[RFE] Automatically allow incoming DHCP traffic for networks which uses external dhcp server
Bug #1785213 reported by
Slawek Kaplonski
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Triaged
|
Wishlist
|
Slawek Kaplonski |
Bug Description
Use Case:
User wants to use provider network with some external dhcp server.
Now he need to add proper security group rule to allow incoming dhcp traffic to his instances.
Proposed solution:
Add new attribute to network, something like "external-dhcp".
Ports connected to this network, will automatically have added to iptables rule to allow incoming dhcp traffic.
Changed in neutron: | |
importance: | Undecided → Wishlist |
Changed in neutron: | |
status: | New → Triaged |
tags: |
added: rfe-triaged removed: rfe |
To post a comment you must log in.
Some more details why I want to add something like that below.
Sometime there is need that instance to live in the same address space as e.g. dedicated servers in organization's network.
Two DHCP server in the same pool are bound to collide some time.
So the option here might be to use external DHCP server which will assign IPs for all devices in network.
Possible other option might be to use different pools of IPs in subnet used in Neutron and in external DHCP server for dedicated servers, but that is sometimes not a viable solution.
Sometimes You can't easilly make sure that in a live production environment you have a slice which is free and falls into a normal range.
So other solution might be to use only external dhcp server for all: dedicated servers and OpenStack instances.
There is of course question how to make external dhcp server aware of what IPs should be assigned to OS instances but IMO that can be done e.g. in DHCP server by adding some plugin which can ask Neutron API for such API. So it's doable but implementation of this should not be the case of this RFE.
I just think that would be good to add such flag to external network to make this setting more clear than configuring Security group rules - which are necessary for incoming traffic now but aren't necessary for outgoing DHCP request.