign to OpenStack
>
> - ip_forward is set to 1 in the node
>
>
>
> What happens when I make ping to IP 192.168.100.34 from my virtual machine?
>
> - My virtual machine has IP 192.168.10.8, so the gateway is
> required to get 192.168.100.34
>
> - The gateway of the virtual machine is 192.168.10.6 (br10)
>
> - Packets go from virtual machine to 192.168.10.6 (br10). This
> interface is in eth1.
>
> - Physical server (node) gets the packets from br10 and try to
> resend them (ip_forward = 1). For this purpose, it uses its own default
> gateway.
>
> - The default gateway defined in the node is accessed by
> vlan2@eth1
>
> - So, the way to get 192.168.2.34 is: virtual machine -> br10
> (192.168.10.8, gateway of virtual machine) -> vlan2@eth1 -> default
> gateway of the node
>
> - To get back is required that external routers have configured
> correctly.
>
>
>
> Regards….
>
>
>
>
>
> [image: Descripción: Descripción: C:\Users\ssac\Documents\Firma
> Digital\linea.gif]
>
> [image: Descripción: Descripción: C:\Users\ssac\Documents\Firma
> Digital\logo_gmv.gif]
>
> *Sergio Ariel de la Campa Saiz
> *Ingeniero de Infraestructuras /
>
> Infrastucture Engineer /
>
> GMV
> Isaac Newton, 11
> P.T.M. Tres Cantos
> E-28760 Madrid
> Tel. +34 91 807 21 00
> Fax +34 91 807 21 99
> www.gmv.com <http://www.innovation2011.es/index.php?id=86>
>
> [image: Descripción: Descripción: C:\Users\ssac\Documents\Firma
> Digital\icon_blog.gif] <http://www.gmv.com/b2_gmv>
>
>
>
> [image: Descripción: Descripción: C:\Users\ssac\Documents\Firma
> Digital\icon_facebook.gif] <http://www.facebook.com/infoGMV>
>
>
>
> [image: Descripción: Descripción: C:\Users\ssac\Documents\Firma
> Digital\icon_twitter.gif] <http://www.twitter.com/infoGMV_es>
>
>
>
> [image: Descripción: Descripción: C:\Users\ssac\Documents\Firma
> Digital\icon_youtube.gif] <http://www.youtube.com/infoGMV>
>
>
> <http://www.innovation2011.es/index.php?id=86>
>
>
>
>
>
> *De:* Andabas [mailto:andi.abes@xxxxxxxxx]
> *Enviado el:* sábado, 01 de septiembre de 2012 0:09
> *Para:* Igor Laskovy
> *CC:* Sergio Ariel de la Campa Saiz;
> openstack-operators@xxxxxxxxxxxxxxxxxxx; openstack@xxxxxxxxxxxxxxxxxxx
> *Asunto:* Re: [Openstack-operators] nova-network NAT question
>
>
>
> Nova assumes that the cloud operator will want to separate the VMs from
> the physical infrastructure.... So the address range on the physical nodes
> and VM are 'Foreign' to each other. For VMs to be able to communicate with
> the outside world in this environment, snat is required.
>
> There's no real way in Essex to disable that.
>
>
>
> Why do you want to avoid NAT?
>
> On Aug 31, 2012, at 2:37, Igor Laskovy <igor.laskovy@xxxxxxxxx> wrote:
>
> Hey.
>
> Well, what the type of network manager used?
> For example with FlatManager virtual nic can only put in the according
> bridge on the node and that's it. Anything you should do manually.
>
> Igor Laskovy
> facebook.com/igor.laskovy
> Kiev, Ukraine
>
> On Aug 30, 2012 2:24 PM, "Sergio Ariel de la Campa Saiz" <sacampa@xxxxxxx>
> wrote:
>
> Hi:
>
>
>
> I have a doubt about nova-network and NAT:
>
> UVirtual machines (that only have privates IPs and no floating IP) always
> use NAT to communicate with machines out of OpenStack cloud?
>
>
>
> Regards…
>
>
>
> <image008.png>
>
> <image003.gif>
>
> *Sergio Ariel de la Campa Saiz
> *Ingeniero de Infraestructuras /
>
> Infrastucture Engineer /
>
> GMV
> Isaac Newton, 11
> P.T.M. Tres Cantos
> E-28760 Madrid
> Tel. +34 91 807 21 00
> Fax +34 91 807 21 99
> www.gmv.com <http://www.innovation2011.es/index.php?id=86>
>
> <image004.gif> <http://www.gmv.com/b2_gmv>
>
>
>
> <image005.gif> <http://www.facebook.com/infoGMV>
>
>
>
> <image006.gif> <http://www.twitter.com/infoGMV_es>
>
>
>
> <image007.gif> <http://www.youtube.com/infoGMV>
>
>
> <http://www.innovation2011.es/index.php?id=86>
>
>
>
>
>
>
> P Please consider the environment before printing this e-mail.
> ------------------------------
>
> This message including any attachments may contain confidential
> information, according to our Information Security Management System, and
> intended solely for a specific individual to whom they are addressed. Any
> unauthorised copy, disclosure or distribution of this message is strictly
> forbidden. If you have received this transmission in error, please notify
> the sender immediately and delete it.
> ------------------------------
>
> Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
> contener información clasificada por su emisor como confidencial en el
> marco de su Sistema de Gestión de Seguridad de la Información siendo para
> uso exclusivo del destinatario, quedando prohibida su divulgación copia o
> distribución a terceros sin la autorización expresa del remitente. Si Vd.
> ha recibido este mensaje erróneamente, se ruega lo notifique al remitente y
> proceda a su borrado. Gracias por su colaboración.
> ------------------------------
>
> Esta mensagem, incluindo qualquer ficheiro anexo, pode conter informação
> confidencial, de acordo com nosso Sistema de Gestão de Segurança da
> Informação, sendo para uso exclusivo do destinatário e estando proibida a
> sua divulgação, cópia ou distribuição a terceiros sem autorização expressa
> do remetente da mesma. Se recebeu esta mensagem por engano, por favor avise
> de imediato o remetente e apague-a. Obrigado pela sua colaboração.
> ------------------------------
>
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators@xxxxxxxxxxxxxxxxxxx
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators@xxxxxxxxxxxxxxxxxxx
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>
> P Please consider the environment before printing this e-mail.
>
> **
> ------------------------------
> This message including any attachments may contain confidential
> information, according to our Information Security Management System, and
> intended solely for a specific individual to whom they are addressed. Any
> unauthorised copy, disclosure or distribution of this message is strictly
> forbidden. If you have received this transmission in error, please notify
> the sender immediately and delete it. **
> ------------------------------
> Este mensaje, y en su caso, cualquier fichero anexo al mismo, puede
> contener información clasificada por su emisor como confidencial en el
> marco de su Sistema de Gestión de Seguridad de la Información siendo para
> uso exclusivo del destinatario, quedando prohibida su divulgación copia o
> distribución a terceros sin la autorización expresa del remitente. Si Vd.
> ha recibido este mensaje erróneamente, se ruega lo notifique al remitente y
> proceda a su borrado. Gracias por su colaboración.**** **
> ------------------------------
> Esta mensagem, incluindo qualquer ficheiro anexo, pode conter informa�ão
> confidencial, de acordo com nosso Sistema de Gestão de Segurança da
> Informa�ão, sendo para uso exclusivo do destinatário e estando proibida a
> sua divulga�ão, cópia ou distribui�ão a terceiros sem autoriza�ão expressa
> do remetente da mesma. Se recebeu esta mensagem por engano, por favor avise
> de imediato o remetente e apague-a. Obrigado pela sua colabora�ão. ****
> ------------------------------
>
Follow ups
References