[Neutron] [FeatureRequest] Port AllowedIPs Subnet-Pool extension
Hey there, I'd like to propose a feature to allow subnets to be added to Neutron ports and be allocated from a subnet-pool. We would have a couple of use cases for this. Please correct me if I am wrong, but right now we do not have a method to route a subnet to a VM without adding many fixed-ips from the subnet the VM is residing in. This is highly undesirable for us as our use case would be with Kubernetes. We'd like to be able to allocate a IPv6 subnet for every Kubernetes Node, so that every pod can get a fully routed v6 address without resorting to NAT. While searching the mailing list for IPv6 in general I found another person having a similar inquiry. In his case he wanted a subnet to use for his VPN-VM. This is also something we want to address and provide to our customers at some point. This is why I would like to propose that AllowedIP subnets can be created based on subnet pools, making it possible to route them externally. This will also make it possible for something like the OVN-BGP-Agent to expose them via BGP. Does anybody have any thoughts on this? Best regards, Justin -- Justin Lamp Systems Engineer NETWAYS Managed Services GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg Tel: +49 911 92885-0 | Fax: +49 911 92885-77 CEO: Julian Hein, Bernd Erk, Sebastian Saemann | AG Nuernberg HRB25207 https://www.netways.de | justin.lamp@netways.de ** stackconf 2025 - April | Munich - https://stackconf.eu ** ** OSMC 2025 - November | Nuremberg - https://osmc.de ** ** NETWAYS Web Services - https://nws.netways.de ** ** NETWAYS Trainings - https://netways.de/trainings **
Hello Justin: I really don't understand what the proposal is. You want a VM port to have access to a subnet that doesn't belong to the port network, right? That can be done with a router. If you want to use IPv6, I would recommend you to read [1]. In any case, in order to propose a RFE you should: * First create a launchpad bug (https://bugs.launchpad.net/neutron/) with "[RFE]" prefix in the title. * Add your topic in the Neutron drivers meeting agenda ( https://meetings.opendev.org/#Neutron_drivers_Meeting). This meeting takes place on Friday at 1400UTC (tomorrow). This is where you can propose your RFE to the community. Regards. [1] https://docs.openstack.org/neutron/latest/admin/config-ipv6.html#router-supp... On Thu, Feb 6, 2025 at 9:49 AM Justin Lamp <justin.lamp@netways.de> wrote:
Hey there,
I'd like to propose a feature to allow subnets to be added to Neutron ports and be allocated from a subnet-pool. We would have a couple of use cases for this. Please correct me if I am wrong, but right now we do not have a method to route a subnet to a VM without adding many fixed-ips from the subnet the VM is residing in. This is highly undesirable for us as our use case would be with Kubernetes. We'd like to be able to allocate a IPv6 subnet for every Kubernetes Node, so that every pod can get a fully routed v6 address without resorting to NAT.
While searching the mailing list for IPv6 in general I found another person having a similar inquiry. In his case he wanted a subnet to use for his VPN-VM. This is also something we want to address and provide to our customers at some point.
This is why I would like to propose that AllowedIP subnets can be created based on subnet pools, making it possible to route them externally. This will also make it possible for something like the OVN-BGP-Agent to expose them via BGP. Does anybody have any thoughts on this?
Best regards, Justin
-- Justin Lamp Systems Engineer
NETWAYS Managed Services GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg Tel: +49 911 92885-0 | Fax: +49 911 92885-77 CEO: Julian Hein, Bernd Erk, Sebastian Saemann | AG Nuernberg HRB25207 https://www.netways.de | justin.lamp@netways.de
** stackconf 2025 - April | Munich - https://stackconf.eu ** ** OSMC 2025 - November | Nuremberg - https://osmc.de ** ** NETWAYS Web Services - https://nws.netways.de ** ** NETWAYS Trainings - https://netways.de/trainings **
Hi, There is allowed_address_pair extension to do exactly what You want https://docs.openstack.org/api-ref/network/v2/index.html#allowed-address-pai... - with this you can specify additional IP addresses (and MACs if needed) which can be used to send traffic out from the VM. Dnia czwartek, 6 lutego 2025 09:48:24 czas środkowoeuropejski standardowy Justin Lamp pisze: Hey there, I'd like to propose a feature to allow subnets to be added to Neutron ports and be allocated from a subnet-pool. We would have a couple of use cases for this. Please correct me if I am wrong, but right now we do not have a method to route a subnet to a VM without adding many fixed-ips from the subnet the VM is residing in. This is highly undesirable for us as our use case would be with Kubernetes. We'd like to be able to allocate a IPv6 subnet for every Kubernetes Node, so that every pod can get a fully routed v6 address without resorting to NAT. While searching the mailing list for IPv6 in general I found another person having a similar inquiry. In his case he wanted a subnet to use for his VPN-VM. This is also something we want to address and provide to our customers at some point. This is why I would like to propose that AllowedIP subnets can be created based on subnet pools, making it possible to route them externally. This will also make it possible for something like the OVN-BGP-Agent to expose them via BGP. Does anybody have any thoughts on this? Best regards, Justin -- Justin Lamp Systems Engineer NETWAYS Managed Services GmbH | Deutschherrnstr. 15-19 | D-90429 Nuernberg Tel: +49 911 92885-0 | Fax: +49 911 92885-77 CEO: Julian Hein, Bernd Erk, Sebastian Saemann | AG Nuernberg HRB25207 https://www.netways.de | justin.lamp@netways.de ** stackconf 2025 - April | Munich - https://stackconf.eu ** ** OSMC 2025 - November | Nuremberg - https://osmc.de ** ** NETWAYS Web Services - https://nws.netways.de ** ** NETWAYS Trainings - https://netways.de/trainings ** -- Slawek Kaplonski Principal Software Engineer Red Hat
participants (3)
-
Justin Lamp
-
Rodolfo Alonso Hernandez
-
Sławek Kapłoński