openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #17284
Re: metadata api with Quantum and provider networks
On Mon, Oct 8, 2012 at 12:27 PM, Jānis Ģeņģeris
<janis.gengeris@xxxxxxxxx> wrote:
> On Mon, Oct 8, 2012 at 6:24 PM, Dan Wendlandt <dan@xxxxxxxxxx> wrote:
>>
>> On Mon, Oct 8, 2012 at 7:52 AM, Jānis Ģeņģeris <janis.gengeris@xxxxxxxxx>
>> wrote:
>> > Hello,
>> >
>> > When using provider networks in Quantum, where should the metadata
>> > service
>> > rule mapping (e.g. 169.254.169.254:80 -> metadata_server:metadata_port)
>> > must
>> > be set?
>> >
>> > For example, for floating IPs l3-agent handles this, but for provider
>> > networks router is not used. I tried to set custom iptables rule for
>> > this,
>> > but have a hard time understanding where to set it, as there is
>> > openvswitch
>> > and namespaces.
>> >
>> > I'm using provider network configuration with VLANs.
>>
>> You actually could use the Quantum L3 router as your gateway even if
>> VMs are on a provider network, but I suspect your question is actually
>> more along the lines of: if I want my gateway to be a physical router
>> not managed by Quantum, how do I does the DNAT rule for metadata get
>> applied? In this case, you need to apply the DNAT rule manually to
>> the physical router, which I believe is the same as if you were using
>> flat networking with Nova with a physical router.
>
> Adding the rule in physical router is not a good idea, because then the
> configuration of the OpenStack crosses the actual software/server border
> into network equipment, than can add to complexity later.
Yes, its hard to have it both ways... if you want everything done
automatically via software, I'd suggest using the quantum router as
the gateway, not an external physical router.
>
> I tried to add provider network to quantum router, and the quantum CLI was
> rejecting it.
> AFAIK router-interface-add is for internal networks, and router-gateway-set
> is also failing.
Can you post what you've run and what the resulting error was? In
terms of the L3 API, quantum shouldn't care whether a network is
provider or not for router-interface-add. Perhaps this is a
permissions issue?
Dan
>
> Which CLI command to use for adding provider network to existing quantum
> router?
>>
>>
>>
>>
>> There may also be a more complex solution achievable via quantum in
>> which the provider creates a quantum router with an interface on the
>> provider network, VMs are each given a host route to route traffic
>> destined for 169.254.169.254/32 to this quantum router IP, rather than
>> the physical default gateway, and this quantum router performs the
>> DNAT. However, its probably much easier to just apply this rule to
>> your physical router.
>
> No, this is no good.
>>
>>
>> Dan
>>
>>
>> >
>> > Regards,
>> > --janis
>> >
>> > _______________________________________________
>> > Mailing list: https://launchpad.net/~openstack
>> > Post to : openstack@xxxxxxxxxxxxxxxxxxx
>> > Unsubscribe : https://launchpad.net/~openstack
>> > More help : https://help.launchpad.net/ListHelp
>> >
>>
>>
>>
>> --
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Dan Wendlandt
>> Nicira, Inc: www.nicira.com
>> twitter: danwendlandt
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> Regards,
> --janis
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dan Wendlandt
Nicira, Inc: www.nicira.com
twitter: danwendlandt
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Follow ups
References