[Openstack-operators] [neutron] network issue with separate subnets under single public-network
Ihar Hrachyshka
ihrachys at redhat.com
Wed Mar 2 10:36:38 UTC 2016
Rahul Sharma <rahulsharmaait at gmail.com> wrote:
> Hi All,
>
> I am trying to fix a network-issue in our environment and would like to
> know some suggestions on how I can achieve it. Here is the issue:-
>
> I have two subnets(10.10.10.0/25 and 10.10.10.128/26) with separate
> gateways for each subnet and I expose the whole to end users as public
> network. Diagram1 attached lists the configuration done on horizon.
>
> The setup works fine for some users but it starts failing for the others.
> The issue occurs when the router connecting to the public network gets
> gateway in one subnet and the floating-ip gets allocated from the second
> subnet. Looking at the routes configured within the router, it seems that
> the router is unable to route the packets to the correct gateway. Its
> sending packets to a wrong gateway which will drop packets as they don't
> belong to the right subnet.
>
> # ip netns exec qrouter-8790f703-85ed-44e4-7a96-251b26572457 ip r
> default via 10.10.10.1 dev qg-ee39897d-d3 <------ default Gateway
> 10.10.10.0/25 dev qg-ee39897d-d3 proto kernel scope link src
> 10.10.10.115 <--- Gateway for Router
> 10.10.10.128/26 dev qg-ee39897d-d3 scope link
> 192.168.10.0/24 dev qr-0c9694f8-9d proto kernel scope link src
> 192.168.10.1
>
> However, one of the floating-ip allocated in 10.10.10.168 which lies in
> other subnet. This router will send packets from 10.10.10.128/26subnet to
> 10.10.10.1 and they will get dropped.
>
> # ip netns exec qrouter-8790f703-85ed-44e4-7a96-251b26572457 ip addr
> <stripped version>
> 165: qg-7523dad9-a7: mtu 1500 qdisc noqueue state UNKNOWN
> link/ether fa:16:3e:a3:8a:61 brd ff:ff:ff:ff:ff:ff
> inet 10.10.10.115/25 brd 10.10.10.127 scope global qg-ee39897d-d3 <--- Gateway for router
> valid_lft forever preferred_lft forever
> inet 10.10.10.72/32 brd 10.10.10.72 scope global qg-ee39897d-d3 <--- floating ip in subnet1 (no issues)
> valid_lft forever preferred_lft forever
> inet 10.10.10.168/32 brd 10.10.10.168 scope global qg-ee39897d-d3 <--- floating ip in subnet2 (issues)
> valid_lft forever preferred_lft forever
>
> I went through one comment against a bug:
> https://bugs.launchpad.net/neutron/+bug/1312467/comments/12
>
> This is something on the same lines. Is there any solution other than
> deleting the public network and exposing it as two separate public
> networks because I don't have access to the physical routers/switches and
> cannot merge the two subnets into one. Any pointers would be really
> helpful.
[Also commented on the bug.]
I believe the setup with two independent gateways on the same NIC is not
supported by L3 agent, though from API perspective everything should be
available already.
I suggest you report the use case as a new RFE.
Ihar
More information about the OpenStack-operators
mailing list