[openstack-dev] [devstack][neutron] - dropping direct route to VMs (FIXED_RANGE)

Kevin Benton kevin at benton.pub
Tue Nov 15 23:04:43 UTC 2016


Hi all,


Right now, we do something in devstack that does not reflect how
deployments are normally done. We setup a route on the parent host to the
private tenant network that routes through the tenant's router[1]. This
behavior originates from a very long time ago[2] and I'm not sure if it
even works correctly right now (because the tenant router has port address
translation enabled).

I would like to stop this behavior in devstack for a couple of reasons:

1. If this works, it works by accident. Neutron doesn't have any guarantees
of behavior when you are pointing routes to a private network via a router
that has SNAT enabled.
2. This method of accessing the VMs is not how access is gained to VMs in
normal deployments. If you want a VM to be reachable, either attach to the
same network with a port, setup a provider network, or assign the VM a
floating IP.


I would like to drop the installation of this route, but I'd like to hear
if there is anyone relying on this behavior. Reply to this email or comment
on the patch.[3]


1.
https://github.com/openstack-dev/devstack/blob/29d13df1a284f8f1a5973ccc826a475156820d23/lib/neutron_plugins/services/l3#L378
2. https://review.openstack.org/#/c/13693/
3. https://review.openstack.org/397987
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161115/293c6444/attachment.html>


More information about the OpenStack-dev mailing list