This patch applies a reverse SNAT rule to allow instances that have an
assigned floating IP to communicate with other instances in the same
OpenStack deployment, security group rules permitting. The patch
allows members of the same private network to communicate with each
other using their floating-ips in a more consistent fashion. The rule
also addresses the situation where the target is on another private
network.
This will only work for interaction between two servers that both have
floating IPs assigned to them.
Specifically, this patch solves the problem where a target server
"sees" the private address of the client. By SNAT'ing to the client's
floating-IP, the "sees" the correct reply address and the reverse
route follows the same path that an actual external connection would
take. The SNAT ONLY occurs if a DNAT occurred before hand, allowing
communication on private networks using private IPs to remain fully
private and internal. The limitation is of course if a DNAT occurs for
other reasons, there may be issues.
Reviewed: https:/ /review. openstack. org/28815 github. com/openstack/ nova/commit/ 314c419323ddd51 2babc4504ef8a4b e1e04f2af7
Committed: http://
Submitter: Jenkins
Branch: master
commit 314c419323ddd51 2babc4504ef8a4b e1e04f2af7
Author: Brent Eagles <email address hidden>
Date: Fri May 10 14:26:24 2013 -0230
Reverse path SNAT for DNAT floating-ip.
This patch applies a reverse SNAT rule to allow instances that have an
assigned floating IP to communicate with other instances in the same
OpenStack deployment, security group rules permitting. The patch
allows members of the same private network to communicate with each
other using their floating-ips in a more consistent fashion. The rule
also addresses the situation where the target is on another private
network.
This will only work for interaction between two servers that both have
floating IPs assigned to them.
Specifically, this patch solves the problem where a target server
"sees" the private address of the client. By SNAT'ing to the client's
floating-IP, the "sees" the correct reply address and the reverse
route follows the same path that an actual external connection would
take. The SNAT ONLY occurs if a DNAT occurred before hand, allowing
communication on private networks using private IPs to remain fully
private and internal. The limitation is of course if a DNAT occurs for
other reasons, there may be issues.
Resolves bug 1178745
Change-Id: I55b7131cff5fd5 a2ebf826945370d 4d550e74136