If you are using Compute's nova-network
instead of OpenStack Networking (neutron) for networking in OpenStack, use procedures in
this section to configure floating IP addresses. For instructions on how to configure
OpenStack Networking (neutron) to provide access to instances through floating IP
addresses, see the section called “L3 routing and NAT”.
Every virtual instance is automatically assigned a private IP address. You can optionally assign public IP addresses to instances. The term floating IP refers to an IP address, typically public, that you can dynamically add to a running virtual instance. OpenStack Compute uses Network Address Translation (NAT) to assign floating IPs to virtual instances.
If you plan to use this feature, you must add
edit the /etc/nova/nova.conf
file to specify to which interface the nova-network
service binds public IP addresses, as
follows:
public_interface=vlan100If you make changes to the
/etc/nova/nova.conf file
while the nova-network service is running,
you must restart the service.
![[Note]](../common/images/admon/note.png) | Traffic between VMs using floating IPs |
|---|---|
Because floating IPs are implemented by using a source NAT (SNAT rule in iptables), security groups can display inconsistent behavior if VMs use their floating IP to communicate with other VMs, particularly on the same physical host. Traffic from VM to VM across the fixed network does not have this issue, and so this is the recommended path. To ensure that traffic does not get SNATed to the floating range, explicitly set: dmz_cidr=x.x.x.x/y The
|
By default, IP forwarding is disabled on most Linux distributions. To use the floating IP feature, you must enable IP forwarding.
| Note |
|---|---|
You must enable IP forwarding only on the nodes that run the |
To check whether forwarding is enabled, run:
$ cat /proc/sys/net/ipv4/ip_forward 0
Alternatively, you can run:
$ sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0
In the previous example, IP forwarding is disabled. To enable it dynamically, run:
# sysctl -w net.ipv4.ip_forward=1
Or:
# echo 1 > /proc/sys/net/ipv4/ip_forward
To make the changes permanent, edit the
/etc/sysctl.conf file and
update the IP forwarding setting:
net.ipv4.ip_forward = 1
Save the file and run the following command to apply the changes:
# sysctl -p
You can also update the setting by restarting the network service:
On Ubuntu, run:
#/etc/init.d/procps.sh restart
On RHEL/Fedora/CentOS, run:
# service network restart
Compute maintains a list of floating IP addresses that you can assign to instances. Use the nova-manage floating create command to add entries to this list.
For example:
# nova-manage floating create --pool=nova --ip_range=68.99.26.170/31
You can use the following nova-manage commands to perform floating IP operations:
# nova-manage floating list
Lists the floating IP addresses in the pool.
# nova-manage floating create --pool=
[pool name]--ip_range=[CIDR]Creates specific floating IPs for either a single address or a subnet.
# nova-manage floating delete
[CIDR]Removes floating IP addresses using the same parameters as the create command.
For information about how administrators can associate floating IPs with instances, see Manage IP addresses in the OpenStack Admin User Guide.
You can configure the nova-network
service to automatically allocate and assign a
floating IP address to virtual instances when they
are launched. Add the following line to the
/etc/nova/nova.conf file
and restart the nova-network service:
auto_assign_floating_ip=True
| Note |
|---|---|
If you enable this option and all floating IP addresses have already been allocated, the nova boot command fails. |
