I created ~10 nodes DevStack installation to learn more about how OpenStack manages the networking. I created some VMS, and verified them on some host like following:
virsh # list
Id Name State
----------------------------------------------------
2 instance-0000001b running
3 instance-0000001f running
4 instance-00000024 running
5 instance-0000002c running
I have associated a floaring IP to instance id 2, I verified it by looking its openstack id and matching with output of virsh dumpxml 2. It has teh following floating IP: 172.16.6.12 and local ip: 10.4.128.11
I see it uses vnet0:
<interface type='bridge'>
<mac address='fa:16:3e:a1:f8:65'/>
<source bridge='br100'/>
<target dev='vnet0'/>
<model type='virtio'/>
<filterref filter='nova-instance-instance-0000001b-fa163ea1f865'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
Doing ifconfig vnet0, it shows no IP address:
vnet0 Link encap:Ethernet HWaddr fe:16:3e:a1:f8:65
inet6 addr: fe80::fc16:3eff:fea1:f865/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:70 errors:0 dropped:0 overruns:0 frame:0
TX packets:44216 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:7232 (7.2 KB) TX bytes:29123311 (29.1 MB)
As I execute ip addr, I see the IP address is defined in the bridge, br100.
4: br100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether d8:50:e6:c3:22:ee brd ff:ff:ff:ff:ff:ff
inet 10.4.128.13/20 brd 10.4.143.255 scope global br100
valid_lft forever preferred_lft forever
inet 172.16.0.101/21 brd 172.16.7.255 scope global br100
valid_lft forever preferred_lft forever
inet 172.16.6.12/32 scope global br100
valid_lft forever preferred_lft forever
inet 172.16.6.19/32 scope global br100
valid_lft forever preferred_lft forever
inet6 fe80::80b6:99ff:fef7:dc16/64 scope link
valid_lft forever preferred_lft forever
5: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br100 state UNKNOWN group default qlen 500
link/ether fe:16:3e:a1:f8:65 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc16:3eff:fea1:f865/64 scope link
valid_lft forever preferred_lft forever
- 172.16.0.101/21 : The host IP
- 172.16.6.12/32: The VM Floating IP
However, where is the assocation that vnet0 --> 172.16.6.12 (floating IP) ? Why the traffic coming to 172.16.6.19 do not go to 172.16.6.12,
I looked for iptables rules, but there is nothing indicating vnet0 or the floating ip. How is this done? I see they are bridged with brctl, but there is no IP-MAC association I can see. It is not even in arp tables. I looked into iptables or listening ports if any forwarding is done is userspace, but it is not.
bridge name bridge id STP enabled interfaces
br100 8000.d850e6c322ee no eth0
vnet0
vnet1
vnet2
vnet3
Okay I found it. I forgot to look at iptables NAT rules, it uses to forward given floating ips to that veth devices.