Open Stack

For a certain Neutron installation I plan to have one external network 
with several subnets.  I was given a vague warning that there are problems 
with multiple subnets in an external network, but no details.  Do you know 
of any?  I have done a little testing and found no nasty surprise.

However, I find a critical lack of control.  When I create a router in 
Neutron and set it to be a gateway, I tell Neutron which external network 
the router is a gateway for.  But I need to control which external subnet 
the router attaches to.  I do this as an admin.  Is there a way to do 
this?

Let's start with a relatively easy version of the problem, which I will 
call initialization.  In this version of the problem, I am creating these 
routers as admin before there are any ordinary tenants in the system 
trying to use it in ordinary ways (e.g., allocating and releasing floating 
IP addresses), and there are no other admins doing anything interesting 
concurrently.  I can add the subnets to the external network one by one, 
and create the batch of routers that I want on that subnet before I 
proceed to the next subnet.

I could get the control I want by hacking the allocation ranges of the 
subnets, right?  That is, after I create and gateway-ize the routers I 
want for a given subnet, I can set that subnet's allocation range to be 
empty, and then proceed to the next subnet, so that the only choice that 
Neutron has is the one and only subnet with a non-empty allocation range 
at that moment.  When I am all done I can go back and restore the 
allocation ranges to what they should be.  That would be a viable 
approach, right?  Is there a better one?  It would be great if I could 
just directly indicate the desired subnet when I make a router become a 
gateway.

However, what I really want solved is a harder version of the problem --- 
which I will call update.  In this version of the problem I am not the 
sole user of the system.  While I am adding a given subnet and trying to 
attach some routers specifically to it, there are already ordinary tenants 
in the system doing ordinary things (including allocating and releasing 
floating IP addresses) involving subnets I created earlier.  I can still 
forbid interfering admins, and I know that none of the ordinary tenants 
will be using routers I create until I am ready --- those plebians can not 
attach their networks to the routers I create, I have to do it for them. 
But I can NOT close the allocation ranges of the previously created 
subnets, those need to be open so that the ordinary tenants can allocate 
and release floating IP addresses.  Is there a solution to the update 
version of my problem?

Thanks,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20141121/0a1fd1bf/attachment.html>