← Back to team overview

openstack team mailing list archive

Re: metadata api with Quantum and provider networks

 

On Mon, Oct 8, 2012 at 6:24 PM, Dan Wendlandt <dan@xxxxxxxxxx> wrote:

> On Mon, Oct 8, 2012 at 7:52 AM, Jānis Ģeņģeris <janis.gengeris@xxxxxxxxx>
> wrote:
> > Hello,
> >
> > When using provider networks in Quantum, where should the metadata
> service
> > rule mapping (e.g. 169.254.169.254:80 -> metadata_server:metadata_port)
> must
> > be set?
> >
> > For example, for floating IPs l3-agent handles this, but for provider
> > networks router is not used. I tried to set custom iptables rule for
> this,
> > but have a hard time understanding where to set it, as there is
> openvswitch
> > and namespaces.
> >
> > I'm using provider network configuration with VLANs.
>
> You actually could use the Quantum L3 router as your gateway even if
> VMs are on a provider network, but I suspect your question is actually
> more along the lines of: if I want my gateway to be a physical router
> not managed by Quantum, how do I does the DNAT rule for metadata get
> applied?  In this case, you need to apply the DNAT rule manually to
> the physical router, which I believe is the same as if you were using
> flat networking with Nova with a physical router.

Adding the rule in physical router is not a good idea, because then the
configuration of the OpenStack crosses the actual software/server border
into network equipment, than can add to complexity later.

I tried to add provider network to quantum router, and the quantum CLI was
rejecting it.
AFAIK router-interface-add is for internal networks, and router-gateway-set
is also failing.

Which CLI command to use for adding provider network to existing quantum
router?

>


> There may also be a more complex solution achievable via quantum in
> which the provider creates a quantum router with an interface on the
> provider network, VMs are each given a host route to route traffic
> destined for 169.254.169.254/32 to this quantum router IP, rather than
> the physical default gateway, and this quantum router performs the
> DNAT.  However, its probably much easier to just apply this rule to
> your physical router.
>
No, this is no good.

>
> Dan
>
>
> >
> > Regards,
> > --janis
> >
> > _______________________________________________
> > Mailing list: https://launchpad.net/~openstack
> > Post to     : openstack@xxxxxxxxxxxxxxxxxxx
> > Unsubscribe : https://launchpad.net/~openstack
> > More help   : https://help.launchpad.net/ListHelp
> >
>
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Dan Wendlandt
> Nicira, Inc: www.nicira.com
> twitter: danwendlandt
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>

Regards,
--janis

Follow ups

References