[openstack-dev] [Neutron] Partially Shared Networks

Rick Jones rick.jones2 at hp.com
Mon Jan 13 19:47:19 UTC 2014 

On 01/13/2014 07:32 AM, Jay Pipes wrote:
> On Mon, 2014-01-13 at 10:23 +0000, Stephen Gran wrote:
>> Hi,
>>
>> I don't think that's what's being asked for. Just that there be more
>> than the current check for '(isowner of network) or (shared)'
>>
>> If the data point could be 'enabled for network' for a given tenant,
>> that would be more flexible.
>
> Agreed, but I believe Mathieu is thinking more in terms of how such a
> check could be implemented. What makes this problematic (at least in my
> simplistic understanding of Neutron wiring) is that there is no
> guarantee that tenant A's subnet does not overlap with tenant B's
> subnet. Because Neutron allows overlapping subnets (since Neutron uses
> network namespaces for isolating traffic), code would need to be put in
> place that says, basically, "if this network is shared between tenants,
> then do not allow overlapping subnets, since a single, shared network
> namespace will be needed that routes traffic between the tenants".
>
> Or at least, that's what I *think* is part of the problem...

Are such checks actually necessary?  That is to say, unless it will 
completely fubar something internally ina database or something (versus 
just having confused routing), I would think that it would be but a 
nicety for Neutron runtime to warn the user(s) they were about to try to 
connect overlapping subnets to the same router.  Nice to report it 
perhaps as a warning, but not an absolutely required bit of 
functionality to go forward.

If Tenant A and Tenant B were separate, recently merged companies, they 
would have to work-out, in advance, issues of address overlap before 
they could join their two networks.  At one level at least, we could 
consider their trying to do the same sort of thing within the context of 
Neutron as being the same.


FWIW, here is an intra-tenant attempt to assign two overlapping subnets 
to the same router.  Of course I'm probably playing with older bits in 
this particular sandbox and they won't reflect the current top-of-trunk:

$ nova list
+--------------------------------------+------------------------+--------+------------+-------------+-------------------------------+
| ID                                   | Name                   | Status 
| Task State | Power State | Networks                      |
+--------------------------------------+------------------------+--------+------------+-------------+-------------------------------+
| d97a46ed-19eb-4a87-8536-eb9ca4ba3895 | overlap-net0000_lg0000 | ACTIVE 
| None       | Running     | overlap-net0000=192.168.123.2 |
| ad8d6c9c-9a4c-442e-aebf-fd30475b7675 | overlap-net0001_lg0000 | ACTIVE 
| None       | Running     | overlap-net0001=192.168.123.2 |
+--------------------------------------+------------------------+--------+------------+-------------+-------------------------------+
$ neutron subnet-list
+--------------------------------------+--------------------+------------------+------------------------------------------------------+
| id                                   | name               | cidr 
        | allocation_pools                                     |
+--------------------------------------+--------------------+------------------+------------------------------------------------------+
| d6015301-e5bf-4f1a-b3b3-5bde71a52496 | overlap-subnet0001 | 
192.168.123.0/24 | {"start": "192.168.123.2", "end": "192.168.123.254"} |
| faddcc32-7bb6-4cb2-862e-7738e5c54f6d | overlap-subnet0000 | 
192.168.123.0/24 | {"start": "192.168.123.2", "end": "192.168.123.254"} |
+--------------------------------------+--------------------+------------------+------------------------------------------------------+
$ neutron router-create overlap-router0001
Created a new router:
+-----------------------+--------------------------------------+
| Field                 | Value                                |
+-----------------------+--------------------------------------+
| admin_state_up        | True                                 |
| external_gateway_info |                                      |
| id                    | 88339018-d286-45ec-b2d2-ccb78ae78837 |
| name                  | overlap-router0001                   |
| status                | ACTIVE                               |
| tenant_id             | 57367642563150                       |
+-----------------------+--------------------------------------+
$ neutron router-interface-add overlap-router0001 overlap-subnet0000
Added interface b637cb32-c33a-4565-a6f3-b7ea22a02be0 to router 
overlap-router0001.
$ neutron router-interface-add overlap-router0001 overlap-subnet0001
400-{u'QuantumError': u'Bad router request: Cidr 192.168.123.0/24 of 
subnet d6015301-e5bf-4f1a-b3b3-5bde71a52496 overlaps with cidr 
192.168.123.0/24 of subnet faddcc32-7bb6-4cb2-862e-7738e5c54f6d'}

rick jones

More information about the OpenStack-dev mailing list