<div>Here is the output, with few details.</div><div><br></div><div># quantum router-show router_vlan1501</div><div>+-----------------------+--------------------------------------+</div><div>| Field | Value |</div>
<div>+-----------------------+--------------------------------------+</div><div>| admin_state_up | True |</div><div>| external_gateway_info | |</div>
<div>| id | 3c7383c7-7759-4db6-ba5b-19e754280cb8 |</div><div>| name | router_vlan1501 |</div><div>| status | ACTIVE |</div>
<div>| tenant_id | 7246a7e9d61f42b8a644bc1551a2a396 |</div><div>+-----------------------+--------------------------------------+</div><div><br></div><div># quantum net-show vlan1501</div><div>+---------------------------+--------------------------------------+</div>
<div>| Field | Value |</div><div>+---------------------------+--------------------------------------+</div><div>| admin_state_up | True |</div>
<div>| id | c2161824-a439-40e5-8809-5599f80df2fe |</div><div>| name | vlan1501 |</div><div>| provider:network_type | vlan |</div>
<div>| provider:physical_network | default |</div><div>| provider:segmentation_id | 1501 |</div><div>| router:external | False |</div>
<div>| shared | False |</div><div>| status | ACTIVE |</div><div>| subnets | af6eac1e-dfec-49a0-bfc2-3fbf9a7063b3 |</div>
<div>| tenant_id | 7246a7e9d61f42b8a644bc1551a2a396 |</div><div>+---------------------------+--------------------------------------+</div><div><br></div><div># quantum router-gateway-set 3c7383c7-7759-4db6-ba5b-19e754280cb8 c2161824-a439-40e5-8809-5599f80df2fe</div>
<div>Bad router request: Network c2161824-a439-40e5-8809-5599f80df2fe is not a valid external network</div><div><br></div><div>I assume this happens because 'router:external' if False, when switching it to True the above command succeeds. But then if I want to switch back later (with no ports attached, no routers, even no subnets), I get this:</div>
<div><br></div><div>quantum net-update vlan1501 --router:external False</div><div>External network e011d68b-6abd-43a4-b6c3-9dbadf5344ee cannot be updated to be made non-external, since it has existing gateway ports</div>
<div>
<br></div><div>Anyway, I have set 'router:external' to True for 'vlan1501' network, set the gateway for my newly created quantum router(router_vlan1501) with 'router-gateway-set' as a result quantum have created router ns with single interface from my configured provider network 'vlan1501' with default gateway set to the one of the 'vlan1501' nets attached subnet. </div>
<div><br></div><div>But now if I boot the VM with '--nic=<vlan1501_id>' option, I get VM with default gateway set to networks('vlan1501') gateway(not the freshly created router gateway, am I missing something in configs?), which is the same as the created routers gateway. Another thing if I switch to newly created 'router_vlan1501' namespace I can't actually ping the external gateway, that is there as a default gw for the 'vlan1501' net.</div>
<div><br></div><div>So my thinking is I need to change the default gw in VM to the virtual router? </div><br><div class="gmail_quote">On Mon, Oct 8, 2012 at 9:32 PM, Dan Wendlandt <span dir="ltr"><<a href="mailto:dan@nicira.com" target="_blank">dan@nicira.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On Mon, Oct 8, 2012 at 12:27 PM, Jānis Ģeņģeris<br>
<<a href="mailto:janis.gengeris@gmail.com">janis.gengeris@gmail.com</a>> wrote:<br>
> On Mon, Oct 8, 2012 at 6:24 PM, Dan Wendlandt <<a href="mailto:dan@nicira.com">dan@nicira.com</a>> wrote:<br>
>><br>
>> On Mon, Oct 8, 2012 at 7:52 AM, Jānis Ģeņģeris <<a href="mailto:janis.gengeris@gmail.com">janis.gengeris@gmail.com</a>><br>
>> wrote:<br>
>> > Hello,<br>
>> ><br>
>> > When using provider networks in Quantum, where should the metadata<br>
>> > service<br>
>> > rule mapping (e.g. <a href="http://169.254.169.254:80" target="_blank">169.254.169.254:80</a> -> metadata_server:metadata_port)<br>
>> > must<br>
>> > be set?<br>
>> ><br>
>> > For example, for floating IPs l3-agent handles this, but for provider<br>
>> > networks router is not used. I tried to set custom iptables rule for<br>
>> > this,<br>
>> > but have a hard time understanding where to set it, as there is<br>
>> > openvswitch<br>
>> > and namespaces.<br>
>> ><br>
>> > I'm using provider network configuration with VLANs.<br>
>><br>
>> You actually could use the Quantum L3 router as your gateway even if<br>
>> VMs are on a provider network, but I suspect your question is actually<br>
>> more along the lines of: if I want my gateway to be a physical router<br>
>> not managed by Quantum, how do I does the DNAT rule for metadata get<br>
>> applied? In this case, you need to apply the DNAT rule manually to<br>
>> the physical router, which I believe is the same as if you were using<br>
>> flat networking with Nova with a physical router.<br>
><br>
> Adding the rule in physical router is not a good idea, because then the<br>
> configuration of the OpenStack crosses the actual software/server border<br>
> into network equipment, than can add to complexity later.<br>
<br>
</div></div>Yes, its hard to have it both ways... if you want everything done<br>
automatically via software, I'd suggest using the quantum router as<br>
the gateway, not an external physical router.<br>
<div class="im"><br>
><br>
> I tried to add provider network to quantum router, and the quantum CLI was<br>
> rejecting it.<br>
> AFAIK router-interface-add is for internal networks, and router-gateway-set<br>
> is also failing.<br>
<br>
</div>Can you post what you've run and what the resulting error was? In<br>
terms of the L3 API, quantum shouldn't care whether a network is<br>
provider or not for router-interface-add. Perhaps this is a<br>
permissions issue?<br>
<span class="HOEnZb"><font color="#888888"><br>
Dan<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
><br>
> Which CLI command to use for adding provider network to existing quantum<br>
> router?<br>
>><br>
>><br>
>><br>
>><br>
>> There may also be a more complex solution achievable via quantum in<br>
>> which the provider creates a quantum router with an interface on the<br>
>> provider network, VMs are each given a host route to route traffic<br>
>> destined for <a href="http://169.254.169.254/32" target="_blank">169.254.169.254/32</a> to this quantum router IP, rather than<br>
>> the physical default gateway, and this quantum router performs the<br>
>> DNAT. However, its probably much easier to just apply this rule to<br>
>> your physical router.<br>
><br>
> No, this is no good.<br>
>><br>
>><br>
>> Dan<br>
>><br>
>><br>
>> ><br>
>> > Regards,<br>
>> > --janis<br>
>> ><br>
>> > _______________________________________________<br>
>> > Mailing list: <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
>> > Post to : <a href="mailto:openstack@lists.launchpad.net">openstack@lists.launchpad.net</a><br>
>> > Unsubscribe : <a href="https://launchpad.net/~openstack" target="_blank">https://launchpad.net/~openstack</a><br>
>> > More help : <a href="https://help.launchpad.net/ListHelp" target="_blank">https://help.launchpad.net/ListHelp</a><br>
>> ><br>
>><br>
>><br>
>><br>
>> --<br>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
>> Dan Wendlandt<br>
>> Nicira, Inc: <a href="http://www.nicira.com" target="_blank">www.nicira.com</a><br>
>> twitter: danwendlandt<br>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
><br>
><br>
> Regards,<br>
> --janis<br>
<br>
<br>
<br>
--<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
Dan Wendlandt<br>
Nicira, Inc: <a href="http://www.nicira.com" target="_blank">www.nicira.com</a><br>
twitter: danwendlandt<br>
~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>--janis<br>