[openstack-dev] [neutron] Add static routes on neutron router to devices in the external network

Kevin Benton blak111 at gmail.com
Thu Jul 24 21:28:21 UTC 2014


I think external gateway routes are accepted now.
The code just checks against the CIDRs of all ports belonging to the
router. [1]


1.
https://github.com/openstack/neutron/blob/a2fff6ee728db57f0e862548aac9296899ef0fc7/neutron/db/extraroute_db.py#L106


On Wed, Jul 23, 2014 at 8:12 PM, Carl Baldwin <carl at ecbaldwin.net> wrote:

> I wondered the same as Kevin.  Could you confirm that the vpn gateway is
> directly connected to the external subnet or not?  The diagram isn't quite
> clear
>
> Assuming it is directly connected then it is probable that routes through
> the external gateway are not considered, hence the error you received.  It
> seems reasonable to me to consider a proposal that would allow this.  It
> should be an admin only capability by default since it would be over the
> external (shared) network and not a tenant network.  This seems like a new
> feature rather than a bug to me.
>
> As an alternative, could you try configuring your router with the static
> route so that it would send an icmp redirect to the neutron router?
>
> Carl
> On Jul 22, 2014 11:23 AM, "Kevin Benton" <blak111 at gmail.com> wrote:
>
>> The issue (if I understand your diagram correctly) is that the VPN GW
>> address is on the other side of your home router from the neutron router.
>> The nexthop address has to be an address on one of the subnets directly
>> attached to the router. In this topology, the static route should be on
>> your home router.
>>
>> --
>> Kevin Benton
>>
>>
>> On Tue, Jul 22, 2014 at 6:55 AM, Ricardo Carrillo Cruz <
>> ricardo.carrillo.cruz at gmail.com> wrote:
>>
>>> Hello guys
>>>
>>> I have the following network setup at home:
>>>
>>> [openstack instances] -> [neutron router] -> [  [home router] [vpn gw]
>>> ]
>>>  TENANT NETWORK                                  EXTERNAL NETWORK
>>>
>>> I need my instances to connect to machines that are connected thru the
>>> vpn gw server.
>>> By default, all traffic that comes from openstack instances go thru the
>>> neutron router, and then hop onto the home router.
>>>
>>> I've seen there's an extra routes extension for neutron routers that
>>> would allow me to do that, but apparently I can't add extra routes to
>>> destinations in the external network, only subnets known by neutron.
>>> This can be seen from the neutron CLI command:
>>>
>>> <snip>
>>> neutron router-update <router name> --routes type=dict list=true
>>> destination=<network connected by VPN in CIDR>,nexthop=<vpn gw IP>
>>> Invalid format for routes: [{u'nexthop': u'<vpn gw IP>', u'destination':
>>> u'<network connected by VPN in CIDR>'}], the nexthop is not connected with
>>> router
>>> </snip>
>>>
>>> Is this use case not being possible to do at all?
>>>
>>> P.S.
>>> I found Heat BP
>>> https://blueprints.launchpad.net/heat/+spec/router-properties-object
>>> that in the description reads this can be done on Neutron, but can't figure
>>> out how.
>>>
>>> Regards
>>>
>>> _______________________________________________
>>> OpenStack-dev mailing list
>>> OpenStack-dev at lists.openstack.org
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>>
>>>
>>
>>
>> --
>> Kevin Benton
>>
>> _______________________________________________
>> OpenStack-dev mailing list
>> OpenStack-dev at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>>
>>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>


-- 
Kevin Benton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20140724/159221d6/attachment-0001.html>


More information about the OpenStack-dev mailing list