| *** mhen_ is now known as mhen | 02:12 | |
| asyncmeow | hello! i just got a new openstack deployment running for testing using openstack kolla-ansible. one question i have though is that it seems like i can't use the same IP on the external network for both inbound and outbound networking. i created my external network with this terraform configuration: https://gist.github.com/asyncmeow/8d22dede274fbc7c814ea65820f48a55 however, when i create a router set up to use that as the | 02:54 |
|---|---|---|
| asyncmeow | external network for outbound networking and a floating IP for inbound networking, two IPs are used on the external network. is this expected? what's the proper way to do this? | 02:54 |
| d1nuc0m | Hi guys, has anyone used SystemRescue CD (or any other live ISO) as a rescue image for a volume-backed instance? | 10:53 |
| asyncmeow | hey! i asked this last night, but on a new openstack deployment w/ kolla-ansible, is there a way I can have the same external IP address used for both inbound and outbound networking? i have a router created with the external network set, as well as a floating IP created and assigned, however it looks like two IPs are used on the external network in that case (one for inbound, one for outbound). | 18:47 |
| frickler | asyncmeow: if the floating IP is assigned to a server/port, it is getting used for both inbound and outbound traffic for that server. if your concern is about the "wasted" IP, have a look at https://docs.openstack.org/neutron/latest/admin/config-service-subnets.html | 18:53 |
| asyncmeow | i'll read through that - thanks! | 18:56 |
| asyncmeow | (my concern was about the wasted IP, since it would only be used for outbound, not inbound traffic) | 18:57 |
| asyncmeow | from quickly skimming that, frickler, i'm guessing i'd set up one subnet for FIPs and another subnet for normal router IP allocations? | 18:59 |
| frickler | asyncmeow: yes, and you can use private IPs for the latter and do static NAT for them on your external router. or not at all, if everything has a FIP | 19:01 |
| asyncmeow | frickler: so, what i want ideally is a setup like I have now with opnsense running in a VM, where all outbound traffic from an entire network comes out of a single IP, and I can do port forwarding for inbound traffic on the same IP address to decide where that traffic goes. is that a supported configuration? | 19:07 |
| asyncmeow | my concern with the separate subnets idea is that there will be multiple prople using this setup, and i'd like each of them to not have to share an IP address for outbound networking on instances not assigned an FIP | 19:09 |
| asyncmeow | (ie. my existing setup has a small pool of four external IPs, but many internal VMs with inbound traffic being routed around between them via port forwarding on an individual IP basis, and outbound traffic being SNATed based on which subnet they're coming from internally, but that setup is a lot of manual config that i'm wanting to get rid of) | 19:10 |
| frickler | asyncmeow: I fear that neutron isn't really fit to support such a setup | 19:26 |
| asyncmeow | so, i guess my next question (that i'm guessing the answer to is 'no', but asking just in case) - is there another networking service i can use that could do that? | 19:37 |
| frickler | not for openstack | 19:39 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!