SNAT is still done on the virtual tenant routers. We need the upstream routers to route traffic out of the openstack cloud (and back). Isn't that a typical deployment?
Thanks On Thu, Oct 15, 2015 at 5:05 PM, Kevin Benton <[email protected]> wrote: > I think the mismatch of expectations between the normal use-case and yours > is that you have SNAT disabled on the tenant routers so you need upstream > routes to point back to the tenant routers. Is that correct? > > On Thu, Oct 15, 2015 at 3:16 PM, Abhishek Chanda <[email protected]> > wrote: >> >> Hi all, >> >> We are trying to deploy L3 HA using Kilo. Our model is to have a >> single public network for floating IPs and that each tenant will have >> it's own neutron router connected to internal networks. We have a >> mechanism to use the neutron API to find out which node has the active >> router. That route is then announced to upstream routers. The br-ex >> interface on the nodes which does not have the active routers are >> downed. This works fine for a single tenant, with one router. Now, for >> a cloud with multiple tenants, each having their own tenant routers, >> we have seen that often active routers end up on different nodes. That >> messes up the return path of a packet from outside the cloud. My >> questions are: >> >> 1. Is the deployment model with one public network and multiple tenant >> routers compatible with L3 HA or does it expect any other model? >> 2. How are people solving the problem of different nodes hosting the >> active router? How do we route back to it? >> >> If neutron used a single keepalived instance for all the routers, this >> wouldn't be an issue. Are we missing something? >> >> Thanks >> >> _______________________________________________ >> Mailing list: >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack >> Post to : [email protected] >> Unsubscribe : >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > > > > > -- > Kevin Benton _______________________________________________ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : [email protected] Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
