On 3 November 2013 12:37, Stuart Longland <[email protected]> wrote: > Hi Rob, > On 24/10/13 11:06, Robert Collins wrote: >> Hi there. >> >> Create a provider network in Neutron to represent your external lan, >> and either a) use that as your only network - in which case you'll >> need your external router to handle 169.254.169.254 - the metadata >> agent - or b) add that as a second network when you spawn instances, >> in which case the private overlay network you have running will have >> addresses assigned by neutron - and you'll want to push a host route >> for 169.254.169.254 as you'll have your default route be via the >> provider network.. > > Okay, is this using Flat Networking or something else?
TBH I'm not sure 'flat networking' really is a thing in Neutron, is it? I mean, you can configure an equivalent setup with provider networks - which is what I suggest, but it's not a global mode the way it is in nova-networking. > What's the significance of the 169.254.169.254 address? If I were to > add a host route at the external router, to where do I route it? To your nova API server. That address is the magic EC2 metadata API host, which cloud-init queries to do boot-time configuration of your VMs based on cloud metadata. > > Would this give the VM unfettered access to the network? I found last > time I tried flat networking, some packet filtering still occurred. It won't let you spoof traffic; but other than that you should be able to do anything (just open the appropriate ports in your security group). Or - and not recommended IMNSHO - you can use the noop firewall driver and disable security groups. -Rob -- Robert Collins <[email protected]> Distinguished Technologist HP Converged Cloud _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
