Floating IPs and Virtual Routers on Public Cloud

Neutron L3 capabilities on OpenStack

OVH’s Public Cloud solution now offers a new feature as part of its network tools: virtual routers and floating IPs, which add more flexibility when it comes to managing networks and layer 3 capabilities.

topology

 

Virtual routers

In addition to the classic private network management tools, you have now the option of creating virtual routers, as well as managing routes and NAT rules for your private networks. Here are some of the potential benefits this offers:

  • You can create instances that only utilise private ports rather than public ports, while keeping access to the internet passing though the virtual router. This can help maintain a high level of security (as no internet ingress traffic is possible), while retaining the option of contacting the repository, or anything else on the internet.
  • You can split your architecture on multiple networks, and configure routes on-demand, depending on your business logic. This way, you'll have a strong L2 isolation for select parts of your application and L3 routing, whenever it's required.

Floating IPs

Floating IPs are public IPs that you can use, which will be handled by a virtual router to address instances. There are multiple situations where floating IPs are useful:

  • You can define a floating IP for your application in advance, without having to create an instance to get a public IP. This can help you to manage DNS records.
  • You can link your floating IP to instances reachable though your virtual router, allowing you to enable internet ingress traffic on-demand.
  • You can switch the link from one instance to another at any time, which can help you manage outage situations, or simply schedule maintenance actions (running rolling upgrades on multiple nodes, for example).

Technical Information

Neutron version: Newton

CLI Documentation: Create and Manage networks

Active region: GRA5

How to use it with CLI?

Create a router

openstack router create myrouter

Create a private network

openstack network create private 
openstack subnet create --dhcp --gateway 192.168.1.1 --dns-nameserver 213.186.33.99 --subnet-range 192.168.1.0/24 --network private 192.168.1.0/24 

Add attachments

Attach this router to both Ext-Net and your private network

openstack router set --external-gateway Ext-Net myrouter 
openstack router add subnet myrouter 192.168.1.0/24 

Create servers

Create its with private network connection only.

openstack server create --image 'Debian 9' --net private --key-name fake --flavor c2-7 srv01 
openstack server create --image 'Debian 9' --net private --key-name fake --flavor c2-7 srv02 

Your server should now be able to ping internet from its private IP via routing (the router gateway in my example is 192.168.1.1)

Create a floating IP

openstack floating ip create Ext-Net 

Attach this floating IP to your server

openstack server add floating ip srv01 213.251.131.42 

Your can now ping your server using this public IP.

Switch this floating IP to another server

openstack server delete floating ip srv01 213.251.131.42 
openstack server add floating ip srv02 213.251.131.42 

FAQ

During the alpha period, they are totally free. These resources will only be billed when they move to production.

The high availability of virtual routers and floating IPs will be part of the latter phases, and will be addressed before they enter production.

No. The floating IP capability only works on Ext-Net, to provide public IPs.

Status

  • ALPHA
  • BETA
  • GAMMA

Are you interested in OpenStack L3 services ?