non-NATed cloud network to provider network

The providernet extension, supported by a number of quantum plugins, is intended to address this. See http://docs.openstack.org/folsom/openstack-network/admin/content/provider_networks.html.

the extension provides a way to map physical networks to virtual network relationship. It does not address any NaaS connectivity directly. The NAT is mostly for overlapping IPs across multiple tenants, but if no overlapping IP inside the cloud,NAT could not be needed.

You should be able to set up a quantum provider network that has routed (non-NAT) external connectivity (i.e. via a physical router), and create a quantum subnet on that network with a pool of IPs that quantum's DHCP service will allocate to ports. You would deploy quantum-dhcp-agent for this network, but not deploy quantum-l3-agent, and VMs using this network would have direct external connectivity. This approach basically eliminates the private network, putting the VMs right on the public network.

It sounds like you'd like to use the quantum-l3-agent, but with NAT turned off for the external network. I'm not sure if this is possible right now, but the above suggestion might work for you if you don't need the quantum-l3-agent for other purposes.

What you just described is flat network case that will not support tenant-based network provisioning. For sure it is the simplest solution, but kind of too simple to support multiple tenants.

Right, I believe NAT should not be a native part of L3 agent, and we like to disable it somehow.

Understood. A shared flat external network might be sufficient in some cases, possibly even combined with private networks and appropriate security group rules. I agree routing to an external network without using NAT would also be a good feature. How about filing a bug requesting this?

I believe there is some discussion related to this here:
https://bugs.launchpad.net/quantum/+bug/1121129

Hi Sumit,

Thanks for pointing to this. Is this NVP specific extension or general Quantum solution? From the discussion I could not tell directly. If yes, I like the solution.

Thanks

Cool. I will follow up on your plan.

Thanks

Robert: Do you happen to know of any instructions or could provide the configurations needed for a quantum deployment without l3 as you described? I would be interested in that configuration. Thanks!

I to would love to be able to turn off NAT per tenant. I have a client who would like to launch cpanel/whm servers in my environment but they dont support a nat setup.

Joshua,

at the moment the only 'default gateway' solution that is allowed by Quantum uses NAT.
There's a blueprint in progress on this aspect: https://blueprints.launchpad.net/quantum/+spec/l3-ext-gw-modes/

However, this is not going to be part of the upcoming release.
If your instances have publicly routable addresses, you can probably leverage the solution Bob prosed in answer #3 in this thread.

Otherwise, if your instances have private addresses and the happens somewhere else in the nw infrastructure outside of openstack, I think Quantum at the moment does not provide a full solution that might address your needs.