Article 145
Connecting ext_net to Router
In the previous section, we created the external network ext_net. Next, we need to connect it to Neutron’s virtual router so that instances can access the external network.
Click on the menu Project -> Network -> Routers to enter the router list.
Click the “Set Gateway” button for router_100_101.
Select ext_net from the “External Network” dropdown list and click “Set Gateway”.
The external network is successfully set. We need to see what changes have occurred with the router. Click the link for router_100_101 and open the “Interfaces” tab.
The router has a new interface with an IP of 10.10.10.2. This interface is used to connect to the external network ext_net, corresponding to the br-ex port qg-cf54d3ea-6a.
In the router’s namespace, we can see that qg-cf54d3ea-6a has been configured with IP 10.10.10.2.
The naming convention for router interfaces is as follows:
1. If the interface is used to connect to tenant networks, the naming format is qr-xxx.
2. If the interface is used to connect to external networks, the naming format is qg-xxx.
Check the routing table information of the router:
The default gateway is 10.10.10.1.
This means that for all traffic outside the tenant networks vlan100 and vlan101, router_100_101 will forward to the gateway 10.10.10.1 of ext_net.
Now router_100_101 is connected to three networks: vlan100, vlan101, and ext_net, as shown below:
Let’s test on cirros-vm3.
cirros-vm3 is located on the compute node and can now ping the external network gateway 10.10.10.1. Let’s check the path from cirros-vm3 to 10.10.10.1 using traceroute:
The data packet reaches the gateway 10.10.10.1 in two hops.
1. The packet is first sent to the interface of router_100_101 connected to vlan101 (172.16.101.1). 2. Then it is forwarded through the interface connected to ext_net (10.10.10.2) and finally reaches 10.10.10.1.
When the packet is sent out from the router’s external interface qg-cf54d3ea-6a, it performs Source NAT, modifying the source address to the router’s interface address 10.10.10.2. This ensures that the destination can send the response back to the router, which then forwards it back to the originating instance. For a detailed analysis of Source NAT, please refer to the relevant sections on routers in the Linux Bridge documentation.
Floating IP
By using SNAT, instances can access the external network directly, but external networks still cannot access instances directly. Direct access to instances means that the communication connection is initiated from the external network, such as SSHing into an instance from the external network. If direct access to instances from the external network is needed, floating IPs can be used.
The implementation of floating IPs in the Open vSwitch driver environment is exactly the same as that in the Linux Bridge driver: both achieve this by configuring iptables NAT rules on the external interface of the router providing the gateway. For a detailed analysis of floating IPs, please refer to the relevant sections on floating IPs in the Linux Bridge documentation.
Thus, we have completed the discussion of OVS routing services. In the next section, we will start learning about Neutron VxLAN’s OVS implementation.