metadata service does not function when there are overlapping network address spaces

Registered by Carl Perry

When an OpenStack instance has multiple networks using the same IP address space the metadata service does not function as expected.

Blueprint information

dan wendlandt
Mark McClain
Needs approval
Mark McClain
Series goal:
Accepted for grizzly
Milestone target:
milestone icon 2013.1
Started by
Mark McClain
Completed by
Mark McClain

Related branches



If we think we're still in good shape to get this for G-1, please update to 'Good Progress', otherwise, move to G-2.

Note: Transferring this back to a blueprint since the work required too many changes late in the Folsom cycle. The old bug was originally:

The current Nova metadata server uses the remote IP of the connection to identify the instance making a request for metadata information. In an environment where Quantum and overlapping IPs are in use, the service is unable to properly identify the instance metadata that should be returned. This blueprint covers the changes necessary to make the metadata service work in the Quantum environment.

Hi all
I wrote some metadata proxy in tenant router namespace and patch nova-api for this issue.
please refer

It's just idea.


Hi, yes, that's definitely one possible approach that we were discussing. Rather than using tenant_id though, I would probably use network_id, since the same tenant could even have multiple networks with the same IP (e.g., if they had two copies of an application template running).

Also, I think you should be able to avoid having the DNAT rule populated at all, just by making sure the "metadata_ip"

I agree. net_id is better than tenant_id.
DNAT rule are managed my l3_agent(is'nt is?). here is just idea proof so I don't patch this.
I make patch l3_agent if time available.. ^^;

- whitekid

Gerrit topic:,topic:bp/metadata-overlapping-networks,n,z

Addressed by:
    add metadata proxy support for Quantum Networks


Work Items

Work items:
Add support to the Nova Metadata Service to retrieve data via Instance ID: TODO
Create a Quantum Metadata Service Proxy: TODO

This blueprint contains Public information 
Everyone can see this information.