[openstack-dev] [neutron] route metrics inside VR

Fri, 09 Mar 2018 07:32:15 -0800 

Dear colleagues,
for some reasons (see below explanation) , I'm trying to deploy the following network configuration: 

                  Network
+-------------------------------------------+
 Subnet-1                         Subnet-2
+---+----+--+                   +----+------+
    |    |        +----+             |
    |    |        |    |             |
    |    +--------+ VR +-------------+
    |             |    |
 +--+-+           +----+
 |    |
 | VM |
 |    |
 +----+


where VR is Neutron's virtual router, connected to two subnets, which 
belong to same network:

Subnet-1 is "LAN" interface (25.0.0.1/8) connected to qr-64c53cf8-d9

Subnet-2 is external gateway (51.x.x.x) connected to qg-16bdddb1-d5 with 
SNAT enabled



The reason why I'm trying to use this configuration is pretty simple - 
this allows to switch VM between diffrent address scopes (e.g. "grey" 
and "white") while preserving port/MAC (which is created in the 
"Network" and remains there while I'm switching VM between different 
subnets).


Such configuration produces the following commands list when creating VR:


14:45:18.043 Running command: ['ip', 'netns', 'exec', 'qrouter-UUID', 
'ip', '-4', 'addr', 'add', '25.0.0.1/8', 'scope', 'global', 'dev', 
'qr-64c53cf8-d9', 'brd', '25.255.255.255']
14:45:19.815 Running command: ['ip', 'netns', 'exec', 'qrouter-UUID', 
'ip', '-4', 'addr', 'add', '51.x.x.x/24', 'scope', 'global', 'dev', 
'qg-16bdddb1-d5', 'brd', '51.x.x.255']
14:45:20.283 Running command: ['ip', 'netns', 'exec', 'qrouter-UUID', 
'ip', '-4', 'route', 'replace', '25.0.0.0/8', 'dev', 'qg-16bdddb1-d5', 
'scope', 'link']
14:45:20.919 Running command: ['ip', 'netns', 'exec', 'qrouter-UUID', 
'ip', '-4', 'route', 'replace', 'default', 'via', '51.x.x.254', 'dev', 
'qg-16bdddb1-d5']



Since 25/8 is extra subnet of "Network",  Neutron installs this entry 
(by using 'ip route replace') despite the fact that there should be 
connected route (via qr-64c53cf8-d9).



Due to current implementation, all traffic from VR to directly connected 
"subnet-1" goes over "subnet-2" (through NAT) and, thus, VM in Subnet-1 
can't access VR - it "pings" local address (25.0.0.1) while replies 
return from another (NAT) address.



Whether this behaviour can be safely changed by using "ip route add 
[...] metric <LOWER>" instead of "ip route replace"?


Thank you.

--
Volodymyr Litovka
  "Vision without Execution is Hallucination." -- Thomas Edison


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev














    











					Reply via email to