[openstack-dev] [neutron] force_gateway_on_subnet, please don't deprecate

Miguel Ángel Ajo majopela at redhat.com
Wed Dec 3 10:49:37 UTC 2014


I will spend some time on it during tonight/weekend to make sure
it’s removed and that we have reference implementation working at once.

I propose following the bug fix way, as it’s a tiny change.

https://bugs.launchpad.net/neutron/+bug/1398768

@amuller, I’m not sure I understand why does it need to be covered in the dhcp-agent side. Pushing extra routes to guest-vms?, I think we don’t cover the case of instances connected to an external network where we provide dhcp, but we may do that if we are or if we start covering that case anytime.


Miguel Ángel Ajo


On Tuesday, 2 de December de 2014 at 15:48, Ihar Hrachyshka wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>  
> On 01/12/14 21:19, Kyle Mestery wrote:
> > On Mon, Dec 1, 2014 at 6:12 AM, Assaf Muller <amuller at redhat.com (mailto:amuller at redhat.com)>
> > wrote:
> > >  
> > >  
> > > ----- Original Message -----
> > > >  
> > > > My proposal here, is, _let’s not deprecate this setting_, as
> > > > it’s a valid use case of a gateway configuration, and let’s
> > > > provide it on the reference implementation.
> > > >  
> > >  
> > >  
> > > I agree. As long as the reference implementation works with the
> > > setting off there's no need to deprecate it. I still think the
> > > default should be set to True though.
> > >  
> > > Keep in mind that the DHCP agent will need changes as well.
> > ++ to both suggestions Assaf. Thanks for bringing this up Miguel!
> >  
>  
>  
> Miguel, how about sending a patch that removes deprecation warning
> from the help text then?
>  
> >  
> > Kyle
> >  
> > > >  
> > > > TL;DR
> > > >  
> > > > I’ve been looking at this yesterday, during a test deployment  
> > > > on a site where they provide external connectivity with the  
> > > > gateway outside subnet.
> > > >  
> > > > And I needed to switch it of, to actually be able to have any
> > > > external connectivity.
> > > >  
> > > > https://github.com/openstack/neutron/blob/master/etc/neutron.conf#L121
> This is handled by providing an on-link route to the gateway first,
> > > > and then adding the default gateway.
> > > >  
> > > > It looks to me very interesting (not only because it’s the only
> > > > way to work on that specific site [2][3][4]), because you can
> > > > dynamically wire RIPE blocks to your server, without needing to
> > > > use an specific IP for external routing or broadcast purposes,
> > > > and instead use the full block in openstack.
> > > >  
> > > >  
> > > > I have a tiny patch to support this on the neutron l3-agent [1]
> > > > I yet need to add the logic to check “gateway outside subnet”,
> > > > then add the “onlink” route.
> > > >  
> > > >  
> > > > [1]
> > > >  
> > > > diff --git a/neutron/agent/linux/interface.py  
> > > > b/neutron/agent/linux/interface.py index 538527b..5a9f186
> > > > 100644 --- a/neutron/agent/linux/interface.py +++
> > > > b/neutron/agent/linux/interface.py @@ -116,15 +116,16 @@ class
> > > > LinuxInterfaceDriver(object): namespace=namespace, ip=ip_cidr)
> > > >  
> > > > - if gateway: - device.route.add_gateway(gateway) -  
> > > > new_onlink_routes = set(s['cidr'] for s in extra_subnets) + if
> > > > gateway: + new_onlink_routes.update([gateway])  
> > > > existing_onlink_routes =
> > > > set(device.route.list_onlink_routes()) for route in
> > > > new_onlink_routes - existing_onlink_routes:  
> > > > device.route.add_onlink_route(route) for route in
> > > > existing_onlink_routes - new_onlink_routes:  
> > > > device.route.delete_onlink_route(route) + if gateway: +
> > > > device.route.add_gateway(gateway)
> > > >  
> > > > def delete_conntrack_state(self, root_helper, namespace, ip):  
> > > > """Delete conntrack state associated with an IP address.
> > > >  
> > > > [2] http://www.soyoustart.com/ [3] http://www.ovh.co.uk/ [4]
> > > > http://www.kimsufi.com/
> > > >  
> > > >  
> > > > Miguel Ángel Ajo
> > > >  
> > > >  
> > > >  
> > > >  
> > > > _______________________________________________ OpenStack-dev
> > > > mailing list OpenStack-dev at lists.openstack.org (mailto:OpenStack-dev at lists.openstack.org)  
> > > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> > > >  
> > >  
> > >  
> > >  
> _______________________________________________
> > > OpenStack-dev mailing list OpenStack-dev at lists.openstack.org (mailto:OpenStack-dev at lists.openstack.org)  
> > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> > >  
> >  
> >  
> > _______________________________________________ OpenStack-dev
> > mailing list OpenStack-dev at lists.openstack.org (mailto:OpenStack-dev at lists.openstack.org)  
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
> >  
>  
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
>  
> iQEcBAEBCgAGBQJUfdEsAAoJEC5aWaUY1u57a4QIANjx/wOJJKlHJ1kiE5DQ80La
> WP5DYwWj64MA+pDXPoE18+JZEV+7igHD7zeKb8pua4Ql+X/EDbLG5GK1ry4EV5RC
> uKnO2tht/bLfrniirqoOcL5TqybW86ZP4TLtTzV1PdAQBNGoOaRU8pox5oAkZOmm
> FrFVtBqoMtUAM9X8P7OHjkkvMLfoBinhWjlnyYWrzl6ZJtTCCipWJrVesHoWAL+F
> DcWotMsSMkkCAolnDE1AST4Z6pRvj7Y4lhQyZGaOtDGkYoMPBb7PTaGIltzX3ijB
> ZzDwz39o+kU9pY0/7Web6tFCEw+zFFr01rVBcQXDi5cJ2wRW7uT0J/9Aw0Rrn1M=
> =coN8
> -----END PGP SIGNATURE-----
>  
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org (mailto:OpenStack-dev at lists.openstack.org)
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>  
>  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20141203/1e112bde/attachment.html>


More information about the OpenStack-dev mailing list