Wednesday, 2022-01-05

« Tuesday, 2022-01-04 Index Thursday, 2022-01-06 »
*** rlandy|ruck is now known as rlandy|out01:07
*** queria is now known as Guest1030403:26
*** queria is now known as Guest1030603:30
DK4hello if i have two availabitility zones is it possible to span a vxlan between them?06:37
admin1DK4,  yes if you have L2 connectivity between both datacenters,..  07:45
gueswhatadmin1: hi, back to you answer.. static routes on routes ? do i need to use two routers? router1( public, internal ) and router2 ( external, internal ) ? or just one router(external,internal, public ) and set gateway to public and use static routes ?08:18
admin1gueswhat, if you look into https://netplan.io/examples/  .. you will see how to use routes per interface option .. so if you have 2 external gateways, you can connect an instance to 2 diff gateways connecting to 2 diff networks .. and then using netplan to decide what goes where08:48
admin1router is always connected to a network specified as external 08:48
gueswhatoh, so by built in rt-tables = os route tables = netplan in case of ubuntu, right ?08:49
*** rlandy|out is now known as rlandy|ruck11:13
*** dansmith is now known as Guest1035111:26
gueswhatadmin1: like this https://pastebin.com/raw/DJ7nahLu ?13:00
gueswhatsry, this one is correct paste https://pastebin.com/raw/v2ephw4Q13:02
admin1yes sir .. metric can also be different to give priority to one vs another13:09
gueswhatbut this means, that i have to edit netplan config after creating router, or is possible to set fixed ip for external gateway? it generates random ip via horizon13:13
admin1if its external, the ip is assigned via dhcp .. which is OK 13:37
admin1if its internal network, you can create a port and ask for specific ip address 13:38
DK4can you run swift as a standalone with openstack?13:47
admin1swift can run standalone , but needs keystone 13:53
admin1so keystone + swift is possible 13:53
timburke__DK4, yes, swift can absolutely be used standalone! even the keystone requirement is loose, if you've got an alternate auth system (foregoing auth all together is generally not recommended). i've got a single-box swift "cluster" running out of my garage that's just using the in-tree tempauth middleware16:18
gueswhatadmin1: "if its internal network, you can create a port and ask for specific ip address...", but one can not use this for internal networks, right? 16:31
gueswhatinternal ( provider network, but not external) , not tenant network16:33
gueswhatoh gosh, these naming conventions are totally confusing16:33
jrosser_jrosser_: yes - thats why i really struggled the other day to help becasue your terms are all kind of overloaded16:33
jrosser_gueswhat: ^16:34
jrosser_i was unclear if you were using openstack tenant/project networks at all, or if it was all with provider networks16:35
jrosser_or if you intended to use neutron L3 routers, or simply extend some vlans in/out of openstack16:35
gueswhatoh, makes sense... , its confusing for me still..  i have three networks ; public ( provider, external ); external ( provider, nonexternal ); internal ( nonprovider, nonexternal ) and i want to route from internal to external -> 10.0.0.0/8 range ( to reach non openstack resources ) and viceversa.. and the same time route from internal to public to be able to assign public floating IP address. But if I set external ( provider ) as external network, 16:39
gueswhatit will break routing and instance would not be accesible from internet16:39
gueswhatjrosser_ ^16:39
jrosser_internal sounds like a project network created by neutron, on a vlan/vxlan id you don't control16:40
gueswhatyes, tenant network, correct?16:40
jrosser_i believe the term is project network16:42
jrosser_and your public network is internet (for example) where floating IP will go?16:43
gueswhatyes16:43
jrosser_so everything about that is completely standard, and you could create an instance on the project network (like 192.168.x.y) and put a floating IP on it, which is hosted at the neutron router16:44
jrosser_you could then create another provider network, with the vlan ID of your non-openstack resources16:44
jrosser_that can then be another interface on your VM, or I think you can attach it to the neutron router and get routes given to your instances by dhcp16:45
jrosser_you'd have to check that last bit as i've never personally done that16:45
*** Guest10351 is now known as dansmith16:46
jrosser_this is exactly the sort of thing you can play with in an all-in-one deployment of openstack, to see what you can do16:47
*** rlandy|ruck is now known as rlandy|ruck|lunch17:09
gueswhatadmin1: suggested routes via os level ( netplan in case ubuntu )17:14
gueswhatbut its superconfusing, cuz you can not set static ip address for router ( for its gateway ip )17:15
jrosser_from the perspective of the VM the IP of the router is the one on the project network17:16
jrosser_just like when you are at home on your DSL you don't really care so much about whatever external address your modem has17:16
gueswhatsee this https://pastebin.com/raw/v2ephw4Q17:16
gueswhatdefault route on eth1 inteface should have lower metric than default route on eth2 interface17:18
jrosser_are you sure having a default route on two interfaces is a good idea?17:20
gueswhatthis on is updated diagram https://drive.google.com/file/d/1KM4CzO7RgY8JoRtY4QZu7HPgPlyeB80O/view?usp=sharing17:25
gueswhatcuz, i can achieve outbound connectivity via pfsense router in external network without routing via public network17:26
gueswhatbut at the same time if there allocation for public IP, lower metric will win and it will be routed via public netwok17:27
gueswhatits not hard requirement to have default route to internet on external network17:27
gueswhatbut can provide me some flexibility17:27
admin1gueswhat, from the diagram, you have 2 external networks ... one external network is private inside your lan , one is public with some public ips ..  the netplan you pasted is also OK .. the only thing is the same metric on the default gateways .. it will confuse the packets 17:29
admin1for example, you want to ping 8.8.8.8  .. in this netplan, it might go out form eth0 .. or eth1 .. there is no guarantee .. 17:29
admin1but if you use diff metric,  the packets based on routes will be routed ..  for everything else, it will always follow X path if available and if not, the other 17:30
gueswhatyes, default route with metric 200 for eth2 ( public ) and default route with metric 300 for eth1 ( external/lan ) 17:32
admin1else you might end up wtih broken conections .. you curl google ....   packets go out eth0 (syn )  via public IP   a.b.c.d  .. google does an ack for a.b.c.d .. then you do syn-ack .. but this now goes out of eth1 .. m.n.o.p .17:32
admin1that will work 17:33
gueswhatbut still apply that i have to route via gateways assigned as a fixed ip addresses on both routers .. exernal and internal ( and both are assigned dynamically ). that means that i have to edit and apply netplan after router creating, and every recreating of router will break netplan routing, right ?17:34
admin1you create external network and router ONCE :) 17:35
admin1not everytime 17:35
gueswhatoh yea, thats true17:35
*** rlandy|ruck|lunch is now known as rlandy|ruck17:35
admin1see, when you create a router, its attached to an external network .. now whatever ip that external network has ( public ) or (private) you don't care about it .... you have 2 networks means you get likely for example 192.168.100.1 and 192.168.200.1 as 2 gateways .. 17:37
admin1that always remain the same .. 17:37
admin1for the network 17:37
admin1when you create a router in the external network, its gets an IP .. but that IP is for its own use .. you don't need to know it or record it or use it ..   .. what you use is 99.9% the x.y.z.1  ip for the networks/subnets you create and attach to the router interface17:39
gueswhatwait, and netplan has to use internal gateways from private subnet ? 17:39
admin1without seeing your network command or your network diagram, we are at loss of how your vm is connected and attached 17:40
admin1you send your platform diagram .. we know how the openstack is 17:40
admin1but if you go into network and topologies .. you can see a graph and a diagram 17:40
admin1that shows how this specific VM is connected to your network and subnets 17:41
gueswhatill try to make something, 15afk17:41
admin1another method, in cases like yours where a vm needs to be in internal (office )  network, its possible to add a network as direct-dhcp .. https://www.openstackfaq.com/openstack-add-direct-attached-dhcp-ip/  -- here, the need for an additional subnet or router does not exist 17:42
admin1your gateway is .1 somewhere in the same L2/vlan  .. you add a network like this ... openstack takes care of dhcp assignment ..  your instance gets a direct IP from the network where .1 is in the lan .. and then there is no need to create any extra subnet and a router and then do the 1:1 nat for internal connectivity 17:43
admin1this makes it equivalent to a vps provider where you create an instance on a network and you get a direct public IP .. no nat, no routers, no extra internal network  involved 17:44
admin1the only drawback is .. the ip is also ephemeral ..if you delete the instance, the ip is also gone .. and could be reassigned .. 17:46
*** cloudnull5 is now known as cloudnull18:21
gueswhatinteresting, but its not so straightforward, like setting routes on each subnet18:23
gueswhatstraightforward for endusers18:23
gueswhatthis routing thing is much worse for admins18:24
gueswhatos-routing thing18:24
gueswhatbtw should i set gateway ip in each subnet to router`s interface ip ? 18:25
gueswhatif i am creating subnet, do i need to set gateway ip to neutron router by default ?20:06
*** timburke__ is now known as timburke20:58
« Tuesday, 2022-01-04 Index Thursday, 2022-01-06 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!