Network Services on Public Cloud : Virtual Routers and Floating IPs
Neutron L3 capabilities on OpenStack
OVH’s Public Cloud solution now offers new network features : virtual routers and floating IPs, which add more flexibility when managing networks.
In addition to the classic private network management tools, you have now the option of creating virtual routers, as well as managing routes and NAT rules for your private networks. Here are some of the potential benefits this offers:
- You can create instances that only utilise private ports rather than public ports, while keeping access to the internet passing though the virtual router. This can help maintain a high level of security (as no internet ingress traffic is possible), while retaining the option of contacting the repository, or anything else on the internet.
- You can split your architecture on multiple networks, and configure routes on-demand, depending on your business logic. This way, you'll have a strong L2 isolation for select parts of your application and L3 routing, whenever it's required.
- Capacity is not guaranteed during the beta.
- Outgoing throughput is currently limited to the maximum throughput of the instances behind the router and connected to the private network. Find out the maximum throughput for your instance here.
Floating IPs are public IPs that you can use, which will be handled by a virtual router to address instances. There are multiple situations where floating IPs are useful:
- You can define a floating IP for your application in advance, without having to create an instance to get a public IP. This can help you to manage DNS records.
- You can link your floating IP to instances reachable though your virtual router, allowing you to enable internet ingress traffic on-demand.
- You can switch the link from one instance to another at any time, which can help you manage outage situations, or simply schedule maintenance actions (running rolling upgrades on multiple nodes, for example).
This is a free beta. Public Cloud contractual conditions do not apply to this beta. This product should be only used for testing and not used in production.
After the beta, any active LBaaS will be charged, according to its respective contractual price. Beta users will be informed 1 month before General Availability.
Please give us feedback through the following channel :
- Cloud ML : mailto:firstname.lastname@example.org
|Free during the Beta*|
|Free during the Beta*
*Services will be billed after the beta.
vRack and Private Networks
Virtual routers use private networks attached to a customer vRack. Those feature are already available and can be configured through API or OVHcloud customer portal. More info here.
Loadbalancer as a Service (Octavia)
You will need Floating IPs, Private Networks and Router to setup a public-to-private LBaaS using Octavia. Loadbalancer as a Service is also in public beta on GRA9 region, more info here.
How to use it with CLI?
Create a router
openstack router create myrouter
Create a private network
openstack network create private openstack subnet create --dhcp --gateway 192.168.1.1 --dns-nameserver 184.108.40.206 --subnet-range 192.168.1.0/24 --network private 192.168.1.0/24
Attach this router to both Ext-Net and your private network
openstack router set --external-gateway Ext-Net myrouter openstack router add subnet myrouter 192.168.1.0/24
Create its with private network connection only.
openstack server create --image 'Debian 9' --net private --key-name fake --flavor c2-7 srv01 openstack server create --image 'Debian 9' --net private --key-name fake --flavor c2-7 srv02
Your server should now be able to ping internet from its private IP via routing (the router gateway in my example is 192.168.1.1)
Create a floating IP
openstack floating ip create Ext-Net
Attach this floating IP to your server
openstack server add floating ip srv01 220.127.116.11
Your can now ping your server using this public IP.
Switch this floating IP to another server
openstack server delete floating ip srv01 18.104.22.168 openstack server add floating ip srv02 22.214.171.124
Neutron version: Stein
CLI Documentation: Create and Manage networks
Active region: GRA9
During the beta period, they are totally free. These resources will only be billed when they move to production.
The high availability of virtual routers and floating IPs will be part of the latter phases, and will be addressed before they enter production.
No. The floating IP capability only works on Ext-Net, to provide public IPs.