SNATaaS
There is a number of ways to provide servers with internet access. For outbound traffic, this can be achieved with a floating IP, a proxy server or through the activated SNAT-as-a-Service for internet. Whereas a floating IP is a associated to a single instance, multiple instances can share the SNAT service.
Contents
The SNAT service has be be activated by project administration and is visible to the OpenStack user as a logical router.
SNAT activation
The SNAT service is implemented by a logical router which is a separate node from the project local router. It is visible in the list of routers as snat_juice_<project-name>_external_internet_provider_x (Figure 1).
Router configuration
First, the local network and subnet are created as described in https://pannet.atlassian.net/l/c/LBPBhoJt
After the SNAT service has been enabled (by the project administrator), outbound internet access is provided to project instances after adding the subnet to the SNAT logical router:
openstack router add subnet <router-id> <subnet-id>
Testing
To test the SNAT service, SSH access to an instance on the SNAT enabled local network is needed, such as by SSH proxy command through another instance with a floating IP.
No configuration is needed on the instance, provided that DNS server information has been added to the subnet declaration. A ping or curl to a public IP address would verify its operation. The SNAT is therefore easier to set up and use than a proxy server, see https://pannet.atlassian.net/l/c/WAJtuo5E