Reference architecture private vs internal network
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Fuel for OpenStack |
Confirmed
|
Medium
|
Fuel Sustaining | ||
| Mitaka |
Won't Fix
|
Medium
|
Fuel Python (Deprecated) | ||
| Newton |
Confirmed
|
Medium
|
Fuel Sustaining | ||
Bug Description
There is a problem with proper naming of the networks in Reference architecture and Fuel settings in fact.
In the Networks description there should be different sections describing networks for different segmentation types (VXLAN, Nova-Network, VLANS).
Reference Architecture:
>Network Architecture:
Private network (Fixed network)
The private network facilitates communication between each tenant's VMs. Private network address spaces are not a part of the enterprise network address space; fixed IPs of virtual instances cannot be accessed directly from the rest of the Enterprise network.
Just like the public network, the private network should be isolated from other networks in the cluster for security reasons.
Internal Network
The internal network connects all OpenStack nodes in the environment. All components of an OpenStack environment communicate with each other using this network. This network must be isolated from both the private and public networks for security reasons. The internal network can also be used for serving iSCSI protocol exchanges between Compute and Storage nodes. The Internal Network is a generalizing term; it means that any network except for Public can be regarded as Internal: for example, Storage or Management. Do not confuse Internal with Private, as the latter is only related to the networks within a tenant, that provides communication between VMs within the specific tenant.
>At the same time in the examples:
Network Configuration Plan:
Floating/Public network 172.16.0.0/24 in VLAN 100 (untagged on servers)
Floating IP range 172.16.0.130 - 254
Internal network (private) 192.168.111.0/24
Gateway 192.168.111.1
DNS 8.8.4.4, 8.8.8.8
Tunnel ID range 2 - 65535
Management network 192.168.0.0/24 in VLAN 101
Storage network 192.168.1.0/24 in VLAN 102
Administrative network (for Fuel) 10.20.0.0/24 in VLAN 103
>In the Fuel settings (in fact):
In case VLAN segmentation is used - No Private network at all, Internal network == tenant network
In case GRE segmentation is used - Private network == tunneling network (connecting nodes with each others), Internal network == tenant network
| Changed in fuel: | |
| assignee: | nobody → Fuel build team (fuel-build) |
| Changed in fuel: | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| milestone: | none → 9.0 |
| Roman Vyalov (r0mikiam) wrote | #1 |
| Changed in fuel: | |
| status: | Confirmed → New |
| tags: | removed: area-build |
| Roman Vyalov (r0mikiam) wrote | #2 |
| Changed in fuel: | |
| assignee: | Fuel build team (fuel-build) → Fuel Python Team (fuel-python) |
| tags: | added: area-python |
| Changed in fuel: | |
| status: | New → Confirmed |
| tags: |
added: area-docs removed: area-python docs |
| tags: | added: area-python tech-debt |
| tags: | added: docs |
| Giuseppe Cossu (giuseppecossu) wrote | #3 |
@ivan according to the our policy : Bugs can be moved to Confirmed status only by the team that is currently assigned