Open Stack

Rahul Sharma <rahulsharmaait at gmail.com> wrote:

> Hi All,
>
> I am trying to fix a network-issue in our environment and would like to  
> know some suggestions on how I can achieve it. Here is the issue:-
>
> I have two subnets(10.10.10.0/25 and 10.10.10.128/26) with separate  
> gateways for each subnet and I expose the whole to end users as public  
> network. Diagram1 attached lists the configuration done on horizon.
>
> The setup works fine for some users but it starts failing for the others.  
> The issue occurs when the router connecting to the public network gets  
> gateway in one subnet and the floating-ip gets allocated from the second  
> subnet. Looking at the routes configured within the router, it seems that  
> the router is unable to route the packets to the correct gateway. Its  
> sending packets to a wrong gateway which will drop packets as they don't  
> belong to the right subnet.
>
> # ip netns exec qrouter-8790f703-85ed-44e4-7a96-251b26572457 ip r
> default via 10.10.10.1 dev qg-ee39897d-d3 <------ default Gateway
> 10.10.10.0/25 dev qg-ee39897d-d3  proto kernel  scope link  src  
> 10.10.10.115 <--- Gateway for Router
> 10.10.10.128/26 dev qg-ee39897d-d3  scope link
> 192.168.10.0/24 dev qr-0c9694f8-9d  proto kernel  scope link  src  
> 192.168.10.1
>
> However, one of the floating-ip allocated in 10.10.10.168 which lies in  
> other subnet. This router will send packets from 10.10.10.128/26subnet to  
> 10.10.10.1 and they will get dropped.
>
> # ip netns exec qrouter-8790f703-85ed-44e4-7a96-251b26572457 ip addr
> <stripped version>
> 165: qg-7523dad9-a7: mtu 1500 qdisc noqueue state UNKNOWN
>     link/ether fa:16:3e:a3:8a:61 brd ff:ff:ff:ff:ff:ff
>     inet 10.10.10.115/25 brd 10.10.10.127 scope global qg-ee39897d-d3 <--- Gateway for router
>        valid_lft forever preferred_lft forever
>     inet 10.10.10.72/32 brd 10.10.10.72 scope global qg-ee39897d-d3  <--- floating ip in subnet1 (no issues)
>        valid_lft forever preferred_lft forever
>     inet 10.10.10.168/32 brd 10.10.10.168 scope global qg-ee39897d-d3 <--- floating ip in subnet2 (issues)
>        valid_lft forever preferred_lft forever
>
> I went through one comment against a bug:  
> https://bugs.launchpad.net/neutron/+bug/1312467/comments/12
>
> This is something on the same lines. Is there any solution other than  
> deleting the public network and exposing it as two separate public  
> networks because I don't have access to the physical routers/switches and  
> cannot merge the two subnets into one. Any pointers would be really  
> helpful.

[Also commented on the bug.]

I believe the setup with two independent gateways on the same NIC is not  
supported by L3 agent, though from API perspective everything should be  
available already.

I suggest you report the use case as a new RFE.

Ihar