Network Services on Public Cloud : Virtual Routers and Floating IPs

Neutron L3 capabilities on OpenStack

OVH’s Public Cloud solution now offers new network features : virtual routers and floating IPs, which add more flexibility when managing networks.

topology

 

Virtual routers

In addition to the classic private network management tools, you have now the option of creating virtual routers, as well as managing routes and NAT rules for your private networks. Here are some of the potential benefits this offers:

  • You can create instances that only utilise private ports rather than public ports, while keeping access to the internet passing though the virtual router. This can help maintain a high level of security (as no internet ingress traffic is possible), while retaining the option of contacting the repository, or anything else on the internet.
  • You can split your architecture on multiple networks, and configure routes on-demand, depending on your business logic. This way, you'll have a strong L2 isolation for select parts of your application and L3 routing, whenever it's required.

Limitations

  • Capacity is not guaranteed during the beta.
  • Outgoing throughput is currently limited to the maximum throughput of the instances behind the router and connected to the private network. Find out the maximum throughput for your instance here.

Floating IPs

Floating IPs are public IPs that you can use, which will be handled by a virtual router to address instances. There are multiple situations where floating IPs are useful:

  • You can define a floating IP for your application in advance, without having to create an instance to get a public IP. This can help you to manage DNS records.
  • You can link your floating IP to instances reachable though your virtual router, allowing you to enable internet ingress traffic on-demand.
  • You can switch the link from one instance to another at any time, which can help you manage outage situations, or simply schedule maintenance actions (running rolling upgrades on multiple nodes, for example).

 

This is a free beta. Public Cloud contractual conditions do not apply to this beta. This product should be only used for testing and not used in production.

After the beta, any active LBaaS will be charged, according to its respective contractual price. Beta users will be informed 1 month before General Availability.

Please give us feedback through the following channel :

 

Network Services

Floating IP

Free during the Beta*

Virtual Router*

Free during the Beta*
 

*Services will be billed after the beta.

 

Companion products

vRack and Private Networks 

Virtual routers use private networks attached to a customer vRack. Those feature are already available and can be configured through API or OVHcloud customer portal. More info here.

Loadbalancer as a Service (Octavia)

 You will need Floating IPs, Private Networks and Router to setup a public-to-private LBaaS using Octavia. Loadbalancer as a Service is also in public beta on GRA9 region, more info here.

 

How to use it with CLI?

Create a router

openstack router create myrouter

Create a private network

openstack network create private 
openstack subnet create --dhcp --gateway 192.168.1.1 --dns-nameserver 213.186.33.99 --subnet-range 192.168.1.0/24 --network private 192.168.1.0/24 

Add attachments

Attach this router to both Ext-Net and your private network

openstack router set --external-gateway Ext-Net myrouter 
openstack router add subnet myrouter 192.168.1.0/24 

Create servers

Create its with private network connection only.

openstack server create --image 'Debian 9' --net private --key-name fake --flavor c2-7 srv01 
openstack server create --image 'Debian 9' --net private --key-name fake --flavor c2-7 srv02 

Your server should now be able to ping internet from its private IP via routing (the router gateway in my example is 192.168.1.1)

Create a floating IP

openstack floating ip create Ext-Net 

Attach this floating IP to your server

openstack server add floating ip srv01 213.251.131.42 

Your can now ping your server using this public IP.

Switch this floating IP to another server

openstack server delete floating ip srv01 213.251.131.42 
openstack server add floating ip srv02 213.251.131.42 

 

 

Technical Information

Neutron version: Stein

CLI Documentation: Create and Manage networks

Active region: GRA9

FAQ

During the beta period, they are totally free. These resources will only be billed when they move to production.

The high availability of virtual routers and floating IPs will be part of the latter phases, and will be addressed before they enter production.

No. The floating IP capability only works on Ext-Net, to provide public IPs.

Status

  • BETA
  • GA