Mailing List Archive: OpenStack: Operators

VM with a public IP

Index | Next | Previous | View Threaded

paul.d.walton at gmail

Aug 13, 2012, 1:31 PM

Post #1 of 18 (882 views)
Permalink

VM with a public IP

Hello,

I have been reading tutorials on installing OpenStack on Ubuntu, and so far
they all involve giving the VMs a private IP from the Nova configs.
However, in my case I will need to generate VMs that have a publicly
accessible IP address, and this address will be handed out by a DHCP server
that I do not control and is external to OpenStack. I can do this just
fine using standard KVM on our current VM server, but I haven't see yet how
OpenStack allows this to occur. For example, several of our current VMs
run class websites, and some have static IPs assigned to them, while some
are dynamically assigned. These must be accessable from the Internet for
our students to access. If someone could point me to a document or
tutorial on how to do this in OpenStack then that would be great!

Thanks!

--

Paul Walton

University of Arkansas
College of Engineering
CSCE Technical Support Team
J.B. Hunt Building, Room 440

matt at nycresistor

Aug 13, 2012, 2:00 PM

Post #2 of 18 (879 views)
Permalink

Re: VM with a public IP [In reply to]

Paul by default openstack operates under a model in which instances
default to a private address range.

For assigning public IPs or IPs outside of that range, it has a pool
of addresses you configure and make available to it referred to as
floating IP addresses.

You would want to make your IPs available there for mapping.

Obviously your configuration bucks the norm in this case.

The right answer here is to use an IP allocation that is not handed
out by DHCP but is just available for openstack to handle on its own.
I understand however that some organizations have some pretty
draconian policies and not always is this allowed. While I would
push strenuously for an exception from this requirement I understand
that may not be an option.

In that case, you have a problem. If you can convince your network
controllers to allocated all of the IPs in a dhcp block and retain
that ownership on your own you SHOULD be able to use them for
instances as the network controller currently simply nats the
addresses to their private 'openstack' addresses.

I think that's probably the best solution for you.

Hope that helps.

-Matt

On Mon, Aug 13, 2012 at 1:31 PM, Paul Walton <paul.d.walton [at] gmail> wrote:
> Hello,
>
> I have been reading tutorials on installing OpenStack on Ubuntu, and so far
> they all involve giving the VMs a private IP from the Nova configs.
> However, in my case I will need to generate VMs that have a publicly
> accessible IP address, and this address will be handed out by a DHCP server
> that I do not control and is external to OpenStack. I can do this just fine
> using standard KVM on our current VM server, but I haven't see yet how
> OpenStack allows this to occur. For example, several of our current VMs run
> class websites, and some have static IPs assigned to them, while some are
> dynamically assigned. These must be accessable from the Internet for our
> students to access. If someone could point me to a document or tutorial on
> how to do this in OpenStack then that would be great!
>
> Thanks!
>
> --
>
> Paul Walton
>
> University of Arkansas
> College of Engineering
> CSCE Technical Support Team
> J.B. Hunt Building, Room 440
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators [at] lists
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>

_______________________________________________
OpenStack-operators mailing list
OpenStack-operators [at] lists
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

janis.gengeris at gmail

Aug 13, 2012, 2:02 PM

Post #3 of 18 (878 views)
Permalink

Re: VM with a public IP [In reply to]

Hi, Paul

Have you tried to use public IP addresses in place of private ones, I mean
as fixed IPs? I'm just curious, because I have thought if something like
this could work, but actually haven't tried myself. If you check
https://trystack.org/ they have something similar working in production,
their Horizon lists the VMs IP as private (and it is the only IP the
instance gets assigned by default when spawning), but it's actually
publicly routable address. So somone who's involved in TryStack could shed
some light how they are doing it.

Regards,
--janis

On Mon, Aug 13, 2012 at 11:31 PM, Paul Walton <paul.d.walton [at] gmail>wrote:

> Hello,
>
> I have been reading tutorials on installing OpenStack on Ubuntu, and so
> far they all involve giving the VMs a private IP from the Nova configs.
> However, in my case I will need to generate VMs that have a publicly
> accessible IP address, and this address will be handed out by a DHCP server
> that I do not control and is external to OpenStack. I can do this just
> fine using standard KVM on our current VM server, but I haven't see yet how
> OpenStack allows this to occur. For example, several of our current VMs
> run class websites, and some have static IPs assigned to them, while some
> are dynamically assigned. These must be accessable from the Internet for
> our students to access. If someone could point me to a document or
> tutorial on how to do this in OpenStack then that would be great!
>
> Thanks!
>
> --
>
> Paul Walton
>
> University of Arkansas
> College of Engineering
> CSCE Technical Support Team
> J.B. Hunt Building, Room 440
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators [at] lists
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>

matt.joyce at cloudscaling

Aug 13, 2012, 2:40 PM

Post #4 of 18 (880 views)
Permalink

Re: VM with a public IP [In reply to]

I was thinking that as well. But the only reason I could think of that
he'd be forced to grab public IPs from dhcp was that he had no access to
the DHCP server and network infrastructure. I just kind of assumed that
would mean that nova would not be able to allocate the IP for intance in
any manner congruent with nova's needs.

-Matt

On Mon, Aug 13, 2012 at 2:02 PM, Jānis Ģeņģeris <janis.gengeris [at] gmail>wrote:

> Hi, Paul
>
> Have you tried to use public IP addresses in place of private ones, I mean
> as fixed IPs? I'm just curious, because I have thought if something like
> this could work, but actually haven't tried myself. If you check
> https://trystack.org/ they have something similar working in production,
> their Horizon lists the VMs IP as private (and it is the only IP the
> instance gets assigned by default when spawning), but it's actually
> publicly routable address. So somone who's involved in TryStack could shed
> some light how they are doing it.
>
> Regards,
> --janis
>
> On Mon, Aug 13, 2012 at 11:31 PM, Paul Walton <paul.d.walton [at] gmail>wrote:
>
>> Hello,
>>
>> I have been reading tutorials on installing OpenStack on Ubuntu, and so
>> far they all involve giving the VMs a private IP from the Nova configs.
>> However, in my case I will need to generate VMs that have a publicly
>> accessible IP address, and this address will be handed out by a DHCP server
>> that I do not control and is external to OpenStack. I can do this just
>> fine using standard KVM on our current VM server, but I haven't see yet how
>> OpenStack allows this to occur. For example, several of our current VMs
>> run class websites, and some have static IPs assigned to them, while some
>> are dynamically assigned. These must be accessable from the Internet for
>> our students to access. If someone could point me to a document or
>> tutorial on how to do this in OpenStack then that would be great!
>>
>> Thanks!
>>
>> --
>>
>> Paul Walton
>>
>> University of Arkansas
>> College of Engineering
>> CSCE Technical Support Team
>> J.B. Hunt Building, Room 440
>>
>> _______________________________________________
>> OpenStack-operators mailing list
>> OpenStack-operators [at] lists
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>>
>>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators [at] lists
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>
>

paul.d.walton at gmail

Aug 13, 2012, 2:55 PM

Post #5 of 18 (878 views)
Permalink

Re: VM with a public IP [In reply to]

Unfortunately, I do not manage the network, and do not have access to the
DHCP server. This means that I do not have a subnet of IPs that I can
simply hand out freely to my VMs. If I want a VM to have a public IP then
it must make a request to the campus DHCP server. There are special cases
where I can assign static IPs to servers, but this is infeasible for the
majority of the VMs I will create since they will be used by students to
complete assignments in class, and will only exist during the course of a
semester.

So, as I understand things so far, OpenStack assumes that I have my own
subnet of public IPs that I can freely use for my VMs? I can't imagine
this being a reasonable design assumption to make on their part. Perhaps
I'm overlooking something?

On Mon, Aug 13, 2012 at 4:40 PM, Matt Joyce <matt.joyce [at] cloudscaling>wrote:

> I was thinking that as well. But the only reason I could think of that
> he'd be forced to grab public IPs from dhcp was that he had no access to
> the DHCP server and network infrastructure. I just kind of assumed that
> would mean that nova would not be able to allocate the IP for intance in
> any manner congruent with nova's needs.
>
> -Matt
>
>
>
>

--

Paul Walton

University of Arkansas
College of Engineering
CSCE Technical Support Team
J.B. Hunt Building, Room 440

matt at nycresistor

Aug 13, 2012, 3:53 PM

Post #6 of 18 (883 views)
Permalink

Re: VM with a public IP [In reply to]

Paul, it's a cloud. It's a fairly reasonable design assumption to
believe anyone launching such a service has at least some moderate
level of control over their own resources. But hell, maybe I'm just
not seeing some awesome new way to use openstack.

Regardless.

Here's a thought for a simple external work around. You basically
create your own router for your cloud.

So example:

You get a grab bag of IPs on a bunch of virtual interfaces you fire
up on your router interface facing the university network...

15.4.2.9 eth2:2
15.4.2.56 eth2:3
15.4.3.98 eth2:4
15.4.2.249 eth2:5
15.4.2.30 eth2:6

you take these and setup some nat rules to map them

15.4.2.9 <--> 192.168.250.2
15.4.2.56 <--> 192.168.250.3
15.4.3.98 <--> 192.168.250.4
15.4.2.249 <--> 192.168.250.5
15.4.2.30 <--> 192.168.250.6

then setup a gateway interface ala

192.168.250.1 eth1

Then you configure openstack to route its public interface on that
192.168.250.0/24 network. And that's your floating ip range.

Openstack doesn't care. And you are still direct natting full ips.
So it's a bit of a kludge but from the description this sounds like a
kludge is unavoidable atm.

-Matt

On Mon, Aug 13, 2012 at 2:55 PM, Paul Walton <paul.d.walton [at] gmail> wrote:
> Unfortunately, I do not manage the network, and do not have access to the
> DHCP server. This means that I do not have a subnet of IPs that I can
> simply hand out freely to my VMs. If I want a VM to have a public IP then
> it must make a request to the campus DHCP server. There are special cases
> where I can assign static IPs to servers, but this is infeasible for the
> majority of the VMs I will create since they will be used by students to
> complete assignments in class, and will only exist during the course of a
> semester.
>
> So, as I understand things so far, OpenStack assumes that I have my own
> subnet of public IPs that I can freely use for my VMs? I can't imagine this
> being a reasonable design assumption to make on their part. Perhaps I'm
> overlooking something?
>
>
> On Mon, Aug 13, 2012 at 4:40 PM, Matt Joyce <matt.joyce [at] cloudscaling>
> wrote:
>>
>> I was thinking that as well. But the only reason I could think of that
>> he'd be forced to grab public IPs from dhcp was that he had no access to the
>> DHCP server and network infrastructure. I just kind of assumed that would
>> mean that nova would not be able to allocate the IP for intance in any
>> manner congruent with nova's needs.
>>
>> -Matt
>>
>>
>>
>
>
>
> --
>
> Paul Walton
>
> University of Arkansas
> College of Engineering
> CSCE Technical Support Team
> J.B. Hunt Building, Room 440
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators [at] lists
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>

_______________________________________________
OpenStack-operators mailing list
OpenStack-operators [at] lists
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

narayan.desai at gmail

Aug 13, 2012, 4:02 PM

Post #7 of 18 (880 views)
Permalink

Re: VM with a public IP [In reply to]

On Mon, Aug 13, 2012 at 4:55 PM, Paul Walton <paul.d.walton [at] gmail> wrote:
> Unfortunately, I do not manage the network, and do not have access to the
> DHCP server. This means that I do not have a subnet of IPs that I can
> simply hand out freely to my VMs. If I want a VM to have a public IP then
> it must make a request to the campus DHCP server. There are special cases
> where I can assign static IPs to servers, but this is infeasible for the
> majority of the VMs I will create since they will be used by students to
> complete assignments in class, and will only exist during the course of a
> semester.
>
> So, as I understand things so far, OpenStack assumes that I have my own
> subnet of public IPs that I can freely use for my VMs? I can't imagine this
> being a reasonable design assumption to make on their part. Perhaps I'm
> overlooking something?

The use model for external IP addresses is that they can be allocated
and deallocated from projects on a relatively infrequent basis (ie
address to project allocations last a long time, so that users can
count on the external addresses not changing.)

I'm not sure how IP addresses managed by external DHCP services could
fit into this model robustly (ie they could disappear out from under
you at any time). You could hack something up that leases and renews
ip addresses on a long term basis, but this would definitely be a
hack.
-nld

_______________________________________________
OpenStack-operators mailing list
OpenStack-operators [at] lists
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

matt.joyce at cloudscaling

Aug 13, 2012, 4:16 PM

Post #8 of 18 (881 views)
Permalink

Re: VM with a public IP [In reply to]

I agree for the most part, but its important to remember that we don't
always get to choose what people will decide openstack is good for, and
odds are we'll find it doing some pretty crazy stuff as time progresses. I
for one am excited to see the edge cases.

-Matt

On Mon, Aug 13, 2012 at 4:02 PM, Narayan Desai <narayan.desai [at] gmail>wrote:

> On Mon, Aug 13, 2012 at 4:55 PM, Paul Walton <paul.d.walton [at] gmail>
> wrote:
> > Unfortunately, I do not manage the network, and do not have access to the
> > DHCP server. This means that I do not have a subnet of IPs that I can
> > simply hand out freely to my VMs. If I want a VM to have a public IP
> then
> > it must make a request to the campus DHCP server. There are special
> cases
> > where I can assign static IPs to servers, but this is infeasible for the
> > majority of the VMs I will create since they will be used by students to
> > complete assignments in class, and will only exist during the course of a
> > semester.
> >
> > So, as I understand things so far, OpenStack assumes that I have my own
> > subnet of public IPs that I can freely use for my VMs? I can't imagine
> this
> > being a reasonable design assumption to make on their part. Perhaps I'm
> > overlooking something?
>
> The use model for external IP addresses is that they can be allocated
> and deallocated from projects on a relatively infrequent basis (ie
> address to project allocations last a long time, so that users can
> count on the external addresses not changing.)
>
> I'm not sure how IP addresses managed by external DHCP services could
> fit into this model robustly (ie they could disappear out from under
> you at any time). You could hack something up that leases and renews
> ip addresses on a long term basis, but this would definitely be a
> hack.
> -nld
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators [at] lists
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>

narayan.desai at gmail

Aug 13, 2012, 5:44 PM

Post #9 of 18 (876 views)
Permalink

Re: VM with a public IP [In reply to]

On Mon, Aug 13, 2012 at 6:16 PM, Matt Joyce <matt.joyce [at] cloudscaling> wrote:
> I agree for the most part, but its important to remember that we don't
> always get to choose what people will decide openstack is good for, and odds
> are we'll find it doing some pretty crazy stuff as time progresses. I for
> one am excited to see the edge cases.

As someone who is mainly interested in what most consider to be edge
cases, I agree wholeheartedly ;)

At the same time, maintaining the semantics of the APIs are really
important. This is probably an early example of a situation that will
occur repeatedly, where people are constrained one way or another,
either due to policy or software limitations, etc, and I think that
these issues really need to be considered carefully.
-nld

_______________________________________________
OpenStack-operators mailing list
OpenStack-operators [at] lists
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

matt at nycresistor

Aug 13, 2012, 5:59 PM

Post #10 of 18 (878 views)
Permalink

Re: VM with a public IP [In reply to]

Yup.

On Mon, Aug 13, 2012 at 5:44 PM, Narayan Desai <narayan.desai [at] gmail> wrote:
> On Mon, Aug 13, 2012 at 6:16 PM, Matt Joyce <matt.joyce [at] cloudscaling> wrote:
>> I agree for the most part, but its important to remember that we don't
>> always get to choose what people will decide openstack is good for, and odds
>> are we'll find it doing some pretty crazy stuff as time progresses. I for
>> one am excited to see the edge cases.
>
> As someone who is mainly interested in what most consider to be edge
> cases, I agree wholeheartedly ;)
>
> At the same time, maintaining the semantics of the APIs are really
> important. This is probably an early example of a situation that will
> occur repeatedly, where people are constrained one way or another,
> either due to policy or software limitations, etc, and I think that
> these issues really need to be considered carefully.
> -nld
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators [at] lists
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

_______________________________________________
OpenStack-operators mailing list
OpenStack-operators [at] lists
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

fungi at yuggoth

Aug 13, 2012, 6:36 PM

Post #11 of 18 (878 views)
Permalink

Re: VM with a public IP [In reply to]

On 2012-08-13 19:44:18 -0500 (-0500), Narayan Desai wrote:
[...]
> This is probably an early example of a situation that will occur
> repeatedly, where people are constrained one way or another,
> either due to policy or software limitations, etc, and I think
> that these issues really need to be considered carefully.
[...]

Agreed. My last employer (an IaaS provider grown out of a colocation
and datacenter management company) is in a similar situation...
customers want to blend their colocated servers and virtual machines
from the public "cloud" platform together on the same subnets and
VLANs. The commercial IaaS management platform the provider
purchased made similar assumptions about the network topology--only
one subnet to a VLAN, available IP addresses were in a contiguous
range, et cetera.

Turns out when you start bridging virtual machine networks into
existing production server networks which weren't designed around
those assumptions, having the additional flexibility to relieve your
customer from needing to redesign their networks is often desirable
even sometimes at the expense of operational scalability. And so the
provider disabled the network management components within the
platform for those customers and allowed them to manually manage
their virtual machine addressing within each guest OS instead.

The end result was that low-revenue colocation customers were more
likely to convert their physical servers to hosted virtual machines
because they could do it almost seamlessly, one at a time, keeping
the same addressing within that network. Replacing customer-owned
servers with IaaS virtual machines meant both more profit for the
provider and a cost savings for the customers.
--
{ IRL(Jeremy_Stanley); WWW(http://fungi.yuggoth.org/); PGP(43495829);
WHOIS(STANL3-ARIN); SMTP(fungi [at] yuggoth); FINGER(fungi [at] yuggoth);
MUD(kinrui [at] katarsis:6669); IRC(fungi [at] irc#ccl); }

_______________________________________________
OpenStack-operators mailing list
OpenStack-operators [at] lists
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

warren at wangspeed

Aug 13, 2012, 7:04 PM

Post #12 of 18 (879 views)
Permalink

Re: VM with a public IP [In reply to]

I was hoping someone would answer Paul's question, as we are also
interested in skipping the whole NAT thing. It's not as important in an
enterprise environment where the VMs are going to have to have the floating
addresses assigned anyways. Eliminating NAT makes it simpler. Yes, there
are drawbacks, and it's less flexible, but it's also easier on the
customers and cloud admins.

It isn't impossible to hack in as is, but if it's been documented and test,
it would be nice to have a guide.

Warren

On Mon, Aug 13, 2012 at 9:36 PM, Jeremy Stanley <fungi [at] yuggoth> wrote:

> On 2012-08-13 19:44:18 -0500 (-0500), Narayan Desai wrote:
> [...]
> > This is probably an early example of a situation that will occur
> > repeatedly, where people are constrained one way or another,
> > either due to policy or software limitations, etc, and I think
> > that these issues really need to be considered carefully.
> [...]
>
> Agreed. My last employer (an IaaS provider grown out of a colocation
> and datacenter management company) is in a similar situation...
> customers want to blend their colocated servers and virtual machines
> from the public "cloud" platform together on the same subnets and
> VLANs. The commercial IaaS management platform the provider
> purchased made similar assumptions about the network topology--only
> one subnet to a VLAN, available IP addresses were in a contiguous
> range, et cetera.
>
> Turns out when you start bridging virtual machine networks into
> existing production server networks which weren't designed around
> those assumptions, having the additional flexibility to relieve your
> customer from needing to redesign their networks is often desirable
> even sometimes at the expense of operational scalability. And so the
> provider disabled the network management components within the
> platform for those customers and allowed them to manually manage
> their virtual machine addressing within each guest OS instead.
>
> The end result was that low-revenue colocation customers were more
> likely to convert their physical servers to hosted virtual machines
> because they could do it almost seamlessly, one at a time, keeping
> the same addressing within that network. Replacing customer-owned
> servers with IaaS virtual machines meant both more profit for the
> provider and a cost savings for the customers.
> --
> { IRL(Jeremy_Stanley); WWW(http://fungi.yuggoth.org/); PGP(43495829);
> WHOIS(STANL3-ARIN); SMTP(fungi [at] yuggoth); FINGER(fungi [at] yuggoth);
> MUD(kinrui [at] katarsis:6669); IRC(fungi [at] irc#ccl); }
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators [at] lists
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>

paul.d.walton at gmail

Aug 13, 2012, 7:16 PM

Post #13 of 18 (878 views)
Permalink

Re: VM with a public IP [In reply to]

I can certainly see the advantage to the current approach when you own the
network, but there are so many cases where you simply can't modify the
existing infrastructure. In my case, there is simply no reason for me to
manage the network. Up until now, all I have needed was for my VM to make
a DHCP request, and get a public IP. However, I really like the idea of
OpenStack, and my boss is convinced that we need to be using it. So,
unless OpenStack has the ability to do this, then I'm left with having my
boss petition the network admins to give us a subnet to use. Which may
take a fair amount of time.

I don't like the idea of hacking a solution together, so I guess the real
question is, can OpenStack currently do this or not?

Thanks

On Mon, Aug 13, 2012 at 8:36 PM, Jeremy Stanley <fungi [at] yuggoth> wrote:

> On 2012-08-13 19:44:18 -0500 (-0500), Narayan Desai wrote:
> [...]
> > This is probably an early example of a situation that will occur
> > repeatedly, where people are constrained one way or another,
> > either due to policy or software limitations, etc, and I think
> > that these issues really need to be considered carefully.
> [...]
>
> Agreed. My last employer (an IaaS provider grown out of a colocation
> and datacenter management company) is in a similar situation...
> customers want to blend their colocated servers and virtual machines
> from the public "cloud" platform together on the same subnets and
> VLANs. The commercial IaaS management platform the provider
> purchased made similar assumptions about the network topology--only
> one subnet to a VLAN, available IP addresses were in a contiguous
> range, et cetera.
>
> Turns out when you start bridging virtual machine networks into
> existing production server networks which weren't designed around
> those assumptions, having the additional flexibility to relieve your
> customer from needing to redesign their networks is often desirable
> even sometimes at the expense of operational scalability. And so the
> provider disabled the network management components within the
> platform for those customers and allowed them to manually manage
> their virtual machine addressing within each guest OS instead.
>
> The end result was that low-revenue colocation customers were more
> likely to convert their physical servers to hosted virtual machines
> because they could do it almost seamlessly, one at a time, keeping
> the same addressing within that network. Replacing customer-owned
> servers with IaaS virtual machines meant both more profit for the
> provider and a cost savings for the customers.
> --
> { IRL(Jeremy_Stanley); WWW(http://fungi.yuggoth.org/); PGP(43495829);
> WHOIS(STANL3-ARIN); SMTP(fungi [at] yuggoth); FINGER(fungi [at] yuggoth);
> MUD(kinrui [at] katarsis:6669); IRC(fungi [at] irc#ccl); }
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators [at] lists
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>

--

Paul Walton

University of Arkansas
College of Engineering
CSCE Technical Support Team
J.B. Hunt Building, Room 440

narayan.desai at gmail

Aug 13, 2012, 8:11 PM

Post #14 of 18 (878 views)
Permalink

Re: VM with a public IP [In reply to]

On Mon, Aug 13, 2012 at 9:16 PM, Paul Walton <paul.d.walton [at] gmail> wrote:
> I can certainly see the advantage to the current approach when you own the
> network, but there are so many cases where you simply can't modify the
> existing infrastructure. In my case, there is simply no reason for me to
> manage the network. Up until now, all I have needed was for my VM to make a
> DHCP request, and get a public IP. However, I really like the idea of
> OpenStack, and my boss is convinced that we need to be using it. So, unless
> OpenStack has the ability to do this, then I'm left with having my boss
> petition the network admins to give us a subnet to use. Which may take a
> fair amount of time.
>
> I don't like the idea of hacking a solution together, so I guess the real
> question is, can OpenStack currently do this or not?

I think that the answer is no, OpenStack can't make use of externally
controlled (via DHCP) addresses. There isn't a way that I can think of
that you can make the APIs function properly in that mode.

That said, you don't need a complete network allocation in order to
use it either. As long as you have a set of statically assigned
addresses, you can configure OpenStack to use them. Even if the
network admins will only give you a few addresses, that will work
properly. The major issue is the fact that dhcp can change your
address while an instance has an address allocated to it, so if that
can't happen, you should be ok.
-nld

_______________________________________________
OpenStack-operators mailing list
OpenStack-operators [at] lists
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

matt.joyce at cloudscaling

Aug 13, 2012, 8:44 PM

Post #15 of 18 (866 views)
Permalink

Re: VM with a public IP [In reply to]

I'd like to add i am not at all familiar with the quantum stack atm. You
may want to tag this thread with quantum and ask again. OpenStack is
slated to integrate quantum in folsom and a workable solution may exist
there. I do think my last suggestion has some merit and i hope you give it
an honest assessment.

Cheers
Matt
On Aug 13, 2012 8:15 PM, "Narayan Desai" <narayan.desai [at] gmail> wrote:

> On Mon, Aug 13, 2012 at 9:16 PM, Paul Walton <paul.d.walton [at] gmail>
> wrote:
> > I can certainly see the advantage to the current approach when you own
> the
> > network, but there are so many cases where you simply can't modify the
> > existing infrastructure. In my case, there is simply no reason for me to
> > manage the network. Up until now, all I have needed was for my VM to
> make a
> > DHCP request, and get a public IP. However, I really like the idea of
> > OpenStack, and my boss is convinced that we need to be using it. So,
> unless
> > OpenStack has the ability to do this, then I'm left with having my boss
> > petition the network admins to give us a subnet to use. Which may take a
> > fair amount of time.
> >
> > I don't like the idea of hacking a solution together, so I guess the real
> > question is, can OpenStack currently do this or not?
>
> I think that the answer is no, OpenStack can't make use of externally
> controlled (via DHCP) addresses. There isn't a way that I can think of
> that you can make the APIs function properly in that mode.
>
> That said, you don't need a complete network allocation in order to
> use it either. As long as you have a set of statically assigned
> addresses, you can configure OpenStack to use them. Even if the
> network admins will only give you a few addresses, that will work
> properly. The major issue is the fact that dhcp can change your
> address while an instance has an address allocated to it, so if that
> can't happen, you should be ok.
> -nld
>
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators [at] lists
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>

jim at freesolutions

Aug 14, 2012, 12:38 AM

Post #16 of 18 (866 views)
Permalink

Re: VM with a public IP [In reply to]

On Mon, 13 Aug 2012 21:16:24 -0500, Paul Walton wrote:
> I can certainly see the advantage to the current approach when you
> own
> the network, but there are so many cases where you simply can't
> modify
> the existing infrastructure. In my case, there is simply no reason
> for me to manage the network. Up until now, all I have needed was
> for my VM to make a DHCP request, and get a public IP. However, I
> really like the idea of OpenStack, and my boss is convinced that we
> need to be using it. So, unless OpenStack has the ability to do
> this, then I'm left with having my boss petition the network admins
> to
> give us a subnet to use. Which may take a fair amount of time.

Then that is what you have to do, I work within large organisations
managing their web services and have lost track the number of times I
needed to sit down and create a proposal for resources. This is an
organisational (Devops or Netops)) type issue not an Openstack issue.
>
> I don't like the idea of hacking a solution together, so I guess the
> real question is, can OpenStack currently do this or not?

You don't need to hack anything together, you need to sit down with
your manager and the networking team and see if they can help achieve
your aims.

No Openstack doesn't do this.

Jim Bailey
System Administration
Free Solutions Networks Ltd.
42 Whitehall Street
Aylesbury
Buckinghamshire HP20 2JW

Tel. 00441296336447
Mob. 00447960909881
www.freesolutions.co.uk

_______________________________________________
OpenStack-operators mailing list
OpenStack-operators [at] lists
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

trygvis at inamo

Aug 14, 2012, 12:52 AM

Post #17 of 18 (867 views)
Permalink

Re: VM with a public IP [In reply to]

On Mon, Aug 13, 2012 at 10:04:03PM -0400, Warren Wang wrote:
> I was hoping someone would answer Paul's question, as we are also
> interested in skipping the whole NAT thing. It's not as important in an
> enterprise environment where the VMs are going to have to have the floating
> addresses assigned anyways. Eliminating NAT makes it simpler. Yes, there
> are drawbacks, and it's less flexible, but it's also easier on the
> customers and cloud admins.
>
> It isn't impossible to hack in as is, but if it's been documented and test,
> it would be nice to have a guide.

What I did on the "public" dhcp server (which I also happen to own) was to get it to not give out IPs to images from the KVM ethernet MAC range (54:52:00). After that it all just worked with a flat dhcpd setup.

[snip]

--
Trygve

_______________________________________________
OpenStack-operators mailing list
OpenStack-operators [at] lists
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

kiall at managedit

Aug 14, 2012, 1:02 AM

Post #18 of 18 (867 views)
Permalink

Re: VM with a public IP [In reply to]

On Mon, Aug 13, 2012 at 10:55 PM, Paul Walton <paul.d.walton [at] gmail>wrote:

> So, as I understand things so far, OpenStack assumes that I have my own
> subnet of public IPs that I can freely use for my VMs? I can't imagine
> this being a reasonable design assumption to make on their part. Perhaps
> I'm overlooking something?

As others as explained, but I don't believe as clearly as possible, you
likely can fit OpenStack into your existing network.

I'll see if I can do better - the 'nova-network' service runs on 1 or more
servers, each of these servers (which may also host the 'nova-compute'
services - but not necessarily) must have a network interface on your
public subnet.

This subnet is currently managed by your organisations DHCP. If you can ask
your network admins to reserve/exclude a selection of IPs from DHCP
allocation, and if your network setup will allow those IPs to be used by
simply assigning to one of the 'nova-network' servers, you can use
OpenStack without problems.

These IPs need not be contiguous - eg you can be allocated 1.0.0.1, 1.0.0.5
and 1.0.0.10 and this will work.

At that point - those IP's can be added as floating IPs in nova, and
assigned to instances on any of the 'nova-compute' servers.

Thanks,
Kiall

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads