Floating IP

This section describes one of the fundamental elements of a network - floating IP addresses - and their role in creating a network infrastructure in the cloud. It discusses the matters of organising access to an instance and its services from public subnetworks while using the floating IPs.

Description

Floating IPs are static public IP addresses that can be assigned to the instances of a project. Floating IPs are intended to enable network accessibility to project instances using the mechanism of ‘secure network address translation’ (SNAT). The essence of this mechanism consists in replacing the source address during transmission of a packet in one direction and the return substitution of the destination address in the response packet.

Quota of floating IP addresses

Floating IP addresses are assigned to the project during the time that it is activated. Each project contains a limited number of floating IP addresses; the number is governed by the quota of public addresses defined by the project owner when ordering the SIM-Cloud service. To change the number of public floating IP addresses available, it is necessary to change the corresponding quota for the project, and then to carry out the assignment or release of the floating IP.

Linking or uncoupling the assigned IP

Floating IP addresses that are already dedicated to the project can be assigned to active instances from the web interface dashboard or via other service management interfaces: Openstack CLI or API.

Using the web interface, the user can assign (link) or remove previously assigned floating IPs from two points:

  • “Compute”/”Instances” –> “Associate Floating IP”
  • “Network”/”Floating IPs” –> “Associate”

To assign a floating IP it is necessary to specify an accessible public IP and the corresponding target port of the instance.

Warning

Assignment of a floating IP is allowable only for ports of instances whose subnetworks are switched with the provider router, since this is the only node of the project that has access to the public network. For this it is sufficient to connect the interface from the required subnetwork to the provider router and act as a gateway.

The internal router performs the secure network address translation and also ensures the necessary routing between the private and the public network of the project. No additional network settings or port forwarding need be carried out; the translation of ports and protocols is performed in a transparent mode.

If the above conditions are not met, the user will not be able to assign a floating IP to the required port of the instance.

To assign or uncouple IP addresses on the command line, the following Openstack CLI commands may be used:

Assigning a floating IP with openstack cli:

Syntax:

openstack floating ip set [-h] --port <port>
                          [--fixed-ip-address <ip-address>]
                          [--qos-policy <qos-policy> | --no-qos-policy]
                          <floating-ip>

openstack floating ip set --port <port> --fixed-ip-address <ip-address> <floating-ip>

Example:

openstack floating ip set --port qbfb9cad-f582-41c8-b821-910a4df65b3t --fixed-ip-address 20.20.20.11 156.67.54.xxx
где:
     qbfb9cad-f582-41c8-b821-910a4df65b3t - is the port to which the floating IP is to be assigned;
     --fixed-ip-address 20.20.20.11 - is the fixed IP address of the port for which the floating IP address is assigned;
     156.67.54.xxx - is the public floating IP address that will be assigned to the port of the instance (the final octet of the address, ‘xxx’, is hidden for security purposes).

Uncoupling an assigned IP using openstack cli:

Syntax:

openstack floating ip unset [--port] <floating-ip>


Example:

openstack floating ip unset --port  156.67.54.122

Key features of floating IP addresses

  • Floating IP addresses are not automatically assigned to instances; they must be assigned manually.
  • Floating IPs remain anchored to the project until the project user manually releases the address. If an address has been released by mistake, it is unlikely to be assigned again since addresses are issued on a random basis.
  • A floating IP can be assigned either via a web interface or via a console: Openstack CLI or API.
  • Floating IP addresses are in fact assigned to a port of an instance.
  • Floating addresses can be reassigned to any other instance at any point in time (provided that the subnetwork of the required port is switched with the internal router).
  • Users may issue floating IP addresses only with in the range of the ordered quota.
  • PTR-type DNS records can be issued for floating IP addresses.

Note

To enable public access to the services of the instance (SSH, RDP, HTTP, SMTP, SMTP, FTP, DNS etc.) to which the floating IP address is assigned, ensure that the services function and respond (‘listen to’) the IP address of the private subnetwork on which the public floating IP was assigned. If a public assigned floating IP is stated in the settings or configuration files of the service, that service will be unavailable. Access to the services of the instance at the private address will function on the basis of the SNAT mechanism.