Hi all, Right now, we do something in devstack that does not reflect how deployments are normally done. We setup a route on the parent host to the private tenant network that routes through the tenant's router[1]. This behavior originates from a very long time ago[2] and I'm not sure if it even works correctly right now (because the tenant router has port address translation enabled). I would like to stop this behavior in devstack for a couple of reasons: 1. If this works, it works by accident. Neutron doesn't have any guarantees of behavior when you are pointing routes to a private network via a router that has SNAT enabled. 2. This method of accessing the VMs is not how access is gained to VMs in normal deployments. If you want a VM to be reachable, either attach to the same network with a port, setup a provider network, or assign the VM a floating IP. I would like to drop the installation of this route, but I'd like to hear if there is anyone relying on this behavior. Reply to this email or comment on the patch.[3] 1. https://github.com/openstack-dev/devstack/blob/29d13df1a284f8f1a5973ccc826a475156820d23/lib/neutron_plugins/services/l3#L378 2. https://review.openstack.org/#/c/13693/ 3. https://review.openstack.org/397987 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20161115/293c6444/attachment.html>