On Mon, Oct 8, 2012 at 6:24 PM, Dan Wendlandt <d...@nicira.com> wrote:
> On Mon, Oct 8, 2012 at 7:52 AM, Jānis Ģeņģeris <janis.genge...@gmail.com> > wrote: > > Hello, > > > > When using provider networks in Quantum, where should the metadata > service > > rule mapping (e.g. 169.254.169.254:80 -> metadata_server:metadata_port) > must > > be set? > > > > For example, for floating IPs l3-agent handles this, but for provider > > networks router is not used. I tried to set custom iptables rule for > this, > > but have a hard time understanding where to set it, as there is > openvswitch > > and namespaces. > > > > I'm using provider network configuration with VLANs. > > You actually could use the Quantum L3 router as your gateway even if > VMs are on a provider network, but I suspect your question is actually > more along the lines of: if I want my gateway to be a physical router > not managed by Quantum, how do I does the DNAT rule for metadata get > applied? In this case, you need to apply the DNAT rule manually to > the physical router, which I believe is the same as if you were using > flat networking with Nova with a physical router. Adding the rule in physical router is not a good idea, because then the configuration of the OpenStack crosses the actual software/server border into network equipment, than can add to complexity later. I tried to add provider network to quantum router, and the quantum CLI was rejecting it. AFAIK router-interface-add is for internal networks, and router-gateway-set is also failing. Which CLI command to use for adding provider network to existing quantum router? > > There may also be a more complex solution achievable via quantum in > which the provider creates a quantum router with an interface on the > provider network, VMs are each given a host route to route traffic > destined for 169.254.169.254/32 to this quantum router IP, rather than > the physical default gateway, and this quantum router performs the > DNAT. However, its probably much easier to just apply this rule to > your physical router. > No, this is no good. > > Dan > > > > > > Regards, > > --janis > > > > _______________________________________________ > > Mailing list: https://launchpad.net/~openstack > > Post to : openstack@lists.launchpad.net > > Unsubscribe : https://launchpad.net/~openstack > > More help : https://help.launchpad.net/ListHelp > > > > > > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Dan Wendlandt > Nicira, Inc: www.nicira.com > twitter: danwendlandt > ~~~~~~~~~~~~~~~~~~~~~~~~~~~ > Regards, --janis
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp