<div>                Thanks for your help and advice. It doesn't appear to be causing any serious problems. The customer who complained about it was worried that it could interfere with traffic routing for hosts with dual interfaces, but he worked around that by deleting the routes from route-<interface> on his VMs and that seems to have worked. For future cluster builds we will prevent the routes from being created by not specifying --gateway and letting it default to the 1st IP in the subnet.<br><br>Now that I understand what is happening, I don't think that this is necessarily a bad change; we just need to change our config to match the new code.<br>            </div>            <div class="yahoo_quoted" style="margin:10px 0px 0px 0.8ex;border-left:1px solid #ccc;padding-left:1ex;">                        <div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">                                <div>                    On Friday, April 1, 2022, 12:38:07 PM EDT, Brian Haley <haleyb.dev@gmail.com> wrote:                </div>                <div><br></div>                <div><br></div>                <div><div dir="ltr">Hi Albert,<br clear="none"><br clear="none">Thanks for the command line, it helped me track down the code in neutron <br clear="none">that changed, and it was really the --network-segment arg that is <br clear="none">triggering this along with --gateway (and I haven't defined any segments <br clear="none">so don't see it in my setup).<br clear="none"><br clear="none">Anyways, there are a few changes that added the update of host routes in <br clear="none">the segment plugin code to support routed networks better. Looking at <br clear="none"><a shape="rect" href="https://bugs.launchpad.net/neutron/+bug/1766380 " target="_blank">https://bugs.launchpad.net/neutron/+bug/1766380 </a>shows them all, but <br clear="none"><a shape="rect" href="https://review.opendev.org/c/openstack/neutron/+/570405/ " target="_blank">https://review.opendev.org/c/openstack/neutron/+/570405/ </a>and <br clear="none"><a shape="rect" href="https://review.opendev.org/c/openstack/neutron/+/573897 " target="_blank">https://review.opendev.org/c/openstack/neutron/+/573897 </a>where the two <br clear="none">main ones.<br clear="none"><br clear="none">It doesn't look like there's a way to disable it, but I cc'd Harald to <br clear="none">get his thoughts on it.<br clear="none"><br clear="none">My only follow-on question would be are these host routes causing an <br clear="none">issue or just something that was noticed in your upgrade?<br clear="none"><br clear="none">Thanks,<br clear="none"><br clear="none">-Brian<br clear="none"><br clear="none"><br clear="none">On 3/31/22 16:06, Albert Braden wrote:<br clear="none">> Here's what I get when I create a 4th subnet:<br clear="none">> <br clear="none">> $ openstack network segment create --physical-network physnet_bo-az3 <br clear="none">> --network-type vlan --segment 1115 --network trust trust-az4<br clear="none">> +------------------+--------------------------------------+<br clear="none">> | Field | Value |<br clear="none">> +------------------+--------------------------------------+<br clear="none">> | description | |<br clear="none">> | id | 92355e6d-3406-4b29-a956-1b05c4c9a33e |<br clear="none">> | name | private-provider-trust-az4 |<br clear="none">> | network_id | ac30a487-bccc-c3de-93eb-c422ad9f3ce5 |<br clear="none">> | network_type | vlan |<br clear="none">> | physical_network | physnet_bo-az3 |<br clear="none">> | segmentation_id | 1115 |<br clear="none">> +------------------+--------------------------------------+<br clear="none">> <br clear="none">> $ openstack subnet create --no-dhcp --network private-provider-trust <br clear="none">> --network-segment private-provider-trust-az4 --ip-version 4 <br clear="none">> --allocation-pool start=10.52.172.14,end=10.52.172.235 --subnet-range <br clear="none">> 10.52.172.0/22 --dns-nameserver 10.10.10.10 --gateway 10.52.172.1 <br clear="none">> private-provider-trust-az4-subnet<br clear="none">> +----------------------+------------------------------------------------------+<br clear="none">> | Field | Value |<br clear="none">> +----------------------+------------------------------------------------------+<br clear="none">> | allocation_pools | 10.52.172.10-10.52.172.245 |<br clear="none">> | cidr | 10.52.172.0/22 |<br clear="none">> | created_at | 2022-03-31T19:26:48Z |<br clear="none">> | description | |<br clear="none">> | dns_nameservers | 10.10.10.10 |<br clear="none">> | dns_publish_fixed_ip | None |<br clear="none">> | enable_dhcp | False |<br clear="none">> | gateway_ip | 10.52.172.1 |<br clear="none">> | host_routes | destination='10.52.160.0/22', gateway='10.52.172.1' |<br clear="none">> | | destination='10.52.164.0/22', gateway='10.52.172.1' |<br clear="none">> | | destination='10.52.168.0/22', gateway='10.52.172.1' |<br clear="none">> | id | 04a15cdd-d22b-4e58-8bbd-8b956d8c10ba |<br clear="none">> | ip_version | 4 |<br clear="none">> | ipv6_address_mode | None |<br clear="none">> | ipv6_ra_mode | None |<br clear="none">> | name | private-provider-trust-az4-subnet |<br clear="none">> | network_id | ac30a487-bccc-4ac5-93eb-c422ad9f3ce5 |<br clear="none">> | prefix_length | None |<br clear="none">> | project_id | 561e8d2236634ece81ffa22203e80dc7 |<br clear="none">> | revision_number | 0 |<br clear="none">> | segment_id | 92355e6d-a5de-4b29-a956-1b05c4c9a33e |<br clear="none">> | service_types | |<br clear="none">> | subnetpool_id | None |<br clear="none">> | tags | |<br clear="none">> | updated_at | 2022-03-31T19:26:48Z |<br clear="none">> +----------------------+------------------------------------------------------+<br clear="none">> <br clear="none">> If I create the 4th subnet without specifying a gateway, then the routes <br clear="none">> are not created. It looks like this may be what changed from Queens to <br clear="none">> Train:<br clear="none">> <br clear="none">> $ openstack subnet create --no-dhcp --network private-provider-trust <br clear="none">> --network-segment private-provider-trust-az4 --ip-version 4 <br clear="none">> --allocation-pool start=10.52.172.10,end=10.52.172.245 --subnet-range <br clear="none">> 10.52.172.0/22 --dns-nameserver 10.10.10.10 <br clear="none">> private-provider-trust-az4-subnet<br clear="none">> +----------------------+--------------------------------------+<br clear="none">> | Field | Value |<br clear="none">> +----------------------+--------------------------------------+<br clear="none">> | allocation_pools | 10.52.172.10-10.52.172.245 |<br clear="none">> | cidr | 10.52.172.0/22 |<br clear="none">> | created_at | 2022-03-31T20:00:44Z |<br clear="none">> | description | |<br clear="none">> | dns_nameservers | 10.10.10.10 |<br clear="none">> | dns_publish_fixed_ip | None |<br clear="none">> | enable_dhcp | False |<br clear="none">> | gateway_ip | 10.52.172.1 |<br clear="none">> | host_routes | |<br clear="none">> | id | 11757c89-2057-4c7c-9730-9b7d976e361e |<br clear="none">> | ip_version | 4 |<br clear="none">> | ipv6_address_mode | None |<br clear="none">> | ipv6_ra_mode | None |<br clear="none">> | name | private-provider-trust-az4-subnet |<br clear="none">> | network_id | ac30a487-bccc-4ac5-93eb-c422ad9f3ce5 |<br clear="none">> | prefix_length | None |<br clear="none">> | project_id | 561e8d2236634ece81ffa22203e80dc7 |<br clear="none">> | revision_number | 0 |<br clear="none">> | segment_id | 92355e6d-a5de-4b29-a956-1b05c4c9a33e |<br clear="none">> | service_types | |<br clear="none">> | subnetpool_id | None |<br clear="none">> | tags | |<br clear="none">> | updated_at | 2022-03-31T20:00:44Z |<br clear="none">> +----------------------+--------------------------------------+<br clear="none">> On Wednesday, March 30, 2022, 09:01:23 PM EDT, Brian Haley <br clear="none">> <<a shape="rect" ymailto="mailto:haleyb.dev@gmail.com" href="mailto:haleyb.dev@gmail.com">haleyb.dev@gmail.com</a>> wrote:<br clear="none">> <br clear="none">> <br clear="none">> Hi,<br clear="none">> <br clear="none">> On 3/30/22 15:27, Albert Braden wrote:<br clear="none">>  > The command that we use to create subnets looks like this:<br clear="none">>  ><br clear="none">>  > openstack subnet create --no-dhcp --network trust --network-segment<br clear="none">>  > trust-az1-seg --ip-version 4 --allocation-pool<br clear="none">>  > start=10.52.160.14,end=10.52.160.235 --subnet-range 10.52.160.0/24<br clear="none">>  > --dns-nameserver 10.10.10.10 --gateway 10.52.160.1 trust-az1<br clear="none">> <br clear="none">> Since you're not specifying --host-route there should be none, can you<br clear="none">> paste the created object returned from this call since for me<br clear="none">> host_routes is blank (see below).<br clear="none">> <br clear="none">>  > My co-workers tell me that we also specified "--gateway" when we created<br clear="none">>  > our Queens subnets, but this did not cause static routes to be created.<br clear="none">>  > Did the handling of "--gateway" change from Queens to Train?<br clear="none">> <br clear="none">> I don't believe so, and --gateway will default to the first IP in the<br clear="none">> subnet if not given so isn't required.<br clear="none">> <br clear="none">> -Brian<br clear="none">> <br clear="none">> <br clear="none">> $ openstack subnet create --subnet-pool<br clear="none">> f5e3f133-a932-4adc-9592-0b525aec278f --network private private-subnet-2<br clear="none">> +----------------------+---------------------------+<br clear="none">> | Field                | Value                    |<br clear="none">> +----------------------+---------------------------+<br clear="none">> | allocation_pools    | 10.0.0.66-10.0.0.126      |<br clear="none">> | cidr                | 10.0.0.64/26              |<br clear="none">> | created_at          | 2022-03-30T17:38:40Z      |<br clear="none">> | description          |                          |<br clear="none">> | dns_nameservers      |                          |<br clear="none">> | dns_publish_fixed_ip | None                      |<br clear="none">> | enable_dhcp          | True                      |<br clear="none">> | gateway_ip          | 10.0.0.65                |<br clear="none">> | host_routes          |                          |<br clear="none">> | id                  | ce09a038-b918-4208-9a3d-c8c259ae7433 |<br clear="none">> | ip_version          | 4                        |<br clear="none">> | ipv6_address_mode    | None                      |<br clear="none">> | ipv6_ra_mode        | None                      |<br clear="none">> | name                | private-subnet-2          |<br clear="none">> | network_id          | baf6c62d-4cec-464e-a768-253074df8879 |<br clear="none">> | project_id          | 657e6d647c0446438c1f06da70d79bed |<br clear="none">> | revision_number      | 0                        |<br clear="none">>          | segment_id          | None                      |<br clear="none">> <br clear="none">> | service_types        |                          |<br clear="none">> | subnetpool_id        | f5e3f133-a932-4adc-9592-0b525aec278f |<br clear="none">> | tags                |                          |<br clear="none">> | updated_at          | 2022-03-30T17:38:40Z      |<br clear="none">> <br clear="none">> +----------------------+---------------------------+<br clear="none">> <br clear="none">>  > On Wednesday, March 30, 2022, 01:45:52 PM EDT, Brian Haley<br clear="none">>  > <<a shape="rect" ymailto="mailto:haleyb.dev@gmail.com" href="mailto:haleyb.dev@gmail.com">haleyb.dev@gmail.com</a> <mailto:<a shape="rect" ymailto="mailto:haleyb.dev@gmail.com" href="mailto:haleyb.dev@gmail.com">haleyb.dev@gmail.com</a>>> wrote:<div class="yqt2711761832" id="yqtfd10164"><br clear="none">>  ><br clear="none">>  ><br clear="none">>  > Hi Albert,<br clear="none">>  ><br clear="none">>  > On 3/29/22 17:04, Albert Braden wrote:<br clear="none">>  >  > After upgrading our kolla-ansible clusters from Queens to Train, we<br clear="none">>  > are seeing static routes when we create subnets. We didn’t see this in<br clear="none">>  > Queens. For example, in our de6 region we have a network called “trust”<br clear="none">>  > with 3 subnets:<br clear="none">>  >  ><br clear="none">>  >  > Subnet                CIDR                                  Gateway<br clear="none">>  >  > trust-az1:            10.52.160.0/22  10.52.160.1<br clear="none">>  >  > trust-az2:            10.52.164.0/22  10.52.164.1<br clear="none">>  >  > trust-az3:            10.52.168.0/22  10.52.168.1<br clear="none">>  >  ><br clear="none">>  >  > Each of these subnets has 2 entries under “host_routes:” that point<br clear="none">>  > to the other two subnets. For example, subnet trust-az1 has these two<br clear="none">>  > routes:<br clear="none">>  >  ><br clear="none">>  >  > host_routes          | destination='10.52.164.0/22',<br clear="none">>  > gateway='10.52.160.1' |<br clear="none">>  >  > |                      | destination='10.52.168.0/22',<br clear="none">>  > gateway='10.52.160.1' |<br clear="none">>  >  ><br clear="none">>  >  > How can we prevent these host routes from being created in Train? Do<br clear="none">>  > we need to change something in our config?<br clear="none">>  ><br clear="none">>  ><br clear="none">>  >  From the neutron side of things, host_routes of a subnet is not<br clear="none">>  > automatically calculated and filled-in, they have to be manually added.<br clear="none">>  > So perhaps this is something kolla is doing? At least on my Yoga setup<br clear="none">>  > it is completely blank using 'openstack subnet create ...' even with<br clear="none">>  > multiple subnets on a network.<br clear="none">>  ><br clear="none">>  > How exactly are the subnets getting created?<br clear="none">>  ><br clear="none">>  > -Brian<br clear="none">>  ><br clear="none">> <br clear="none"><br clear="none"></div></div></div>            </div>                </div>