0

I have the following problem, following up on my previous attempt to seek help.

I have a VM that wants to communicate with other VMs that reside somewhere outside of OpenStack. I tried doing that simply by assigning a floating ip. However this fails as soon as the VM is starting to communicate by binding to the floating ip.

This effectively means, the VM must be able to send packets originating from the floating ip. This however gets filtered out right away, and does not even leave the hypervisor node. The question now left is: How can I make OpenStack/openVSwitch obey? It should allow sending IP Packets from floating ips when the VM owns them.

Thanks so much in advance.

thurlimann
  • 1
  • 2
  • Normally, you don't need a floating IP to communicate with the outside world. By default, routers with an external gateway perform SNAT, with and without floating IP. If the sending VM has a floating IP, packets will have the floating IP as source. – berndbausch Jul 22 '21 at 14:49
  • You seem to say that binding a socket to the floating IP fails. This is true. The VM's kernel knows nothing about the floating IP and refuses binding. Solution: Bind to the fixed IP. – berndbausch Jul 22 '21 at 14:52
  • @berndbausch well you're wrong... . Binding is easily possible by adding the IP locally to the VM as well. This is a common practice outside the OpenStack universe for externally routed VIPs. And I need to bind, since the daemons, flannel, calico etcd. need to know the external ip and there is no mode to tell them to operate in a non binding mode while respecting the real external ip. – thurlimann Jul 23 '21 at 06:58
  • Sure, you can add any IP to the VM. The question is whether you can use that IP to connect to anything. I have installed Kubernetes with flannel on OpenStack, manually and with Magnum (in case you are interested: https://itnext.io/running-a-kubernetes-cluster-on-devstack-533d579bb2f9), without the need to add the floating IP to VMs' interfaces. – berndbausch Jul 23 '21 at 11:18
  • well you missed the point unfortunately. @berndrausch . This will not work if you have nodes outside of openstack **and** inside openstack. – thurlimann Jul 26 '21 at 12:41

0 Answers0