[neutron] [kolla] Static routes added to subnets after upgrading from Queens to Train

Brian Haley haleyb.dev at gmail.com
Fri Apr 1 16:30:31 UTC 2022


Hi Albert,

Thanks for the command line, it helped me track down the code in neutron 
that changed, and it was really the --network-segment arg that is 
triggering this along with --gateway (and I haven't defined any segments 
so don't see it in my setup).

Anyways, there are a few changes that added the update of host routes in 
the segment plugin code to support routed networks better. Looking at 
https://bugs.launchpad.net/neutron/+bug/1766380 shows them all, but 
https://review.opendev.org/c/openstack/neutron/+/570405/ and 
https://review.opendev.org/c/openstack/neutron/+/573897 where the two 
main ones.

It doesn't look like there's a way to disable it, but I cc'd Harald to 
get his thoughts on it.

My only follow-on question would be are these host routes causing an 
issue or just something that was noticed in your upgrade?

Thanks,

-Brian


On 3/31/22 16:06, Albert Braden wrote:
> Here's what I get when I create a 4th subnet:
> 
> $ openstack network segment create --physical-network physnet_bo-az3 
> --network-type vlan --segment 1115 --network trust trust-az4
> +------------------+--------------------------------------+
> | Field | Value |
> +------------------+--------------------------------------+
> | description | |
> | id | 92355e6d-3406-4b29-a956-1b05c4c9a33e |
> | name | private-provider-trust-az4 |
> | network_id | ac30a487-bccc-c3de-93eb-c422ad9f3ce5 |
> | network_type | vlan |
> | physical_network | physnet_bo-az3 |
> | segmentation_id | 1115 |
> +------------------+--------------------------------------+
> 
> $ openstack subnet create --no-dhcp --network private-provider-trust 
> --network-segment private-provider-trust-az4 --ip-version 4 
> --allocation-pool start=10.52.172.14,end=10.52.172.235 --subnet-range 
> 10.52.172.0/22 --dns-nameserver 10.10.10.10 --gateway 10.52.172.1 
> private-provider-trust-az4-subnet
> +----------------------+------------------------------------------------------+
> | Field | Value |
> +----------------------+------------------------------------------------------+
> | allocation_pools | 10.52.172.10-10.52.172.245 |
> | cidr | 10.52.172.0/22 |
> | created_at | 2022-03-31T19:26:48Z |
> | description | |
> | dns_nameservers | 10.10.10.10 |
> | dns_publish_fixed_ip | None |
> | enable_dhcp | False |
> | gateway_ip | 10.52.172.1 |
> | host_routes | destination='10.52.160.0/22', gateway='10.52.172.1' |
> | | destination='10.52.164.0/22', gateway='10.52.172.1' |
> | | destination='10.52.168.0/22', gateway='10.52.172.1' |
> | id | 04a15cdd-d22b-4e58-8bbd-8b956d8c10ba |
> | ip_version | 4 |
> | ipv6_address_mode | None |
> | ipv6_ra_mode | None |
> | name | private-provider-trust-az4-subnet |
> | network_id | ac30a487-bccc-4ac5-93eb-c422ad9f3ce5 |
> | prefix_length | None |
> | project_id | 561e8d2236634ece81ffa22203e80dc7 |
> | revision_number | 0 |
> | segment_id | 92355e6d-a5de-4b29-a956-1b05c4c9a33e |
> | service_types | |
> | subnetpool_id | None |
> | tags | |
> | updated_at | 2022-03-31T19:26:48Z |
> +----------------------+------------------------------------------------------+
> 
> If I create the 4th subnet without specifying a gateway, then the routes 
> are not created. It looks like this may be what changed from Queens to 
> Train:
> 
> $ openstack subnet create --no-dhcp --network private-provider-trust 
> --network-segment private-provider-trust-az4 --ip-version 4 
> --allocation-pool start=10.52.172.10,end=10.52.172.245 --subnet-range 
> 10.52.172.0/22 --dns-nameserver 10.10.10.10 
> private-provider-trust-az4-subnet
> +----------------------+--------------------------------------+
> | Field | Value |
> +----------------------+--------------------------------------+
> | allocation_pools | 10.52.172.10-10.52.172.245 |
> | cidr | 10.52.172.0/22 |
> | created_at | 2022-03-31T20:00:44Z |
> | description | |
> | dns_nameservers | 10.10.10.10 |
> | dns_publish_fixed_ip | None |
> | enable_dhcp | False |
> | gateway_ip | 10.52.172.1 |
> | host_routes | |
> | id | 11757c89-2057-4c7c-9730-9b7d976e361e |
> | ip_version | 4 |
> | ipv6_address_mode | None |
> | ipv6_ra_mode | None |
> | name | private-provider-trust-az4-subnet |
> | network_id | ac30a487-bccc-4ac5-93eb-c422ad9f3ce5 |
> | prefix_length | None |
> | project_id | 561e8d2236634ece81ffa22203e80dc7 |
> | revision_number | 0 |
> | segment_id | 92355e6d-a5de-4b29-a956-1b05c4c9a33e |
> | service_types | |
> | subnetpool_id | None |
> | tags | |
> | updated_at | 2022-03-31T20:00:44Z |
> +----------------------+--------------------------------------+
> On Wednesday, March 30, 2022, 09:01:23 PM EDT, Brian Haley 
> <haleyb.dev at gmail.com> wrote:
> 
> 
> Hi,
> 
> On 3/30/22 15:27, Albert Braden wrote:
>  > The command that we use to create subnets looks like this:
>  >
>  > openstack subnet create --no-dhcp --network trust --network-segment
>  > trust-az1-seg --ip-version 4 --allocation-pool
>  > start=10.52.160.14,end=10.52.160.235 --subnet-range 10.52.160.0/24
>  > --dns-nameserver 10.10.10.10 --gateway 10.52.160.1 trust-az1
> 
> Since you're not specifying --host-route there should be none, can you
> paste the created object returned from this call since for me
> host_routes is blank (see below).
> 
>  > My co-workers tell me that we also specified "--gateway" when we created
>  > our Queens subnets, but this did not cause static routes to be created.
>  > Did the handling of "--gateway" change from Queens to Train?
> 
> I don't believe so, and --gateway will default to the first IP in the
> subnet if not given so isn't required.
> 
> -Brian
> 
> 
> $ openstack subnet create --subnet-pool
> f5e3f133-a932-4adc-9592-0b525aec278f --network private private-subnet-2
> +----------------------+---------------------------+
> | Field                | Value                    |
> +----------------------+---------------------------+
> | allocation_pools    | 10.0.0.66-10.0.0.126      |
> | cidr                | 10.0.0.64/26              |
> | created_at          | 2022-03-30T17:38:40Z      |
> | description          |                          |
> | dns_nameservers      |                          |
> | dns_publish_fixed_ip | None                      |
> | enable_dhcp          | True                      |
> | gateway_ip          | 10.0.0.65                |
> | host_routes          |                          |
> | id                  | ce09a038-b918-4208-9a3d-c8c259ae7433 |
> | ip_version          | 4                        |
> | ipv6_address_mode    | None                      |
> | ipv6_ra_mode        | None                      |
> | name                | private-subnet-2          |
> | network_id          | baf6c62d-4cec-464e-a768-253074df8879 |
> | project_id          | 657e6d647c0446438c1f06da70d79bed |
> | revision_number      | 0                        |
>          | segment_id          | None                      |
> 
> | service_types        |                          |
> | subnetpool_id        | f5e3f133-a932-4adc-9592-0b525aec278f |
> | tags                |                          |
> | updated_at          | 2022-03-30T17:38:40Z      |
> 
> +----------------------+---------------------------+
> 
>  > On Wednesday, March 30, 2022, 01:45:52 PM EDT, Brian Haley
>  > <haleyb.dev at gmail.com <mailto:haleyb.dev at gmail.com>> wrote:
>  >
>  >
>  > Hi Albert,
>  >
>  > On 3/29/22 17:04, Albert Braden wrote:
>  >  > After upgrading our kolla-ansible clusters from Queens to Train, we
>  > are seeing static routes when we create subnets. We didn’t see this in
>  > Queens. For example, in our de6 region we have a network called “trust”
>  > with 3 subnets:
>  >  >
>  >  > Subnet                CIDR                                  Gateway
>  >  > trust-az1:            10.52.160.0/22  10.52.160.1
>  >  > trust-az2:            10.52.164.0/22  10.52.164.1
>  >  > trust-az3:            10.52.168.0/22  10.52.168.1
>  >  >
>  >  > Each of these subnets has 2 entries under “host_routes:” that point
>  > to the other two subnets. For example, subnet trust-az1 has these two
>  > routes:
>  >  >
>  >  > host_routes          | destination='10.52.164.0/22',
>  > gateway='10.52.160.1' |
>  >  > |                      | destination='10.52.168.0/22',
>  > gateway='10.52.160.1' |
>  >  >
>  >  > How can we prevent these host routes from being created in Train? Do
>  > we need to change something in our config?
>  >
>  >
>  >  From the neutron side of things, host_routes of a subnet is not
>  > automatically calculated and filled-in, they have to be manually added.
>  > So perhaps this is something kolla is doing? At least on my Yoga setup
>  > it is completely blank using 'openstack subnet create ...' even with
>  > multiple subnets on a network.
>  >
>  > How exactly are the subnets getting created?
>  >
>  > -Brian
>  >
> 



More information about the openstack-discuss mailing list