Answer by james-denton for Let say I assign a public address directly to an instance and then assign the .1 address from that same subnet to said instances associated DVR router. Great, fine and dandy. Then I also assign a flat external network on the outside of that DVR router that gets it to the internet. No problem. Traffic will go out from the VM, get SNATed on to the internet just fine. But, these are my design requirements: 1 - Public ip on VM 2 - DVR router 3 - NO SNAT So the ip assigned to the VM is the ip the internet would see and respond to. I know this is possible using a direct flat network with no DVR router, but our design requirements are that there is a DVR router... Also, just to be clear, I recognize for this to work, I would need to add a route on the external router outside the DVR router to ensure return traffic gets back to the vm. Is this idea possible? Thanks!

I realize I'm late to the party, but I'm curious to know why you're considering DVR if one of your requirements is a public IP on the VM/instance and no SNAT/DNAT. Even though you can disable SNAT and route the 'tenant' network to the external IP of the Neutron router, it only really works when the address is consistently the same. With DVR, every compute node will have a FIP namespace attached to a particular provider network, each with its own unique address from the subnet. It would be difficult to create an upstream route for the tenant (public, in your case) network, given that you wouldn't know which router/fip namespace would be the next hop. This isn't so much an issue for legacy or HA routers, since a single router acts as the gateway for the network. If possible, I would simplify your environment and forgo Neutron routers altogether, especially if you're talking a few networks, no NAT, and can rely on hardware failover (e.g. VRRP/HSRP).