[lug] networking question

duboulder blug-mail at duboulder.com
Sun Sep 13 00:28:05 MDT 2020 

Would a vpn help? The vpn ednpoint can define a destination net  which might be usable as an external network for open stack. This assumes the clients can use a vpn. And then there is the internal/external forwarding to be on the open stack host.



‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday, September 12, 2020 7:54 PM, David L. Willson <dlwillson at thegeek.nu> wrote:

> > You've got a couple issues here. One being that the upper/lower
> sub-nets would be /30 not /28.
>
> Oh, jeez. Yes, of course. I went the wrong way.
>
> > What's the goal here?
>
> I want to give my friends a whole OpenStack to play with. An OpenStack wants a routed public (at least public-seeming) network inside, among the many other demands it makes. I've done it with RFC-1918 networks, and it worked internally, but I really want it to work externally, someday, too. So, I asked my ISP if I can rent another subnet and put it behind a router of my own, and they said, "Nah, you can't." So, I looked at renting a subnet and a physical machine from logicweb, which would be similar to what I did at Delimiter until they became so horrible that I couldn't even with those guys anymore. But, the logicweb solution would be nearly $500/month between the subnet and machine, so that's also a "Nah, I can't." So, in desperation, I thought, "Maybe I can split my measly 16 addresses into two subnets." It wouldn't really work, though, now that I think about it, because OpenStack consumes addresses at about triple the rate I'd naively assume (i.e. nothing like 1 EIP to 1 IP, more like 1 EIP to 3 IPs). Short story very long and convoluted, I'm trying to do OpenStack for my learners and do it on the cheap.
>
> > My first take would be to make it a private subnet behind the linux box
> > (say something from 172.16.X.X) and have it do NAT. Otherwise you need
> > to do tricky things with virtual IPs, proxy ARPs as in:
>
> > https://tldp.org/HOWTO/Proxy-ARP-Subnet/how.html
>
> That is so out of my league. Several years ago, I might have been able to do a 1:1 range in a SonicWall, but that's about as deep as I ever went. Anything harder and I threw up my hands and called a vendor.
>
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety

More information about the LUG mailing list