We are need our VIO and NSX configured to NOT use NAT. I have an existing working VIO with NSX with NAT but now I want to move away from NAT so that instances are assigned public IPs directly on the interface and not an internal IP.
If you are experienced in completing this and actually KNOW how to complete this then I am happy to pay someone to get this done.
You can DM me and I will provide additional details as well as my other contact information.
Hello Marinod73,
I added "bind_floatingip_to_all_interfaces = True" to the nsxv.ini... it make no modification to the Tenant Router (existing router or new one), the nat rule are still binded to the external interface.
I restart the neutron service and the entire deployment and it's the same.
I use VIO 3.0.
Any idea ?
Cedric.
Hi Cedric,
can you tell me, please, which version of NSX are you running?
Did you added completely the line or did you modify the line only (inserting True rather then False) ?
Cheers,
Domenico
Nsx 6.2.4
the line don't exist in the nsxv.ini file, so i have to add it.
HI Cedric,
if the line doesn't exist, this means, VMware VIO 3.0 (your current release) doesn't allow you to set this setting.
This setting is available from VMware VIO 3.1; at this point it is recommended to upgrade VIO.
According with:
and the compatibility matrix:
VMware Product Interoperability Matrices
you can install VIO only.
Cheers,
Domenico
Hello
Also what is the impact of adding this setting to existing running VMs and what needs to be restarted to activate this setting. Also does the change include running VMs or only new VMs
Hi Ben,
there is no negative impact on the current running VMs (edges), they will continue to operate without any issue.
The exact tasks to perform are the following:
-----------------------------------------------------------------------------------------
1) Using SSH, log into VMware Integrated OpenStack Manager.
2) From VMware Integrated OpenStack Manager, use SSH to log into one of the controller nodes (i.e. controller01).
ssh controller01
3) Switch to root user.
sudo su -
4) Edit /etc/neutron/plugins/vmware/nsxv.ini file, modifying bind_floatingip_to_all_interfaces = False parameter into bind_floatingip_to_all_interfaces = True. Save the file.
5) Restart VIO-Controller-0, from vCenter Server:
a.Navigate to the vSphere Web Client.
b.In the Inventories tab, click VMware Integrated OpenStack.
c.Click OpenStack deployments.
d.Click on your deployment.
e.Select VIO-Controller-0.
f.From the All Actions dropdown, click on Restart Services.
6) Once VIO-Controller-0 has been completely restarted, modify /etc/neutron/plugins/vmware/nsxv.ini file on controller02, restarting VIO-Controller-1.
7) Be sure that ingress and egress rules are correctly configured in Security Groups, associating them to the involved Instances.
😎 IF floating IP address were already associated to the involved Instances, disassociate and associate them back.
9) Test if Instances are able to communicate each other using their floating IP addresses.
-----------------------------------------------------------------------------------------
The change includes existing VMs and not.
Cheers,
Domenico
Oops forgot Controller-2
Thank you for the detailed guide. Much help as always.
Hi Ben,
so glad it helped you!
Cheers,
Domenico
Just tried it and after doing it the horizon dashboard received a 503 error... Scary stuff to see in production so I changed it right back!!
When you configure the Nsx driver to bind the Nat to internal interface, all communication of internal instance is proceed byt the edge.
Nat can be a "cpu intensive" process.
I will be interessted if you can provide feedback of the cpu overhead for all the Platform.
I hesitate to put it on my Platform to ovoid extra cpu consumption (we do not use a edge cluster, compute cluster and edge cluster are the same).
Cedric.
strange behavior Ben!
I tested multiple time the tasks in my lab and they worked fine.
If I can suggest... next steps are:
1) checking into the logs if any error message has been identified, starting checking the req related to 503 error message
2) configuring a maintenance window and restarting VIO completely (from vSphere Web client). I highly suppose the error is HA proxy related.
Cheers,
Domenico
I was thinking after I reverted everything that maybe I didnt wait long enough for the services to restart.
Is it true that restarting the controllers via the Openstack interface that it does not restart the VM only the services ?
Ill have more time later next week as I am flying to Europe on Monday so once I get settled ill have a little more time....didn't really feel like having a few hundred customers screaming at the this evening.
Ill touch based later next week for an update.
It restarts only the service!
Cheers,
Domenico