stackoom
  简体   繁体   中英

Openstack: How to give the management network Internet?

 原文  2020-09-27 15:40:10       networking/ ansible/ openstack/ nat/ openstack-neutron

Question

I'm an OpenStack beginner and want to install it with openstack-ansible following the official guide.

I have 4 machines each have 2 NICs. One of the machines is the typical "deployment host" to install openstack to the 3 other hosts. The first NIC is for external Network / Internet for exposing VMs and the second NIC is connected with a switch for the internal management network (br-mgmnt <-> NIC2 <-> switch <-> other machine's NIC2).

The problem is that the switch has no do NAT and has no external network access, so internal services in the management network have no Internet. But Internet for the management network is needed as documented in: https://docs.openstack.org/newton/install-guide-ubuntu/environment-networking.html

Management on 10.0.0.0/24 with gateway 10.0.0.1 This network requires a gateway to provide Internet access to all nodes for administrative purposes such as package installation, security updates, DNS, and NTP.

  1. How can I work around this and provide Internet to the management network?
  2. Can I use iptables to route all traffic that is not an internal destination from the management network to use the external networking NIC instead of using the switch?
  3. Or should I install a NAT router / gateway on one of the host machines to give the switch Internet to the management network? (switch <- internal -> NIC2 <-> NAT <- external -> NIC1)
  4. Is here even another network topology I should consider?

Thanks for the help!

1 answers

solution1
 0  2020-09-27 19:55:08

You should strip 'openstack' from description of this problem. It's usual complication on 'private network'. You want to have an isolated network, but you need to have some external resources available to you.

Normally you should have your private network having some limited internet access (fe NAT or proxy server).

Some providers (fe servers.com) provides some nice things in their private network (dns, ntp, package mirrors).

Alternatively you can use two internet networks and assign on of them to be 'management'.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question OpenStack how to route 2 subnet of the same Network How to disable internet in a centos VM instance created using openstack? All-in-One Openstack instance network not communicate to LAN network - External-VM ping OK - VM-External/Internet ping NOT OK Add external network to openstack How to Access Openstack on my local machine from External network? How can I integrate OpenStack instances in my local network? How to access the openstack vm instance from external network from VM How to create multiple provider network with multiple NIC port in Openstack OpenStack Instance connect with External internet How to applications listen in local network on internet?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM