Open Stack

Hi all,

During the implementation of:
https://blueprints.launchpad.net/neutron/+spec/floating-ip-extra-route

Which suggest allowing assignment of floating IP to internal address
not directly connected to the router, if there is a route configured on
the router to the internal address.

In: https://review.openstack.org/55987

There seem to be 2 possible approaches for finding an appropriate
router for a floating IP assignment, while considering extra routes:

1. Use the first router that has a route matching the internal address
which is the target of the floating IP.

2. Use the first router that has a matching route, _and_ verify that
there exists a path of connected devices to the network object to
which the internal address belongs.

The first approach solves the simple case of a gateway on a compute
hosts that protects an internal network (which is the motivation for
this enhancement).

However, if the same (or overlapping) addresses are assigned to
different internal networks, there is a risk that the first approach
might find the wrong router.

Still, the second approach might force many DB lookups to trace the path from
the router to the internal network. This overhead might not be
desirable if the use case does not (at least, initially) appear in the
real world.

Patch set 6 presents the first, lightweight approach, and Patch set 5
presents the second, more accurate approach.

I would appreciate the opportunity to get more points of view on this subject.

Thanks,

-Ofer