Floating IPs and Virtual Routers on Public Cloud
Neutron L3 capabilities on OpenStack
OVH’s Public Cloud solution now offers a new feature as part of its network tools: virtual routers and floating IPs, which add more flexibility when it comes to managing networks and layer 3 capabilities.
In addition to the classic private network management tools, you have now the option of creating virtual routers, as well as managing routes and NAT rules for your private networks. Here are some of the potential benefits this offers:
- You can create instances that only utilise private ports rather than public ports, while keeping access to the internet passing though the virtual router. This can help maintain a high level of security (as no internet ingress traffic is possible), while retaining the option of contacting the repository, or anything else on the internet.
- You can split your architecture on multiple networks, and configure routes on-demand, depending on your business logic. This way, you'll have a strong L2 isolation for select parts of your application and L3 routing, whenever it's required.
Floating IPs are public IPs that you can use, which will be handled by a virtual router to address instances. There are multiple situations where floating IPs are useful:
- You can define a floating IP for your application in advance, without having to create an instance to get a public IP. This can help you to manage DNS records.
- You can link your floating IP to instances reachable though your virtual router, allowing you to enable internet ingress traffic on-demand.
- You can switch the link from one instance to another at any time, which can help you manage outage situations, or simply schedule maintenance actions (running rolling upgrades on multiple nodes, for example).
Neutron version: Newton
CLI Documentation: Create and Manage networks
Active regions: GRA5, SBG5
How to use it with CLI?
Create a router
openstack router create myrouter
Create a private network
openstack network create private openstack subnet create --dhcp --gateway 192.168.1.1 --dns-nameserver 18.104.22.168 --subnet-range 192.168.1.0/24 --network private 192.168.1.0/24
Attach this router to both Ext-Net and your private network
openstack router set --external-gateway Ext-Net myrouter openstack router add subnet myrouter 192.168.1.0/24
Create its with private network connection only.
openstack server create --image 'Debian 9' --net private --key-name fake --flavor c2-7 srv01 openstack server create --image 'Debian 9' --net private --key-name fake --flavor c2-7 srv02
Your server should now be able to ping internet from its private IP via routing (the router gateway in my example is 192.168.1.1)
Create a floating IP
openstack floating ip create Ext-Net
Attach this floating IP to your server
openstack server add floating ip srv01 22.214.171.124
Your can now ping your server using this public IP.
Switch this floating IP to another server
openstack server delete floating ip srv01 126.96.36.199 openstack server add floating ip srv02 188.8.131.52
During the alpha period, they are totally free. These resources will only be billed when they move to production.
The high availability of virtual routers and floating IPs will be part of the latter phases, and will be addressed before they enter production.
No. The floating IP capability only works on Ext-Net, to provide public IPs.