For assigning a routable public IP to a VM, James and Kevin have described using an external network, but I think there might be a second possibility. Namely, a shared, non-external network, with a subnet with the routable IP range that you want to assign from, and connected via a Neutron router to the outside world.
Would that also work? Would the L3 agent in that case avoid doing an unnecessary NAT? Thanks, Neil PS. Adam - you might also like to check out my L3-only networking spec at https://review.openstack.org/#/c/238895/, as it describes IP addressing like what you describe, and might align more generally with what you have in mind. From: Kevin Benton Sent: Sunday, 25 October 2015 06:34 To: James Denton Cc: OpenStack Operators Subject: Re: [Openstack-operators] [Neutron] public and private fixed IPs Yes, as long as the network is marked as both 'shared' and external, a tenant can attach VMs and router gateway interfaces directly to it. On Oct 25, 2015 2:47 PM, "James Denton" <james.den...@rackspace.com<mailto:james.den...@rackspace.com>> wrote: Hi Adam, If you're asking whether or not a VM can be attached to an 'external' network so that the 'public' ip is the fixed IP of them VM, then yes. A Neutron router can also be attached to the same network so that instances in non-routable tenant networks can obtain floating IPs from the same 'public' network. At one time non-admin users were not allowed to attach VMs to 'external' networks but I believe that restriction was removed around Kilo or so. James Sent from my iPhone > On Oct 25, 2015, at 2:15 PM, Adam Lawson > <alaw...@aqorn.com<mailto:alaw...@aqorn.com>> wrote: > > Hi everyone! > > When using KVM, does Neutron support binding a public routable address > to one VM in one tenant as a fixed IP that is accessible outside the > cloud (no floating IP for remote access) and a VM in a separate tenant > with private fixed IP's with optional floating IP? Would this be > possible on a per tenant or per region basis? > > I'm working on a cloud approach that allows either scenario. > > Long story short, I'm trying to support two options in the same cloud > (if possible) so a department/tenant can deploy instances with public > IP's that are directly accessible by the rest of the enterprise (no > NAT) and a second department/tenant that deploys all of their VM's > within the context of a private/isolated tenant network with optional > floating IP's. > > Thoughts on how this would be handled? Is it as simple as assigning a > public subnet to a tenant as the fixed/tenant network? > > //adam > > -- > > *Adam Lawson* > > AQORN, Inc. > 427 North Tatnall Street > Ste. 58461 > Wilmington, Delaware 19801-2230 > Toll-free: (844) 4-AQORN-NOW ext. 101 > International: +1 302-387-4660<tel:%2B1%20302-387-4660> > Direct: +1 916-246-2072<tel:%2B1%20916-246-2072> > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators@lists.openstack.org<mailto:OpenStack-operators@lists.openstack.org> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org<mailto:OpenStack-operators@lists.openstack.org> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
_______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators